How can the AI help me fix a vulnerability faster?

Once an issue is identified via scan results, ask your agent to pull the 'Best Fix Location' (BFL) using the query ID. Checkmarx mathematically finds the common root code block, and your AI can instantly rewrite that exact block to sanitize the flaw. You save hours tracing code paths.

Can the agent initiate a static code scan independently?

Yes! Tell the agent to 'Run a scan on project ID X targeting the main branch'. It initiates the analysis array natively across Checkmarx One engines. You can poll for completion status later and retrieve the new dataset directly via chat.

Does it segregate AppSec results from Cloud infrastructure flaws?

It does. Application flaws are pulled cleanly via `get_scan_results`, whereas misconfigurations tied to Docker, Kubernetes, or Terraform limits use a dedicated `get_kics_results` pipeline. The agent intrinsically separates the context for your DevOps team.

Checkmarx MCP Server for Pydantic AI 10 tools — connect in under 2 minutes

Name: Checkmarx
Availability: InStock
Author: Vinkius

ai.pydantic.dev/mcp

Built by Vinkius GDPR 10 Tools SDK

Pydantic AI brings type-safe agent development to Python with first-class MCP support. Connect Checkmarx through the Vinkius and every tool is automatically validated against Pydantic schemas — catch errors at build time, not in production.

Get MCP Server for AI Agents

ASK AI ABOUT THIS MCP SERVER

Open in ChatGPT Open in Claude Open in Perplexity

Vinkius supports streamable HTTP and SSE.

python

import asyncio
from pydantic_ai import Agent
from pydantic_ai.mcp import MCPServerHTTP

async def main():
    # Your Vinkius token — get it at cloud.vinkius.com
    server = MCPServerHTTP(url="https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp")

    agent = Agent(
        model="openai:gpt-4o",
        mcp_servers=[server],
        system_prompt=(
            "You are an assistant with access to Checkmarx "
            "(10 tools)."
        ),
    )

    result = await agent.run(
        "What tools are available in Checkmarx?"
    )
    print(result.data)

asyncio.run(main())

Fully ManagedVinkius Servers

60%Token savings

High SecurityEnterprise-grade

IAMAccess control

EU AI ActCompliant

DLPData protection

V8 IsolateSandboxed

Ed25519Audit chain

<40msKill switch

Stream every event to Splunk, Datadog, or your own webhook in real-time

* Every MCP server runs on Vinkius-managed infrastructure inside AWS - a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts optimized for native MCP execution. See our infrastructure

About Checkmarx MCP Server

Connect your Checkmarx One enterprise environment to any AI agent and take programmatic control over your Application Security posture. Analyze deep code flaws through natural chat instead of navigating complex cyber dashboards.

Pydantic AI validates every Checkmarx tool response against typed schemas, catching data inconsistencies at build time. Connect 10 tools through the Vinkius and switch between OpenAI, Anthropic, or Gemini without changing your integration code — full type safety, structured output guarantees, and dependency injection for testable agents.

What you can do

Projects & Applications — Inventory your codebase containers, inspect active project linkages, and prepare specific branches for security scanning
Scans Lifecycle — Trigger dynamic SAST/SCA security scans on repos, cancel redundant queues, and poll engines for precise execution timing
Vulnerability Triage — Extract core datasets of severe vulnerabilities, mapping exact lines of code where the flawed logic resides
Best Fix Location (BFL) — Ask the agent to calculate the exact optimal spot in your execution path to apply a patch that resolves the flaw entirely
KICS (IaC) — Read specialized Infrastructure as Code metrics isolating misconfigurations exclusively in Terraform, Dockerfiles, or Kubernetes YAML

The Checkmarx MCP Server exposes 10 tools through the Vinkius. Connect it to Pydantic AI in under two minutes — no API keys to rotate, no infrastructure to provision, no vendor lock-in. Your configuration, your data, your control.

How to Connect Checkmarx to Pydantic AI via MCP

Follow these steps to integrate the Checkmarx MCP Server with Pydantic AI.

Install Pydantic AI

Run pip install pydantic-ai

Replace the token

Replace [YOUR_TOKEN_HERE] with your Vinkius token

Run the agent

Save to agent.py and run: python agent.py

Explore tools

The agent discovers 10 tools from Checkmarx with type-safe schemas

Why Use Pydantic AI with the Checkmarx MCP Server

Pydantic AI provides unique advantages when paired with Checkmarx through the Model Context Protocol.

Full type safety: every MCP tool response is validated against Pydantic models, catching data inconsistencies before they reach your application

Model-agnostic architecture — switch between OpenAI, Anthropic, or Gemini without changing your Checkmarx integration code

Structured output guarantee: Pydantic AI ensures tool results conform to defined schemas, eliminating runtime type errors

Dependency injection system cleanly separates your Checkmarx connection logic from agent behavior for testable, maintainable code

Checkmarx + Pydantic AI Use Cases

Practical scenarios where Pydantic AI combined with the Checkmarx MCP Server delivers measurable value.

Type-safe data pipelines: query Checkmarx with guaranteed response schemas, feeding validated data into downstream processing

API orchestration: chain multiple Checkmarx tool calls with Pydantic validation at each step to ensure data integrity end-to-end

Production monitoring: build validated alert agents that query Checkmarx and output structured, schema-compliant notifications

Testing and QA: use Pydantic AI's dependency injection to mock Checkmarx responses and write comprehensive agent tests

Checkmarx MCP Tools for Pydantic AI (10)

These 10 tools become available when you connect Checkmarx to Pydantic AI via MCP:

cancel_scan

Prevents unnecessary engine resource consumption and drops the scanning context if the developer pushed a new commit overlapping the running job. Cancel an actively running Checkmarx scan

get_kics_results

Focuses solely on Terraform, CloudFormation, Kubernetes YAML, and Dockerfile misconfigurations rather than typical application source code flaws. Get specialized Infrastructure as Code (KICS) findings

get_project

Essential for ensuring the correct branch and source control context is selected before triggering new scans. Get details for a specific Checkmarx project

get_scan_details

It returns granular execution details including which scan engines (SAST, SCA, KICS) were fired, their individual execution timings, and any engine-specific failure reasons. Check the precise status and configuration of a Checkmarx scan

get_scan_results

Each result includes the vulnerability severity, state (To Verify, Confirmed, Urgent), description, and the exact lines of code where the flaw was detected. Requires a completed scan ID. Download SAST and security vulnerability findings for a scan

list_applications

An Application acts as an overarching container for multiple individual microservices or projects, providing aggregated risk reporting and security metric visibility across a logical product. List Checkmarx One Applications

list_bfl

Provide the scan ID and the specific query (rule) ID string. Get Best Fix Location (BFL) for a specific vulnerability node

list_projects

A Project represents a specific codebase. Includes project metadata, IDs, and assigned application linkages. List all Checkmarx One Projects

list_scans

Includes the scan ID, current status (Completed, Running, Failed, Canceled), branch targeted, and timestamps. Use the scan ID to fetch the actual vulnerability results. List all historical and active scans for a Checkmarx project

run_scan

Extensively used in CI/CD integrations to assert security quality on PRs. Returns the ID of the newly queued scan. Trigger a new Checkmarx One code scan

Example Prompts for Checkmarx in Pydantic AI

Ready-to-use prompts you can give your Pydantic AI agent to start working with Checkmarx immediately.

"List the most severe vulnerabilities found in the last Checkmarx scan."

"Trigger a new SAST scan for my current Checkmarx project."

"How do I fix the SQL injection vulnerability found in the Checkmarx report?"

Troubleshooting Checkmarx MCP Server with Pydantic AI

Common issues when connecting Checkmarx to Pydantic AI through the Vinkius, and how to resolve them.

MCPServerHTTP not found

Update: pip install --upgrade pydantic-ai

Checkmarx + Pydantic AI FAQ

Common questions about integrating Checkmarx MCP Server with Pydantic AI.

How does Pydantic AI discover MCP tools?

Create an MCPServerHTTP instance with the server URL. Pydantic AI connects, discovers all tools, and generates typed Python interfaces automatically.

Does Pydantic AI validate MCP tool responses?

Yes. When you define result types as Pydantic models, every tool response is validated against the schema. Invalid data raises a clear error instead of silently corrupting your pipeline.

Can I switch LLM providers without changing MCP code?

Absolutely. Pydantic AI abstracts the model layer — your Checkmarx MCP integration works identically with OpenAI, Anthropic, Google, or any supported provider.