How to Use the Checkmarx MCP in AutoGen

Q: How can I use AutoGen to decide which Checkmarx vulnerabilities to fix first?

Create a SecurityAnalyst agent to fetch findings with getscanresults and a DevLead agent to check fix locations with listbfl. They can then debate the priority of each bug based on both severity and effort, reaching a consensus.

Q: Can I build an AutoGen team to manage both app code and IaC security in Checkmarx?

Definitely. Assign one agent to use getscanresults for app vulnerabilities and another to use getkicsresults for IaC issues. They can then present their findings to a manager agent to decide what's most urgent.

Q: What's a good way to start a security conversation between AutoGen agents using Checkmarx?

Have a 'watcher' agent that periodically calls listscans. When it sees a new 'Completed' scan, it can kick off the multi-agent conversation by providing the scan ID to the other agents, who then use it to pull results.

Build multi-agent security teams for Checkmarx with AutoGen. Let agents use this MCP Server to debate risks and prioritize fixes.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect Checkmarx MCP to AutoGen

Create your Vinkius account to connect Checkmarx to AutoGen and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup Checkmarx with AutoGen

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Let Agents Debate Scan Results

Set up a conversation between multiple agents. A `SecurityAnalyst` agent uses `run_scan` and `get_scan_results` to find new vulnerabilities. It presents the high-severity findings to the group. A `DevLead` agent can then use `list_bfl` to argue that a fix is simple, while a `ProductManager` agent might argue the feature is too critical to delay. They converse, using Checkmarx data as evidence, until they reach a consensus on what to fix now versus what to defer.

Automate Triage with Agent Teams

One agent's job is to monitor scans using `list_scans`. When a new scan completes, it triggers the conversation. Another agent, the `IaC_Specialist`, can specifically call `get_kics_results` to look for infrastructure issues and bring them to the forefront. This creates a triage meeting in code. The agents discuss whether a finding from `get_scan_results` is more critical than a Kubernetes misconfiguration from `get_kics_results`, using data from this MCP Server to back up their positions.

Consensus-Driven Actions with AutoGen

The conversation isn't just talk. Once the agents agree on a course of action, a `CICD_Operator` agent can be tasked with the next step. For example, if they decide a scan was triggered on a dead branch, it can call `cancel_scan` to free up resources. You can also have an agent whose role is to provide context by calling `get_project` or `list_applications`, ensuring the debate is always grounded in the correct operational reality. This is how AutoGen turns Checkmarx data from a simple MCP tool call into a collaborative decision-making process.

Setup guide

Set up Checkmarx MCP in AutoGen

Prerequisites

Python 3.10+ installed
autogen-ext[mcp] package
Active Vinkius subscription with a valid endpoint token

1

Install AutoGen with MCP
Run pip install "autogen-ext[mcp]" autogen-agentchat. The MCP extension includes mcp_server_tools for stateless tool access.
2

Fetch tools from the MCP
Call mcp_server_tools(SseServerParams(url=...)) with your Vinkius endpoint. Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com.
3

Run your agent
Pass the tools to AssistantAgent and call agent.run(). The agent invokes Checkmarx tools and returns structured results.

agent.py

from autogen_ext.tools.mcp import SseServerParams, mcp_server_tools
from autogen_agentchat.agents import AssistantAgent
from autogen_ext.models.openai import OpenAIChatCompletionClient

server_params = SseServerParams(
    url="https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
)

tools = await mcp_server_tools(server_params)

agent = AssistantAgent(
    name="Checkmarx_assistant",
    model_client=OpenAIChatCompletionClient(model="gpt-4o"),
    tools=tools,
)

result = await agent.run("List recent Checkmarx data")
print(result.messages[-1].content)

Get your connection token →

Prerequisites

Python 3.10+ installed
autogen-ext[mcp] + autogen-agentchat
Active Vinkius subscription with a valid endpoint token

1

Install dependencies
Same packages as above. McpWorkbench is ideal when your agent needs stateful sessions across multiple tool calls.
2

Use McpWorkbench as context manager
Wrap your agent in async with McpWorkbench(...) to maintain shared state and resources. The workbench manages the full MCP session lifecycle.
3

Run with workbench
Pass workbench=workbench to your agent. State is preserved across multiple tool calls within the same session.

agent.py

from autogen_ext.tools.mcp import McpWorkbench, SseServerParams
from autogen_agentchat.agents import AssistantAgent
from autogen_ext.models.openai import OpenAIChatCompletionClient

server_params = SseServerParams(
    url="https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
)

async with McpWorkbench(server_params) as workbench:
    agent = AssistantAgent(
        name="Checkmarx_assistant",
        model_client=OpenAIChatCompletionClient(model="gpt-4o"),
        workbench=workbench,
    )

    result = await agent.run("List recent Checkmarx data")
    print(result.messages[-1].content)

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Checkmarx. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect Checkmarx now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about Checkmarx MCP in AutoGen

Create a `SecurityAnalyst` agent to fetch findings with `get_scan_results` and a `DevLead` agent to check fix locations with `list_bfl`. They can then debate the priority of each bug based on both severity and effort, reaching a consensus.

Definitely. Assign one agent to use `get_scan_results` for app vulnerabilities and another to use `get_kics_results` for IaC issues. They can then present their findings to a manager agent to decide what's most urgent.

Have a 'watcher' agent that periodically calls `list_scans`. When it sees a new 'Completed' scan, it can kick off the multi-agent conversation by providing the scan ID to the other agents, who then use it to pull results.

Yes. After debating the context of a scan—maybe by checking the project details with `get_project`—your agent team can decide to call `cancel_scan`. This is useful for stopping scans on irrelevant or old branches.

Agents can access Checkmarx scan results, project metadata, and Best Fix Location data. Your API keys are never stored on the server. All tool calls happen through the V8 Isolate Sandbox on Vinkius, ensuring each agent's actions are isolated and secured by a short-lived token.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript