How to Use the Lacework (Cloud Security & CNAPP) MCP in VS Code Copilot

Q: Can VS Code Copilot check our active security policies using the Lacework (Cloud Security & CNAPP) MCP Server?

Yes, Copilot calls listsecuritypolicies to fetch the global cloud security rules enforced on your infrastructure. This lets you check if your local infrastructure-as-code files violate any corporate compliance policies before pushing your branch.

Q: How do we find host vulnerabilities with Lacework (Cloud Security & CNAPP) inside VS Code Copilot?

You use listhostvulnerabilities in VS Code Copilot to identify active CVEs on your cloud VMs. Copilot analyzes the returned list of running vulnerabilities to suggest immediate code or configuration updates.

Q: How do we configure this security tool for our entire engineering team in VS Code Copilot?

You create a .vscode/mcp.json file in your repository root and commit it to Git. Every developer on your team using VS Code Copilot gets automatic access to the cloud security tools without manual setup.

Share cloud security policies and container vulnerability checks across your entire development team using this MCP Server in VS Code Copilot.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect Lacework (Cloud Security & CNAPP) MCP to VS Code Copilot

Create your Vinkius account to connect Lacework (Cloud Security & CNAPP) to VS Code Copilot and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup Lacework (Cloud Security & CNAPP) with VS Code Copilot

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Block vulnerable container images in VS Code Copilot

`list_container_vulnerabilities` scans your container registries for static image vulnerabilities, letting VS Code Copilot flag team-wide deployment risks directly within your active workspace. VS Code Copilot reads these CVE details to help you patch Dockerfiles and base images before your CI/CD pipeline fails. This MCP Server integration ensures your entire engineering team uses the exact same Lacework vulnerability definitions committed to your shared repository configuration. You catch inherited filesystem CVEs early in the development lifecycle, keeping your container deployments secure.

Triage production alerts inside the chat panel

`search_alerts` retrieves recent cloud security alerts, such as Kubernetes runtime anomalies or AWS IAM brute-forcing attempts, inside VS Code Copilot. When an alert pops up, `get_alert` extracts the exact behavioral payloads and offending container image SHAs for quick analysis. Your team uses this MCP Server to write quick fixes or write custom LQL queries with `execute_query` to hunt down related threats. You handle incident response without leaving your main coding workspace.

Audit cloud resource groups and network perimeters

`search_cloud_inventory` lets VS Code Copilot query your active cloud assets, including unrestricted S3 buckets and open networking rules. The tool maps these resources against your `list_resource_groups` to identify exactly which environments are exposed. This immediate visibility allows you to modify security groups and IAM permissions directly. VS Code Copilot guides you through the remediation process using live, accurate telemetry from your cloud control plane.

Setup guide

Set up Lacework (Cloud Security & CNAPP) MCP in VS Code Copilot

Prerequisites

VS Code 1.99 or later with GitHub Copilot extension
Active Vinkius subscription with a valid endpoint token

1

Open MCP configuration

Open the Command Palette (Cmd+Shift+P / Ctrl+Shift+P) and run "MCP: Add Server". Select HTTP (Streamable) as the server type. VS Code will create .vscode/mcp.json in your workspace.
2

Add the Lacework (Cloud Security & CNAPP) MCP

Paste the JSON snippet shown on the right into your .vscode/mcp.json. Replace [YOUR_TOKEN_HERE] with your endpoint token from cloud.vinkius.com.
3

Switch to Agent mode

Open Copilot Chat (Cmd+Shift+I / Ctrl+Shift+I) and switch to Agent mode using the dropdown. MCP tools are only available in Agent mode — they do not appear in Edit or Ask modes.
4

Verify the connection

In the Copilot Chat input, type # to list available tools. You should see the Lacework (Cloud Security & CNAPP) tools listed. Try asking: "List my recent Lacework (Cloud Security & CNAPP) transactions" and Copilot will invoke them automatically.

.vscode/mcp.json

{
  "mcpServers": {
    "lacework-cloud-security-cnapp-mcp": {
      "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    }
  }
}

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Lacework. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect Lacework (Cloud Security & CNAPP) now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about Lacework (Cloud Security & CNAPP) MCP in VS Code Copilot

Your team can execute custom threat hunting queries inside VS Code Copilot by calling `execute_query`. Copilot processes the LQL structures to find anomalous login patterns or process trees, displaying the results directly in your chat panel.

Yes, Copilot calls `list_security_policies` to fetch the global cloud security rules enforced on your infrastructure. This lets you check if your local infrastructure-as-code files violate any corporate compliance policies before pushing your branch.

You use `list_host_vulnerabilities` in VS Code Copilot to identify active CVEs on your cloud VMs. Copilot analyzes the returned list of running vulnerabilities to suggest immediate code or configuration updates.

You create a `.vscode/mcp.json` file in your repository root and commit it to Git. Every developer on your team using VS Code Copilot gets automatic access to the cloud security tools without manual setup.

Vinkius processes all security policy lists and cloud inventory queries inside an isolated, zero-trust sandbox. Your credentials and telemetry data are never stored, ensuring your compliance posture remains completely private and secure.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript