How to Use the Veracode MCP in Claude Code

Q: How do I list Veracode applications using Claude Code?

Run listapplications. This fetches a globally unique GUID for every Veracode AppSec Application. You'll need these IDs to pass into subsequent steps in your shell script.

Q: What details can I get about an app using Veracode and Claude Code?

Use getapplicationdetails to pull a detailed profile, including the compliance policy status, business criticality rating, deployment state, and associated risk scores. It's perfect for CI/CD gates.

Q: If I need vulnerability details for Veracode using Claude Code, what tool should I use?

Execute getfindingdetails. This is the precise way to get the flaw type (CWE), the source file, and the code path. It’s essential when writing failure checks.

Q: How do I manage users or list scans with Veracode using Claude Code?

You can check DAST scans with listdynamicanalyses and see all sandboxes via listsandboxes. To manage roles, use listveracodeusers.

Run Veracode security checks headlessly in Claude Code for CI/CD pipelines and cron jobs.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect Veracode MCP to Claude Code

Create your Vinkius account to connect Veracode to Claude Code and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup Veracode with Claude Code

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Build App Profiles Programmatically

You can programmatically create a container profile using `create_application`. You just supply the app schema and profile name as a JSON string. If you need to clean up old containers, use `delete_application`—but remember that action is irreversible. Running `list_applications` gives you all the needed global GUIDs for targeting resources in your pipeline scripts.

Assess and List Findings

Need to check a flaw? Execute `get_finding_details`. This tool provides the vulnerability type (CWE), the affected source file, code path, and remediation guidance. It's invaluable for failure conditions in CI/CD. To get a full security report, call `list_security_findings` to retrieve unified findings across an entire application.

Manage AppSec Scans and Users

The server allows you to list all configured Dynamic Analysis (DAST) scans with `list_dynamic_analyses`. It also lists linked testing sandboxes using `list_sandboxes`. For user management, run `list_veracode_users` to handle the RBAC roles. Checking the overall connection health is done via `get_api_health`.

Setup guide

Set up Veracode MCP in Claude Code

Prerequisites

Claude Code CLI installed (npm install -g @anthropic-ai/claude-code)
Active Vinkius subscription with a valid endpoint token

1

Run the add command

Open your terminal and run the command shown on the right. Replace [YOUR_TOKEN_HERE] with your endpoint token from cloud.vinkius.com. Use --scope user to make it available across all projects.
2

Verify the connection

Start a Claude Code session and type /mcp to list connected servers. You should see veracode-mcp with a green status indicator.
3

Start using tools

Ask Claude Code something like "Check my latest Veracode transactions." It will automatically discover and invoke the available Veracode tools.

Terminal

claude mcp add --transport http veracode-mcp https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp

Get your connection token →

Prerequisites

Claude Code CLI installed
Active Vinkius subscription with a valid endpoint token

1

Open the config file

Create or edit .mcp.json in your project root for project-level scope, or ~/.claude.json for user-level scope.
2

Add the Veracode MCP

Paste the JSON snippet shown on the right into the mcpServers object. Replace [YOUR_TOKEN_HERE] with your endpoint token from cloud.vinkius.com.
3

Restart Claude Code

Start a new Claude Code session. Type /mcp to confirm the server is connected. The tools will be automatically available in your conversation.

.mcp.json

{
  "mcpServers": {
    "veracode-mcp": {
      "type": "url",
      "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    }
  }
}

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Veracode. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect Veracode now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about Veracode MCP in Claude Code

Run `list_applications`. This fetches a globally unique GUID for every Veracode AppSec Application. You'll need these IDs to pass into subsequent steps in your shell script.

Use `get_application_details` to pull a detailed profile, including the compliance policy status, business criticality rating, deployment state, and associated risk scores. It's perfect for CI/CD gates.

Execute `get_finding_details`. This is the precise way to get the flaw type (CWE), the source file, and the code path. It’s essential when writing failure checks.

You can check DAST scans with `list_dynamic_analyses` and see all sandboxes via `list_sandboxes`. To manage roles, use `list_veracode_users`.

This server deals with AppSec Application GUIDs, vulnerability types (CWE), and user access roles. Since this runs headless, ensure the service account has the minimal required permissions.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript