4,500+ servers built on MCP Fusion
Vinkius
HCL AppScan logo
Vinkius
LangChain logo

How to Use the HCL AppScan MCP in LangChain

Build security reasoning pipelines by connecting HCL AppScan directly to your LangChain agents.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

HCL AppScan MCP on Cursor AI Code Editor MCP Client HCL AppScan MCP on Claude Desktop App MCP Integration HCL AppScan MCP on OpenAI Agents SDK MCP Compatible HCL AppScan MCP on Visual Studio Code MCP Extension Client HCL AppScan MCP on GitHub Copilot AI Agent MCP Integration HCL AppScan MCP on Google Gemini AI MCP Integration HCL AppScan MCP on Lovable AI Development MCP Client HCL AppScan MCP on Mistral AI Agents MCP Compatible HCL AppScan MCP on Amazon AWS Bedrock MCP Support
MCP Servers - Free for Subscribers
LangChain

Connect HCL AppScan MCP to LangChain

Create your Vinkius account to connect HCL AppScan to LangChain and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers
Setup HCL AppScan with LangChain
ChatGPT ChatGPT Claude Claude Perplexity Perplexity

Wire Vulnerability Scans into ReAct Agents

The `start_dast_scan` tool lets your LangChain agent initiate a Dynamic Analysis scan directly from a conversation or automated trigger. You pass the target application ID, and the agent fires off the request. Instead of switching tabs to check progress, the pipeline loops the `get_scan` tool to monitor status until completion. This setup turns manual security testing into an autonomous chain. When the scan finishes, your pipeline automatically pulls the results and feeds them into the next step. Every execution gets logged in LangSmith, so you know exactly how long the scan took and which parameters the agent decided to use.

Chain Issue Triage and Remediation

You fetch raw vulnerabilities using the `list_issues` tool. Your agent pulls the latest findings for a specific application and decides which ones actually matter. If it spots a critical injection flaw, it uses `get_issue` to grab the deep technical details, including the exact payload that triggered the alert. Those details become the input for the next link in your chain. You can route the raw vulnerability data into a Jira ticket creator or a Slack notification node. The agent handles the triage logic, filtering out low-priority noise before a human ever looks at the dashboard.

Audit Application Inventory via MCP Server

Managing scope starts with the `list_apps` tool, giving your agent a complete view of your AppScan inventory. It retrieves metadata for every configured application in the account. If you run local agents, `list_presence` pulls the status of your internal scanning infrastructure. You combine these endpoints to build an autonomous inventory auditor. The agent cross-references active applications with their local presence availability. If an internal app lacks a valid scanning path, the pipeline flags the misconfiguration immediately.

Setup guide

Set up HCL AppScan MCP in LangChain

Prerequisites

  • Python 3.10+ installed
  • langchain-mcp-adapters + langgraph packages
  • Active Vinkius subscription with a valid endpoint token
  1. 1

    Install dependencies

    Run pip install langchain-mcp-adapters langgraph langchain-openai. The MCP adapters package converts MCP tools into native LangChain BaseTool objects.

  2. 2

    Connect via HTTP transport

    Use MultiServerMCPClient with "transport": "http" pointing to your Vinkius endpoint. Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com.

  3. 3

    Create a ReAct agent

    Pass the discovered tools to create_react_agent() from LangGraph. The agent automatically routes HCL AppScan tool calls through the MCP protocol.

  4. 4

    Run with any LLM

    Swap ChatOpenAI for ChatAnthropic, ChatGoogleGenerativeAI, or any LangChain-compatible model. The MCP tools work identically across all providers.

agent.py 
from langchain_mcp_adapters.client import MultiServerMCPClient
from langgraph.prebuilt import create_react_agent
from langchain_openai import ChatOpenAI

async with MultiServerMCPClient({
    "hcl-appscan-mcp": {
        "transport": "http",
        "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp",
    }
}) as client:
    tools = client.get_tools()

    agent = create_react_agent(
        ChatOpenAI(model="gpt-4o"),
        tools,
    )
    result = await agent.ainvoke({
        "messages": "List recent HCL AppScan transactions"
    })
    print(result["messages"][-1].content)
Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by HCL AppScan. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect HCL AppScan now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about HCL AppScan MCP in LangChain

Install the `langchain-mcp-adapters` package. Initialize a `MultiServerMCPClient` pointing to your Vinkius MCP endpoint, extract the tools with `client.get_tools()`, and pass them directly to your ReAct agent.
Yes. Your agent can call `start_dast_scan` as part of a scheduled pipeline. It will need the application ID, which it finds first by running `list_apps`.
It tracks everything. You will see the exact inputs sent to `get_issue` and the raw vulnerability JSON returned. This makes debugging failed scan chains trivial.
You control the exact MCP tool list. If you only want an agent to read data, just provide `list_issues` and `get_issue` while withholding the scan trigger tools.
Vinkius runs the server in an ephemeral V8 Isolate sandbox. When your agent pulls payload details via `get_issue`, the data passes through memory and is immediately destroyed after the request completes. Nothing hits a disk.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

Claude Desktop ide
Cursor ide
VS Code Copilot ide
Windsurf ide
Cline ide
Claude Code cli
OpenAI Agents SDK sdk-python
Google ADK sdk-python
Pydantic AI sdk-python
Vercel AI SDK sdk-typescript
Mastra AI sdk-typescript
Mastra AI
CrewAI framework
LangChain framework
LlamaIndex framework
LlamaIndex
AutoGen framework
AutoGen

Start using the HCL AppScan MCP today

We host it, we monitor it, we maintain it. You just paste one token.

Get started
Built & Managed by Vinkius 30s setup 10 tools

We've already built the connector for HCL AppScan. Just plug in your AI agents and start using Vinkius.

No hosting. No infrastructure. No complex setup.
All 10 tools are live and waiting. You're up and running in seconds.

Claude Claude
ChatGPT ChatGPT
Cursor Cursor
Gemini Gemini
Windsurf Windsurf
VS Code VS Code
JetBrains JetBrains
Vercel Vercel
+ other MCP clients

Vinkius gives your AI agents access to the full catalog of app connectors, all fully managed, secure, and enterprise-ready. One subscription, every tool you need.

Zero hosting required Full MCP catalog included Enterprise-grade security Auto-updated by Vinkius

Built, hosted, and secured by Vinkius. You just connect and go.