How can the AI help me fix a vulnerability faster?

Once an issue is identified via scan results, ask your agent to pull the 'Best Fix Location' (BFL) using the query ID. Checkmarx mathematically finds the common root code block, and your AI can instantly rewrite that exact block to sanitize the flaw. You save hours tracing code paths.

Can the agent initiate a static code scan independently?

Yes! Tell the agent to 'Run a scan on project ID X targeting the main branch'. It initiates the analysis array natively across Checkmarx One engines. You can poll for completion status later and retrieve the new dataset directly via chat.

Does it segregate AppSec results from Cloud infrastructure flaws?

It does. Application flaws are pulled cleanly via `get_scan_results`, whereas misconfigurations tied to Docker, Kubernetes, or Terraform limits use a dedicated `get_kics_results` pipeline. The agent intrinsically separates the context for your DevOps team.

Checkmarx MCP Server for AutoGen 10 tools — connect in under 2 minutes

Name: Checkmarx
Availability: InStock
Author: Vinkius

microsoft.github.io/autogen/docs/tools/mcp-tools

Built by Vinkius GDPR 10 Tools Framework

Microsoft AutoGen enables multi-agent conversations where agents negotiate, delegate, and execute tasks collaboratively. Add Checkmarx as an MCP tool provider through the Vinkius and every agent in the group can access live data and take action.

Get MCP Server for AI Agents

ASK AI ABOUT THIS MCP SERVER

Open in ChatGPT Open in Claude Open in Perplexity

Vinkius supports streamable HTTP and SSE.

python

import asyncio
from autogen_agentchat.agents import AssistantAgent
from autogen_ext.tools.mcp import McpWorkbench

async def main():
    # Your Vinkius token — get it at cloud.vinkius.com
    async with McpWorkbench(
        server_params={"url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"},
        transport="streamable_http",
    ) as workbench:
        tools = await workbench.list_tools()
        agent = AssistantAgent(
            name="checkmarx_agent",
            tools=tools,
            system_message=(
                "You help users with Checkmarx. "
                "10 tools available."
            ),
        )
        print(f"Agent ready with {len(tools)} tools")

asyncio.run(main())

Fully ManagedVinkius Servers

60%Token savings

High SecurityEnterprise-grade

IAMAccess control

EU AI ActCompliant

DLPData protection

V8 IsolateSandboxed

Ed25519Audit chain

<40msKill switch

Stream every event to Splunk, Datadog, or your own webhook in real-time

* Every MCP server runs on Vinkius-managed infrastructure inside AWS - a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts optimized for native MCP execution. See our infrastructure

About Checkmarx MCP Server

Connect your Checkmarx One enterprise environment to any AI agent and take programmatic control over your Application Security posture. Analyze deep code flaws through natural chat instead of navigating complex cyber dashboards.

AutoGen enables multi-agent conversations where agents negotiate, delegate, and collaboratively use Checkmarx tools. Connect 10 tools through the Vinkius and assign role-based access — a data analyst queries while a reviewer validates, with optional human-in-the-loop approval for sensitive operations.

What you can do

Projects & Applications — Inventory your codebase containers, inspect active project linkages, and prepare specific branches for security scanning
Scans Lifecycle — Trigger dynamic SAST/SCA security scans on repos, cancel redundant queues, and poll engines for precise execution timing
Vulnerability Triage — Extract core datasets of severe vulnerabilities, mapping exact lines of code where the flawed logic resides
Best Fix Location (BFL) — Ask the agent to calculate the exact optimal spot in your execution path to apply a patch that resolves the flaw entirely
KICS (IaC) — Read specialized Infrastructure as Code metrics isolating misconfigurations exclusively in Terraform, Dockerfiles, or Kubernetes YAML

The Checkmarx MCP Server exposes 10 tools through the Vinkius. Connect it to AutoGen in under two minutes — no API keys to rotate, no infrastructure to provision, no vendor lock-in. Your configuration, your data, your control.

How to Connect Checkmarx to AutoGen via MCP

Follow these steps to integrate the Checkmarx MCP Server with AutoGen.

Install AutoGen

Run pip install "autogen-ext[mcp]"

Replace the token

Replace [YOUR_TOKEN_HERE] with your Vinkius token

Integrate into workflow

Use the agent in your AutoGen multi-agent orchestration

Explore tools

The workbench discovers 10 tools from Checkmarx automatically

Why Use AutoGen with the Checkmarx MCP Server

AutoGen provides unique advantages when paired with Checkmarx through the Model Context Protocol.

Multi-agent conversations: multiple AutoGen agents discuss, delegate, and collaboratively use Checkmarx tools to solve complex tasks

Role-based architecture lets you assign Checkmarx tool access to specific agents — a data analyst queries while a reviewer validates

Human-in-the-loop support: agents can pause for human approval before executing sensitive Checkmarx tool calls

Code execution sandbox: AutoGen agents can write and run code that processes Checkmarx tool responses in an isolated environment

Checkmarx + AutoGen Use Cases

Practical scenarios where AutoGen combined with the Checkmarx MCP Server delivers measurable value.

Collaborative analysis: one agent queries Checkmarx while another validates results and a third generates the final report

Automated review pipelines: a researcher agent fetches data from Checkmarx, a critic agent evaluates quality, and a writer produces the output

Interactive planning: agents negotiate task allocation using Checkmarx data to make informed decisions about resource distribution

Code generation with live data: an AutoGen coder agent writes scripts that process Checkmarx responses in a sandboxed execution environment

Checkmarx MCP Tools for AutoGen (10)

These 10 tools become available when you connect Checkmarx to AutoGen via MCP:

cancel_scan

Prevents unnecessary engine resource consumption and drops the scanning context if the developer pushed a new commit overlapping the running job. Cancel an actively running Checkmarx scan

get_kics_results

Focuses solely on Terraform, CloudFormation, Kubernetes YAML, and Dockerfile misconfigurations rather than typical application source code flaws. Get specialized Infrastructure as Code (KICS) findings

get_project

Essential for ensuring the correct branch and source control context is selected before triggering new scans. Get details for a specific Checkmarx project

get_scan_details

It returns granular execution details including which scan engines (SAST, SCA, KICS) were fired, their individual execution timings, and any engine-specific failure reasons. Check the precise status and configuration of a Checkmarx scan

get_scan_results

Each result includes the vulnerability severity, state (To Verify, Confirmed, Urgent), description, and the exact lines of code where the flaw was detected. Requires a completed scan ID. Download SAST and security vulnerability findings for a scan

list_applications

An Application acts as an overarching container for multiple individual microservices or projects, providing aggregated risk reporting and security metric visibility across a logical product. List Checkmarx One Applications

list_bfl

Provide the scan ID and the specific query (rule) ID string. Get Best Fix Location (BFL) for a specific vulnerability node

list_projects

A Project represents a specific codebase. Includes project metadata, IDs, and assigned application linkages. List all Checkmarx One Projects

list_scans

Includes the scan ID, current status (Completed, Running, Failed, Canceled), branch targeted, and timestamps. Use the scan ID to fetch the actual vulnerability results. List all historical and active scans for a Checkmarx project

run_scan

Extensively used in CI/CD integrations to assert security quality on PRs. Returns the ID of the newly queued scan. Trigger a new Checkmarx One code scan

Example Prompts for Checkmarx in AutoGen

Ready-to-use prompts you can give your AutoGen agent to start working with Checkmarx immediately.

"List the most severe vulnerabilities found in the last Checkmarx scan."

"Trigger a new SAST scan for my current Checkmarx project."

"How do I fix the SQL injection vulnerability found in the Checkmarx report?"

Troubleshooting Checkmarx MCP Server with AutoGen

Common issues when connecting Checkmarx to AutoGen through the Vinkius, and how to resolve them.

McpWorkbench not found

Install: pip install "autogen-ext[mcp]"

Checkmarx + AutoGen FAQ

Common questions about integrating Checkmarx MCP Server with AutoGen.

How does AutoGen connect to MCP servers?

Create an MCP tool adapter and assign it to one or more agents in the group chat. AutoGen agents can then call Checkmarx tools during their conversation turns.

Can different agents have different MCP tool access?

Yes. AutoGen's role-based architecture lets you assign specific MCP tools to specific agents, so a querying agent has different capabilities than a reviewing agent.