Integrate Checkmarx with Claude, Cursor, Chatbots & AI Agents MCP Server

Automate AppSec via Checkmarx One — trigger core scans, analyze vulnerabilities, discover Best Fix Locations (BFL), and monitor KICS results.

GDPR Free for Subscribers

Compatible with every major AI agent and IDE

Claude

ChatGPT

Cursor

Gemini

Windsurf

VS Code

JetBrains

Vercel

+ other MCP clients

cancel

Cancel scan on Checkmarx

Prevents unnecessary engine resource consumption and drops the scanning context if the developer pushed a new commit overlapping the running job. Cancel an actively running Checkmarx scan

get

Get kics results on Checkmarx

Focuses solely on Terraform, CloudFormation, Kubernetes YAML, and Dockerfile misconfigurations rather than typical application source code flaws. Get specialized Infrastructure as Code (KICS) findings

get

Get project on Checkmarx

Essential for ensuring the correct branch and source control context is selected before triggering new scans. Get details for a specific Checkmarx project

get

Get scan details on Checkmarx

It returns granular execution details including which scan engines (SAST, SCA, KICS) were fired, their individual execution timings, and any engine-specific failure reasons. Check the precise status and configuration of a Checkmarx scan

get

Get scan results on Checkmarx

Each result includes the vulnerability severity, state (To Verify, Confirmed, Urgent), description, and the exact lines of code where the flaw was detected. Requires a completed scan ID. Download SAST and security vulnerability findings for a scan

list

List applications on Checkmarx

An Application acts as an overarching container for multiple individual microservices or projects, providing aggregated risk reporting and security metric visibility across a logical product. List Checkmarx One Applications

list

List bfl on Checkmarx

Provide the scan ID and the specific query (rule) ID string. Get Best Fix Location (BFL) for a specific vulnerability node

list

List projects on Checkmarx

A Project represents a specific codebase. Includes project metadata, IDs, and assigned application linkages. List all Checkmarx One Projects

list

List scans on Checkmarx

Includes the scan ID, current status (Completed, Running, Failed, Canceled), branch targeted, and timestamps. Use the scan ID to fetch the actual vulnerability results. List all historical and active scans for a Checkmarx project

run

Run scan on Checkmarx

Extensively used in CI/CD integrations to assert security quality on PRs. Returns the ID of the newly queued scan. Trigger a new Checkmarx One code scan

Security & Code Integrity Audit

Every tool in the Checkmarx MCP Server is continuously audited by the Vinkius Security Engine. We guarantee zero-trust payload isolation, strict data boundaries, and deterministic execution for enterprise-grade AI agents.

A+Score: 100

How Vinkius protects your data

Is there a risk of the AI "going crazy" and deleting important company data?

No. With Vinkius, the AI operates on "rails". It can only make the exact moves you authorized in the tool's settings. It cannot invent routes, access other networks in your company, or decide to delete random files. If the action isn't in the approved catalog, the attempt is blocked instantly.

Can I set different limits for each virtual assistant on my team?

Absolutely. You have full control in our command center. You can create an AI agent that only "reads" data so the support team can answer questions, and another superpowered agent that can "edit" and "create" information exclusively for your operations team. Each AI gets exactly the level of access you allow.

How can the AI help me fix a vulnerability faster?

Once an issue is identified via scan results, ask your agent to pull the 'Best Fix Location' (BFL) using the query ID. Checkmarx mathematically finds the common root code block, and your AI can instantly rewrite that exact block to sanitize the flaw. You save hours tracing code paths.

What if the AI ends up reading customer data or confidential information?

We have a built-in digital "bodyguard" called DLP (Data Loss Prevention). If a tool fetches data and the response contains social security numbers, credit cards, or personal customer info, Vinkius magically blocks and erases that information before it is delivered to the AI. The AI works only with what is strictly necessary, and your sensitive data never leaks.

What can AI Agents do with Checkmarx?

Integrate Checkmarx to provide your custom AI agents with direct read and write access to the capabilities listed below.

Managing appsec inside Claude

The Checkmarx integration allows Cursor and ChatGPT to securely fetch appsec data. It handles the API requests required for fort knox operations.

Execute sast Commands with AI

The Checkmarx MCP translates LLM intent into specific sast actions. Agents like Cursor use this to interface securely with your fort knox infrastructure.