How to Use the HCL AppScan MCP in Windsurf

Q: Can Windsurf handle HCL AppScan vulnerabilities automatically?

Yes, Cascade can call listissues to identify threats and then parse the data to explain the fix. It turns raw security data into actionable code changes.

Use the HCL AppScan MCP Server in Windsurf to automate vulnerability triage and trigger scans without leaving your IDE workflow.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect HCL AppScan MCP to Windsurf

Create your Vinkius account to connect HCL AppScan to Windsurf and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup HCL AppScan with Windsurf

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Automate DAST scans directly in Windsurf

Trigger a `start_dast_scan` the moment you detect a potential security regression. Cascade reads your current file context, identifies the target application, and initiates the security scan without requiring manual configuration. Once the scan begins, you can monitor progress using `get_scan` to verify completion. This keeps your security feedback loop tight and avoids context switching between your code and the security console.

Deep issue inspection for Windsurf users

Query specific vulnerabilities using `get_issue` to pull raw remediation data into your chat panel. You get the exact line of code or logic flow causing the alert, allowing you to patch findings immediately. Use `list_issues` to filter results by severity level before you start refactoring. It clears the noise so you focus only on the critical flaws that actually impact your production build.

Inventory management inside Windsurf

Query your entire application portfolio with `list_apps` to ensure every microservice is covered by your security policy. You can grab specific details for any project using `get_app` to verify scan settings. This keeps your IDE aware of your security posture across the entire stack. You’ll know exactly which services require an audit before you push your next commit.

Setup guide

Set up HCL AppScan MCP in Windsurf

Prerequisites

Windsurf IDE installed (macOS, Windows, or Linux)
Active Vinkius subscription with a valid endpoint token

1

Open MCP configuration

Click the Cascade assistant icon in the sidebar, then click the hammer icon (🔨) at the top of the panel. Select "Configure" to open ~/.codeium/windsurf/mcp_config.json.
2

Add the HCL AppScan MCP

Paste the JSON snippet shown on the right into the mcpServers object. Replace [YOUR_TOKEN_HERE] with your endpoint token from cloud.vinkius.com.
3

Refresh MCPs

Go back to the hammer icon (🔨) in Cascade and click "Refresh". Windsurf will detect the new server. No full restart is needed — the connection is hot-reloaded.
4

Verify in Cascade

Start a new Cascade conversation and ask something like "Show my HCL AppScan payment history." If connected, Cascade will call the HCL AppScan tools directly. You will see a green dot next to the server name in the MCP panel.

mcp_config.json

{
  "mcpServers": {
    "hcl-appscan-mcp": {
      "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    }
  }
}

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by HCL AppScan. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect HCL AppScan now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about HCL AppScan MCP in Windsurf

Open your MCP settings in Windsurf and add the server configuration directly. Once you save the file, Windsurf auto-discovers the tools and makes them available to Cascade.

Yes, Cascade can call `list_issues` to identify threats and then parse the data to explain the fix. It turns raw security data into actionable code changes.

No, you just set the goal and let the agent handle the tool calls. It chains `list_apps` and `start_dast_scan` to run the workflow end-to-end.

Vinkius manages the MCP server in an ephemeral sandbox. Your sensitive credentials and scan results never persist on your local machine.

It accesses your application inventory, scan status, and vulnerability reports. The server only transmits the data required to display your security findings within the IDE.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript