4,500+ servers built on MCP Fusion
Vinkius
HCL AppScan logo
Vinkius
LlamaIndex logo

How to Use the HCL AppScan MCP in LlamaIndex

Build a queryable knowledge base from your HCL AppScan vulnerability data using LlamaIndex.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

HCL AppScan MCP on Cursor AI Code Editor MCP Client HCL AppScan MCP on Claude Desktop App MCP Integration HCL AppScan MCP on OpenAI Agents SDK MCP Compatible HCL AppScan MCP on Visual Studio Code MCP Extension Client HCL AppScan MCP on GitHub Copilot AI Agent MCP Integration HCL AppScan MCP on Google Gemini AI MCP Integration HCL AppScan MCP on Lovable AI Development MCP Client HCL AppScan MCP on Mistral AI Agents MCP Compatible HCL AppScan MCP on Amazon AWS Bedrock MCP Support
MCP Servers - Free for Subscribers
LlamaIndex

Connect HCL AppScan MCP to LlamaIndex

Create your Vinkius account to connect HCL AppScan to LlamaIndex and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers
Setup HCL AppScan with LlamaIndex
ChatGPT ChatGPT Claude Claude Perplexity Perplexity

Index Raw Vulnerabilities for RAG

Pulling security findings into your vector store requires the `list_issues` tool. Your LlamaIndex pipeline fetches the recent vulnerabilities for an application and embeds them. For complex findings, the agent calls `get_issue` to grab the full remediation steps and request/response payloads. Now you can ask questions about your security posture in plain English. Instead of clicking through a dashboard, you query the index to find all cross-site scripting flaws discovered this month. The agent grounds its answers in actual AppScan data rather than guessing.

Query Scan History with this MCP Server

The `list_scans` tool feeds your index with a complete history of automated security checks. Your application retrieves execution times, statuses, and high-level metrics for every job. If a specific run failed, `get_scan` pulls the exact failure reason into the context window. This historical data lets you build RAG applications focused on security trends. You can ask why the payment gateway scan takes twice as long as it did in January. The system searches the embedded scan metadata and returns a factual summary of execution changes over time.

Map Your Application Attack Surface

Setting the context for any security query starts with `list_apps`. This MCP integration dumps your entire AppScan inventory into LlamaIndex. When users need specifics on a single target, `get_app` fetches the exact configuration and risk rating. Your knowledge base now understands the difference between your public marketing site and your internal billing API. When a user asks about critical risks, the agent automatically weighs the results based on the application's documented business impact.

Setup guide

Set up HCL AppScan MCP in LlamaIndex

Prerequisites

  • Python 3.10+ installed
  • llama-index-tools-mcp package
  • Active Vinkius subscription with a valid endpoint token
  1. 1

    Install dependencies

    Run pip install llama-index-tools-mcp llama-index-llms-openai. The MCP tools package provides BasicMCPClient and McpToolSpec.

  2. 2

    Connect with BasicMCPClient

    Point BasicMCPClient to your Vinkius endpoint URL. Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com. Supports SSE and Streamable HTTP transports.

  3. 3

    Convert to LlamaIndex tools

    Call mcp_tool_spec.to_tool_list_async() to convert all HCL AppScan MCP tools into native FunctionTool objects that any LlamaIndex agent can use.

  4. 4

    Run with any LLM

    Create a FunctionAgent with the tools and your preferred LLM. Swap OpenAI for Anthropic, Gemini, or any LlamaIndex-supported provider.

agent.py 
from llama_index.tools.mcp import BasicMCPClient, McpToolSpec
from llama_index.core.agent.workflow import FunctionAgent
from llama_index.llms.openai import OpenAI

# Connect to the MCP
mcp_client = BasicMCPClient(
    "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
)
mcp_tool_spec = McpToolSpec(client=mcp_client)

# Convert MCP tools to LlamaIndex tools
tools = await mcp_tool_spec.to_tool_list_async()

# Create and run the agent
agent = FunctionAgent(
    tools=tools,
    llm=OpenAI(model="gpt-4o"),
    system_prompt="You have access to HCL AppScan tools.",
)
response = await agent.run("List recent HCL AppScan data")
Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by HCL AppScan. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect HCL AppScan now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about HCL AppScan MCP in LlamaIndex

Install `llama-index-tools-mcp`. Set up a `BasicMCPClient` with your Vinkius URL, wrap it in an `McpToolSpec`, and convert it to an async tool list for your `FunctionAgent`.
Yes. While LlamaIndex excels at reading data, your agent can still execute `start_dast_scan` if you include it in the allowed tools list.
Use the allowed_tools filter. You can also write a custom function that calls `list_apps`, filters the list by name, and only indexes the specific IDs you care about.
Yes. The tools just fetch the raw JSON from AppScan. LlamaIndex handles chunking and embedding that data into Pinecone, Weaviate, or whatever store you already run.
The zero-trust architecture ensures strict privacy. When `get_app` pulls your application routing rules or risk scores, the Vinkius sandbox processes the token in memory and destroys the environment immediately after the handoff.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

Claude Desktop ide
Cursor ide
VS Code Copilot ide
Windsurf ide
Cline ide
Claude Code cli
OpenAI Agents SDK sdk-python
Google ADK sdk-python
Pydantic AI sdk-python
Vercel AI SDK sdk-typescript
Mastra AI sdk-typescript
Mastra AI
CrewAI framework
LangChain framework
LlamaIndex framework
LlamaIndex
AutoGen framework
AutoGen

Start using the HCL AppScan MCP today

We host it, we monitor it, we maintain it. You just paste one token.

Get started
Built & Managed by Vinkius 30s setup 10 tools

We've already built the connector for HCL AppScan. Just plug in your AI agents and start using Vinkius.

No hosting. No infrastructure. No complex setup.
All 10 tools are live and waiting. You're up and running in seconds.

Claude Claude
ChatGPT ChatGPT
Cursor Cursor
Gemini Gemini
Windsurf Windsurf
VS Code VS Code
JetBrains JetBrains
Vercel Vercel
+ other MCP clients

Vinkius gives your AI agents access to the full catalog of app connectors, all fully managed, secure, and enterprise-ready. One subscription, every tool you need.

Zero hosting required Full MCP catalog included Enterprise-grade security Auto-updated by Vinkius

Built, hosted, and secured by Vinkius. You just connect and go.