StackHawk MCP Server
Connect your AI to the StackHawk DAST platform. Run automated security scans, triage alerts seamlessly, and find vulnerabilities effortlessly.
Ask AI about this MCP Server
Vinkius supports streamable HTTP and SSE.
* Every MCP server runs on Vinkius-managed infrastructure inside AWS - a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts optimized for native MCP execution. See our infrastructure
What is the StackHawk MCP Server?
The StackHawk MCP Server gives AI agents like Claude, ChatGPT, and Cursor direct access to StackHawk via 10 tools. Connect your AI to the StackHawk DAST platform. Run automated security scans, triage alerts seamlessly, and find vulnerabilities effortlessly. Powered by the Vinkius - no API keys, no infrastructure, connect in under 2 minutes.
Built-in capabilities (10)
Tools for your AI Agents to operate StackHawk
Ask your AI agent "Log in with my API token, list my projects and environments, then show the critical vulnerabilities from the latest scan." and get the answer without opening a single dashboard. With 10 tools connected to real StackHawk data, your agents reason over live information, cross-reference it with other MCP servers, and deliver insights you would spend hours assembling manually.
Works with Claude, ChatGPT, Cursor, and any MCP-compatible client. Powered by the Vinkius - your credentials never touch the AI model, every request is auditable. Connect in under two minutes.
Why teams choose Vinkius
One subscription gives you access to thousands of MCP servers - and you can deploy your own to the Vinkius Edge. Your AI agents only access the data you authorize, with DLP that blocks sensitive information from ever reaching the model, kill switch for instant shutdown, and up to 60% token savings. Enterprise-grade infrastructure and security, zero maintenance.
Build your own MCP Server with our secure development framework →Vinkius works with every AI agent you already use
…and any MCP-compatible client
StackHawk MCP Server capabilities
10 toolsGet detailed configuration for a specific StackHawk application
Get StackHawk organization details and subscription tier
Download individual security alerts discovered by a DAST scan
Get detailed results and metadata for a specific DAST scan
Useful for auditing and hygiene. List API keys configured for a StackHawk organization
Requires a Bearer token and organization ID. List all registered DAST applications in a StackHawk organization
g., Development, Staging, Production) configured on the application. List configured scan environments for a StackHawk application
Includes scan IDs and high-level alert counts. List all DAST scan executions for a StackHawk application
This token is required for all subsequent StackHawk tool calls. Authenticate and obtain a Bearer access token from StackHawk
Valid statuses: RISK_ACCEPTED, FALSE_POSITIVE, IN_PROGRESS. Triage a DAST security alert (accept risk, false positive, etc.)
What the StackHawk MCP Server unlocks
Integrate the robust dynamic application security testing (DAST) capabilities of StackHawk directly into your conversational AI. Empower your engineering team to monitor system vulnerabilities, initiate complex scans, and orchestrate proactive security protocols without relying heavily on static dashboards. Connect securely to your workspaces, instruct your AI to assess ongoing security threats, and automatically classify alerts through a natural language interface designed to accelerate risk remediation across modern CI/CD pipelines.
What you can do
- Automated Scanning — Programmatically initiate comprehensive security evaluations across your environments utilizing
run_scan, and halt operations securely targeting specific execution UUIDs viastop_scan. - Risk Assessment — Effectively audit environments by listing operational scans with
list_scans, or retrieve deep vulnerability reports invokingget_alertstargeting specific scan iterations. - Application Management — Catalog active software deployments monitored by StackHawk utilizing
list_applications, and manage organizational parameters inspecting environments directly vialist_environments. - Triage & Operations — Authenticate securely establishing a valid operational bearer token with
login, and instruct the AI to accurately qualify, dismiss, or assign statuses prioritizing critical mitigation efforts usingtriage_alert.
How it works
1. Install the StackHawk MCP module configuring it directly with your active AI assistant.
2. Supply your proprietary StackHawk API Token to authenticate requests safely within the MCP setting.
3. Instruct the AI: "Retrieve the most critical security alerts from the last scan of our 'Production-Core' application, and triage any false positives."
Who is this for?
- DevSecOps Engineers — Streamline and enforce secure software integration effortlessly instructing the system to perform real-time verification analysis dynamically.
- Engineering Leaders — Monitor organizational compliance metrics easily interacting through language commands retrieving holistic cross-application threat landscapes.
- Backend Developers — Quickly identify security regression issues caused by newly deployed microservices parsing scans directly in the development terminal.
Frequently asked questions about the StackHawk MCP Server
Are scans executed locally or in the cloud?
Scans run on the StackHawk cloud infrastructure. The MCP integration only triggers and monitors them — no heavy processing happens in your AI context.
Why is the `login` step required?
The StackHawk API uses short-lived Bearer tokens. The login tool exchanges your API key for a session token that authenticates all subsequent requests.
Can the agent triage alerts automatically?
Yes. Use triage_alert to mark specific vulnerabilities as false positives, accepted risks, or confirmed issues. Each triage action targets a single alert by ID.
More in this category
AT&T 5G
9 toolsAccess Open Gateway 5G Network APIs -- Number Verify, Device Location, SIM Swap detection, Quality on Demand, and Network Slicing via AT&T.
Notesnook (Private Note Taking & E2EE)
12 toolsManage encrypted notes via Notesnook — create secure entries, sync your vault, and audit private notebooks.
Kisi
9 toolsManage cloud-based access control, locks, and users via the Kisi API.
You might also like
Granola
12 toolsManage AI meeting notes via Granola — list and search meeting documents, retrieve transcripts and summaries, and track action items directly from any AI agent.
TripAdvisor
5 toolsSearch hotels, restaurants, and attractions via TripAdvisor Content API — get reviews, ratings, and POI details.
Increase
12 toolsYour very own programmatic commercial bank. Construct completely new bank accounts, fetch balance ledgers, map Routing numbers and fire wire limits.
Connect StackHawk with your favorite client
Step-by-step setup guides for every MCP-compatible client and framework:
Anthropic's native desktop app for Claude with built-in MCP support.
AI-first code editor with integrated LLM-powered coding assistance.
GitHub Copilot in VS Code with Agent mode and MCP support.
Purpose-built IDE for agentic AI coding workflows.
Autonomous AI coding agent that runs inside VS Code.
Anthropic's agentic CLI for terminal-first development.
Python SDK for building production-grade OpenAI agent workflows.
Google's framework for building production AI agents.
Type-safe agent development for Python with first-class MCP support.
TypeScript toolkit for building AI-powered web applications.
TypeScript-native agent framework for modern web stacks.
Python framework for orchestrating collaborative AI agent crews.
Leading Python framework for composable LLM applications.
Data-aware AI agent framework for structured and unstructured sources.
Microsoft's framework for multi-agent collaborative conversations.
Give your AI agents the power of StackHawk MCP Server
Production-grade StackHawk MCP Server. Verified, monitored, and maintained by Vinkius. Ready for your AI agents — connect and start using immediately.