How can the AI help me fix a vulnerability faster?

Once an issue is identified via scan results, ask your agent to pull the 'Best Fix Location' (BFL) using the query ID. Checkmarx mathematically finds the common root code block, and your AI can instantly rewrite that exact block to sanitize the flaw. You save hours tracing code paths.

Can the agent initiate a static code scan independently?

Yes! Tell the agent to 'Run a scan on project ID X targeting the main branch'. It initiates the analysis array natively across Checkmarx One engines. You can poll for completion status later and retrieve the new dataset directly via chat.

Does it segregate AppSec results from Cloud infrastructure flaws?

It does. Application flaws are pulled cleanly via `get_scan_results`, whereas misconfigurations tied to Docker, Kubernetes, or Terraform limits use a dedicated `get_kics_results` pipeline. The agent intrinsically separates the context for your DevOps team.

Checkmarx MCP Server for LangChain 10 tools — connect in under 2 minutes

Name: Checkmarx
Availability: InStock
Author: Vinkius

python.langchain.com/docs/integrations/tools/mcp

Built by Vinkius GDPR 10 Tools Framework

LangChain is the leading Python framework for composable LLM applications. Connect Checkmarx through the Vinkius and LangChain agents can call every tool natively — combine them with retrievers, memory, and output parsers for sophisticated AI pipelines.

Get MCP Server for AI Agents

ASK AI ABOUT THIS MCP SERVER

Open in ChatGPT Open in Claude Open in Perplexity

Vinkius supports streamable HTTP and SSE.

python

import asyncio
from langchain_mcp_adapters.client import MultiServerMCPClient
from langchain_openai import ChatOpenAI
from langgraph.prebuilt import create_react_agent

async def main():
    # Your Vinkius token — get it at cloud.vinkius.com
    async with MultiServerMCPClient({
        "checkmarx": {
            "transport": "streamable_http",
            "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp",
        }
    }) as client:
        tools = client.get_tools()
        agent = create_react_agent(
            ChatOpenAI(model="gpt-4o"),
            tools,
        )
        response = await agent.ainvoke({
            "messages": [{
                "role": "user",
                "content": "Using Checkmarx, show me what tools are available.",
            }]
        })
        print(response["messages"][-1].content)

asyncio.run(main())

Fully ManagedVinkius Servers

60%Token savings

High SecurityEnterprise-grade

IAMAccess control

EU AI ActCompliant

DLPData protection

V8 IsolateSandboxed

Ed25519Audit chain

<40msKill switch

Stream every event to Splunk, Datadog, or your own webhook in real-time

* Every MCP server runs on Vinkius-managed infrastructure inside AWS - a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts optimized for native MCP execution. See our infrastructure

About Checkmarx MCP Server

Connect your Checkmarx One enterprise environment to any AI agent and take programmatic control over your Application Security posture. Analyze deep code flaws through natural chat instead of navigating complex cyber dashboards.

LangChain's ecosystem of 500+ components combines seamlessly with Checkmarx through native MCP adapters. Connect 10 tools via the Vinkius and use ReAct agents, Plan-and-Execute strategies, or custom agent architectures — with LangSmith tracing giving full visibility into every tool call, latency, and token cost.

What you can do

Projects & Applications — Inventory your codebase containers, inspect active project linkages, and prepare specific branches for security scanning
Scans Lifecycle — Trigger dynamic SAST/SCA security scans on repos, cancel redundant queues, and poll engines for precise execution timing
Vulnerability Triage — Extract core datasets of severe vulnerabilities, mapping exact lines of code where the flawed logic resides
Best Fix Location (BFL) — Ask the agent to calculate the exact optimal spot in your execution path to apply a patch that resolves the flaw entirely
KICS (IaC) — Read specialized Infrastructure as Code metrics isolating misconfigurations exclusively in Terraform, Dockerfiles, or Kubernetes YAML

The Checkmarx MCP Server exposes 10 tools through the Vinkius. Connect it to LangChain in under two minutes — no API keys to rotate, no infrastructure to provision, no vendor lock-in. Your configuration, your data, your control.

How to Connect Checkmarx to LangChain via MCP

Follow these steps to integrate the Checkmarx MCP Server with LangChain.

Install dependencies

Run pip install langchain langchain-mcp-adapters langgraph langchain-openai

Replace the token

Replace [YOUR_TOKEN_HERE] with your Vinkius token

Run the agent

Save the code and run python agent.py

Explore tools

The agent discovers 10 tools from Checkmarx via MCP

Why Use LangChain with the Checkmarx MCP Server

LangChain provides unique advantages when paired with Checkmarx through the Model Context Protocol.

The largest ecosystem of integrations, chains, and agents — combine Checkmarx MCP tools with 500+ LangChain components

Agent architecture supports ReAct, Plan-and-Execute, and custom strategies with full MCP tool access at every step

LangSmith tracing gives you complete visibility into tool calls, latencies, and token usage for production debugging

Memory and conversation persistence let agents maintain context across Checkmarx queries for multi-turn workflows

Checkmarx + LangChain Use Cases

Practical scenarios where LangChain combined with the Checkmarx MCP Server delivers measurable value.

RAG with live data: combine Checkmarx tool results with vector store retrievals for answers grounded in both real-time and historical data

Autonomous research agents: LangChain agents query Checkmarx, synthesize findings, and generate comprehensive research reports

Multi-tool orchestration: chain Checkmarx tools with web scrapers, databases, and calculators in a single agent run

Production monitoring: use LangSmith to trace every Checkmarx tool call, measure latency, and optimize your agent's performance

Checkmarx MCP Tools for LangChain (10)

These 10 tools become available when you connect Checkmarx to LangChain via MCP:

cancel_scan

Prevents unnecessary engine resource consumption and drops the scanning context if the developer pushed a new commit overlapping the running job. Cancel an actively running Checkmarx scan

get_kics_results

Focuses solely on Terraform, CloudFormation, Kubernetes YAML, and Dockerfile misconfigurations rather than typical application source code flaws. Get specialized Infrastructure as Code (KICS) findings

get_project

Essential for ensuring the correct branch and source control context is selected before triggering new scans. Get details for a specific Checkmarx project

get_scan_details

It returns granular execution details including which scan engines (SAST, SCA, KICS) were fired, their individual execution timings, and any engine-specific failure reasons. Check the precise status and configuration of a Checkmarx scan

get_scan_results

Each result includes the vulnerability severity, state (To Verify, Confirmed, Urgent), description, and the exact lines of code where the flaw was detected. Requires a completed scan ID. Download SAST and security vulnerability findings for a scan

list_applications

An Application acts as an overarching container for multiple individual microservices or projects, providing aggregated risk reporting and security metric visibility across a logical product. List Checkmarx One Applications

list_bfl

Provide the scan ID and the specific query (rule) ID string. Get Best Fix Location (BFL) for a specific vulnerability node

list_projects

A Project represents a specific codebase. Includes project metadata, IDs, and assigned application linkages. List all Checkmarx One Projects

list_scans

Includes the scan ID, current status (Completed, Running, Failed, Canceled), branch targeted, and timestamps. Use the scan ID to fetch the actual vulnerability results. List all historical and active scans for a Checkmarx project

run_scan

Extensively used in CI/CD integrations to assert security quality on PRs. Returns the ID of the newly queued scan. Trigger a new Checkmarx One code scan

Example Prompts for Checkmarx in LangChain

Ready-to-use prompts you can give your LangChain agent to start working with Checkmarx immediately.

"List the most severe vulnerabilities found in the last Checkmarx scan."

"Trigger a new SAST scan for my current Checkmarx project."

"How do I fix the SQL injection vulnerability found in the Checkmarx report?"

Troubleshooting Checkmarx MCP Server with LangChain

Common issues when connecting Checkmarx to LangChain through the Vinkius, and how to resolve them.

MultiServerMCPClient not found

Install: pip install langchain-mcp-adapters

Checkmarx + LangChain FAQ

Common questions about integrating Checkmarx MCP Server with LangChain.

How does LangChain connect to MCP servers?

Use langchain-mcp-adapters to create an MCP client. LangChain discovers all tools and wraps them as native LangChain tools compatible with any agent type.

Which LangChain agent types work with MCP?

All agent types including ReAct, OpenAI Functions, and custom agents work with MCP tools. The tools appear as standard LangChain tools after the adapter wraps them.