4,500+ servers built on MCP Fusion
Vinkius
Checkmarx logo
Vinkius
Windsurf logo

How to Use the Checkmarx MCP in Windsurf

Let Cascade autonomously trigger Checkmarx scans, track IaC bugs, and patch security vulnerabilities directly in Windsurf using this MCP Server.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

Checkmarx MCP on Cursor AI Code Editor MCP Client Checkmarx MCP on Claude Desktop App MCP Integration Checkmarx MCP on OpenAI Agents SDK MCP Compatible Checkmarx MCP on Visual Studio Code MCP Extension Client Checkmarx MCP on GitHub Copilot AI Agent MCP Integration Checkmarx MCP on Google Gemini AI MCP Integration Checkmarx MCP on Lovable AI Development MCP Client Checkmarx MCP on Mistral AI Agents MCP Compatible Checkmarx MCP on Amazon AWS Bedrock MCP Support
MCP Servers - Free for Subscribers
Windsurf

Connect Checkmarx MCP to Windsurf

Create your Vinkius account to connect Checkmarx to Windsurf and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers
Setup Checkmarx with Windsurf
ChatGPT ChatGPT Claude Claude Perplexity Perplexity

Autopilot AppSec scan cycles in Windsurf

Cascade won't just tell you about security bugs; it runs them down. By calling `run_scan`, your editor kicks off a fresh Checkmarx security run the moment you finish a feature branch. If you push a quick fix while a run is already active, Cascade uses `cancel_scan` to kill the stale job and free up your team's engine resources. You don't have to babysit the process. This MCP Server gives Cascade the ability to poll `list_scans` and `get_scan_details` in the background. Once the run wraps up, the agent presents a clean summary of what passed and what failed without you touching a button.

Cascade traces and patches vulnerabilities

Pinpointing the exact line of code causing a security alert usually takes ages. Cascade solves this by pulling the raw vulnerability data with `get_scan_results` and instantly mapping it to your active workspace files. It looks at the severity, zeroes in on "Urgent" issues, and opens the exact files needing attention. The magic happens when Cascade calls `list_bfl` to find the Best Fix Location. Instead of patching five different files, the agent identifies the single root node where a fix will resolve the entire vulnerability chain, then drafts the code edit for you.

Fixing IaC misconfigurations in Windsurf

Terraform files and Dockerfiles often harbor silent security risks. Cascade uses `get_kics_results` to scan your infrastructure-as-code files for misconfigurations before they ever hit production. It checks your Kubernetes YAMLs and CloudFormation templates directly against Checkmarx standards. Because Cascade is an autonomous agent, it doesn't just list the KICS violations. It automatically generates the corrected configuration blocks, swaps them into your files, and runs a local validation check to ensure your deployment scripts are clean.

Setup guide

Set up Checkmarx MCP in Windsurf

Prerequisites

  • Windsurf IDE installed (macOS, Windows, or Linux)
  • Active Vinkius subscription with a valid endpoint token
  1. 1

    Open MCP configuration

    Click the Cascade assistant icon in the sidebar, then click the hammer icon (🔨) at the top of the panel. Select "Configure" to open ~/.codeium/windsurf/mcp_config.json.

  2. 2

    Add the Checkmarx MCP

    Paste the JSON snippet shown on the right into the mcpServers object. Replace [YOUR_TOKEN_HERE] with your endpoint token from cloud.vinkius.com.

  3. 3

    Refresh MCPs

    Go back to the hammer icon (🔨) in Cascade and click "Refresh". Windsurf will detect the new server. No full restart is needed — the connection is hot-reloaded.

  4. 4

    Verify in Cascade

    Start a new Cascade conversation and ask something like "Show my Checkmarx payment history." If connected, Cascade will call the Checkmarx tools directly. You will see a green dot next to the server name in the MCP panel.

mcp_config.json 
{
  "mcpServers": {
    "checkmarx-mcp": {
      "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    }
  }
}
Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Checkmarx. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect Checkmarx now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about Checkmarx MCP in Windsurf

Windsurf reads your workspace context, pulls active project details using `get_project`, and triggers a scan. It then monitors the run and automatically highlights any high-severity bugs in your Windsurf editor before you open a pull request.
Yes, Windsurf can stop any active job. Cascade executes `cancel_scan` to terminate the running engine process, saving your team valuable scanning minutes when you have already committed a newer code version.
Cascade calls `list_bfl` to find the Best Fix Location for a vulnerability. Instead of guessing, Windsurf receives the exact code node where a single fix will resolve multiple security alerts across your project.
Absolutely. By calling `get_kics_results`, Windsurf pulls specialized Infrastructure as Code findings directly into your editor, allowing Cascade to fix security flaws in your YAMLs and Dockerfiles.
Your raw scan results and project metadata remain securely stored in your Checkmarx One instance. Windsurf only requests this data through the local MCP Server endpoint using your personal token, ensuring no third-party servers ever see your code or vulnerability reports.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

Claude Desktop ide
Cursor ide
VS Code Copilot ide
Windsurf ide
Cline ide
Claude Code cli
OpenAI Agents SDK sdk-python
Google ADK sdk-python
Pydantic AI sdk-python
Vercel AI SDK sdk-typescript
Mastra AI sdk-typescript
Mastra AI
CrewAI framework
LangChain framework
LlamaIndex framework
LlamaIndex
AutoGen framework
AutoGen

Start using the Checkmarx MCP today

We host it, we monitor it, we maintain it. You just paste one token.

Get started
Built & Managed by Vinkius 30s setup 10 tools

We've already built the connector for Checkmarx. Just plug in your AI agents and start using Vinkius.

No hosting. No infrastructure. No complex setup.
All 10 tools are live and waiting. You're up and running in seconds.

Claude Claude
ChatGPT ChatGPT
Cursor Cursor
Gemini Gemini
Windsurf Windsurf
VS Code VS Code
JetBrains JetBrains
Vercel Vercel
+ other MCP clients

Vinkius gives your AI agents access to the full catalog of app connectors, all fully managed, secure, and enterprise-ready. One subscription, every tool you need.

Zero hosting required Full MCP catalog included Enterprise-grade security Auto-updated by Vinkius

Built, hosted, and secured by Vinkius. You just connect and go.