How to Use the HCL AppScan MCP in VS Code Copilot

Equip your whole team with HCL AppScan tools directly in VS Code Copilot.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect HCL AppScan MCP to VS Code Copilot

Create your Vinkius account to connect HCL AppScan to VS Code Copilot and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup HCL AppScan with VS Code Copilot

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Standardize Security Checks For Your Team

The biggest win here is consistency. You commit a `.vscode/mcp.json` file to your repository. Now, every developer on the team gets the same HCL AppScan tools in their Copilot chat, automatically. This means any developer can ask Copilot, "list the applications in AppScan" (`list_apps`) or "what scans have run this week?" (`list_scans`). It removes setup headaches and ensures everyone is working with the same ground truth from your security tooling.

Audit and Triage in Your Editor

A security alert hits your inbox. Instead of switching to a web portal, open Copilot Chat and ask, "pull the latest issues for the 'billing-service'." Copilot uses `list_issues` to get them directly from AppScan. From that list, you can go deeper. "Show me the full details for issue #1234." Copilot uses `get_issue` and presents the vulnerability report. You can then use VS Code's native features to jump right to the affected code, all in one window.

Run HCL AppScan Scans from Copilot Chat

You just finished a big refactor. Before you even commit, you can get a security check. Ask Copilot, "start a DAST scan on the 'billing-service' application." It uses this MCP Server to trigger the scan via `start_dast_scan`. This gives your developers a fast, private feedback loop. They can ask "what's the status of scan XYZ?" using `get_scan`. It pulls security testing into the inner loop of development, rather than making it just another CI gate.

Setup guide

Set up HCL AppScan MCP in VS Code Copilot

Prerequisites

VS Code 1.99 or later with GitHub Copilot extension
Active Vinkius subscription with a valid endpoint token

1

Open MCP configuration

Open the Command Palette (Cmd+Shift+P / Ctrl+Shift+P) and run "MCP: Add Server". Select HTTP (Streamable) as the server type. VS Code will create .vscode/mcp.json in your workspace.
2

Add the HCL AppScan MCP

Paste the JSON snippet shown on the right into your .vscode/mcp.json. Replace [YOUR_TOKEN_HERE] with your endpoint token from cloud.vinkius.com.
3

Switch to Agent mode

Open Copilot Chat (Cmd+Shift+I / Ctrl+Shift+I) and switch to Agent mode using the dropdown. MCP tools are only available in Agent mode — they do not appear in Edit or Ask modes.
4

Verify the connection

In the Copilot Chat input, type # to list available tools. You should see the HCL AppScan tools listed. Try asking: "List my recent HCL AppScan transactions" and Copilot will invoke them automatically.

.vscode/mcp.json

{
  "mcpServers": {
    "hcl-appscan-mcp": {
      "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    }
  }
}

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by HCL AppScan. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect HCL AppScan now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about HCL AppScan MCP in VS Code Copilot

An admin or team lead adds the MCP server configuration to a `.vscode/mcp.json` file and commits it to your Git repo. Every developer on the team automatically gets the HCL AppScan tools when they open that project in VS Code.

Yes. Open the Copilot Chat view and type a direct command like, "Start a new AppScan DAST scan for the 'web-portal' app." Copilot uses the `start_dast_scan` tool to kick it off.

After a scan is done, ask Copilot to "list all issues for the 'web-portal' app." It uses `list_issues`. To get more info on a specific finding, follow up with "get details for issue ID 789."

That's a good first step. Just ask Copilot, "check my HCL AppScan account connection." It will run the `get_account_check` tool to confirm that your credentials and the connection are solid.

The server's access is strictly limited to your HCL AppScan data: app lists, scan statuses, and vulnerability findings. It does not read your source code or other local files. Each request is stateless and the Vinkius platform runs the server in a zero-trust, ephemeral environment.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript