Bring Appsec
to Google ADK
Create your Vinkius account to connect Checkmarx to Google ADK and start using all 10 AI tools in minutes. Fully managed, enterprise secure, and ready to use without writing a single line of code. No hosting, no server setup — just connect and start using.
GDPR Free for SubscribersCompatible with every major AI agent and IDE
Gemini
What is the Checkmarx MCP Server?
Connect your Checkmarx One enterprise environment to any AI agent and take programmatic control over your Application Security posture. Analyze deep code flaws through natural chat instead of navigating complex cyber dashboards.
What you can do
- Projects & Applications — Inventory your codebase containers, inspect active project linkages, and prepare specific branches for security scanning
- Scans Lifecycle — Trigger dynamic SAST/SCA security scans on repos, cancel redundant queues, and poll engines for precise execution timing
- Vulnerability Triage — Extract core datasets of severe vulnerabilities, mapping exact lines of code where the flawed logic resides
- Best Fix Location (BFL) — Ask the agent to calculate the exact optimal spot in your execution path to apply a patch that resolves the flaw entirely
- KICS (IaC) — Read specialized Infrastructure as Code metrics isolating misconfigurations exclusively in Terraform, Dockerfiles, or Kubernetes YAML
How it works
- Subscribe to this server
- Provide your Checkmarx One JWT Token
- Uncover code vulnerabilities natively inside Claude, Cursor, or any compatible MCP agent
Who is this for?
- Security Engineers (AppSec) — seamlessly orchestrate vulnerability triage without toggling away from your primary workstation or ticket tracker
- DevOps & Platform Teams — investigate misconfigured KICS results in staging branches actively through the agent before deploying
- Developers — grab the exact Best Fix Location (BFL) for a zero-day issue and ask the LLM to rewrite the sanitization logic instantly
Built-in capabilities (10)
Prevents unnecessary engine resource consumption and drops the scanning context if the developer pushed a new commit overlapping the running job. Cancel an actively running Checkmarx scan
Focuses solely on Terraform, CloudFormation, Kubernetes YAML, and Dockerfile misconfigurations rather than typical application source code flaws. Get specialized Infrastructure as Code (KICS) findings
Essential for ensuring the correct branch and source control context is selected before triggering new scans. Get details for a specific Checkmarx project
It returns granular execution details including which scan engines (SAST, SCA, KICS) were fired, their individual execution timings, and any engine-specific failure reasons. Check the precise status and configuration of a Checkmarx scan
Each result includes the vulnerability severity, state (To Verify, Confirmed, Urgent), description, and the exact lines of code where the flaw was detected. Requires a completed scan ID. Download SAST and security vulnerability findings for a scan
An Application acts as an overarching container for multiple individual microservices or projects, providing aggregated risk reporting and security metric visibility across a logical product. List Checkmarx One Applications
Provide the scan ID and the specific query (rule) ID string. Get Best Fix Location (BFL) for a specific vulnerability node
A Project represents a specific codebase. Includes project metadata, IDs, and assigned application linkages. List all Checkmarx One Projects
Includes the scan ID, current status (Completed, Running, Failed, Canceled), branch targeted, and timestamps. Use the scan ID to fetch the actual vulnerability results. List all historical and active scans for a Checkmarx project
Extensively used in CI/CD integrations to assert security quality on PRs. Returns the ID of the newly queued scan. Trigger a new Checkmarx One code scan
Why Google ADK?
Google ADK natively supports Checkmarx as an MCP tool provider. declare Vinkius Edge URL and the framework handles discovery, validation, and execution automatically. Combine 10 tools with Gemini's long-context reasoning for complex multi-tool workflows, with production-ready session management and evaluation built in.
- —
Google ADK natively supports MCP tool servers. declare a tool provider and the framework handles discovery, validation, and execution
- —
Built on Gemini models, ADK provides long-context reasoning ideal for complex multi-tool workflows with Checkmarx
- —
Production-ready features like session management, evaluation, and deployment come built-in. not bolted on
- —
Seamless integration with Google Cloud services means you can combine Checkmarx tools with BigQuery, Vertex AI, and Cloud Functions
Checkmarx in Google ADK
Why run Checkmarx with Vinkius?
The Checkmarx connection runs on our fully managed, secure cloud infrastructure. We handle the hosting, maintenance, and security so you don't have to deal with servers or code. All 10 tools are ready to work instantly without any complex setup.
You stay in complete control of your data. Your AI only accesses the information you approve, keeping your sensitive passwords and private details completely safe. Plus, with automatic optimizations, your AI works faster and more efficiently.
* Every connection is hosted and maintained by Vinkius. We handle the security, updates, and infrastructure so you don't have to write code or manage servers. See our infrastructure
Over 4,000 integrations ready for AI agents
Explore a vast library of pre-built integrations, optimized and ready to deploy.
Connect securely in under 30 seconds
Generate tokens to authenticate and link external services in a single step.
Complete visibility into every agent action
Audit live requests, latency, success rates, and active security compliance policies.
Optimize spending and track token ROI
Analyze real-time token consumption and cost metrics detailed by connection.
Explore our live AI Agents Analytics dashboard to see it all working
This dashboard is included when you connect Checkmarx using Vinkius. You will never be left in the dark about what your AI agents are doing with your tools.
Checkmarx and 4,000+ other AI tools. No hosting, no code, ready to use.
Professionals who connect Checkmarx to Google ADK through Vinkius don't need to write code, manage servers, or worry about security. Everything is pre-configured, secure, and runs automatically in the background.
Raw MCP | Vinkius | |
|---|---|---|
| Ready-to-use MCPs | Find and configure each manually | 4,000+ MCPs ready to use |
| Connection Setup | Manual coding & server setup | 1-click instant connection |
| Server Hosting | You host it yourself (needs 24/7 uptime) | 100% hosted & managed by Vinkius |
| Security & Privacy | Stored in plaintext config files | Bank-grade encrypted vault |
| Activity Visibility | Blind execution (no logs or tracking) | Live dashboard with real-time logs |
| Cost Control | Runaway AI token spend risk | Automatic budget limits |
| Revoking Access | Must delete files or code to stop | 1-click disconnect button |
How Vinkius secures
Checkmarx for Google ADK
Every request between Google ADK and Checkmarx is protected by our secure gateway. We automatically keep your sensitive data private, prevent unauthorized access, and let you disconnect instantly at any time.
Frequently asked questions
How can the AI help me fix a vulnerability faster?
Once an issue is identified via scan results, ask your agent to pull the 'Best Fix Location' (BFL) using the query ID. Checkmarx mathematically finds the common root code block, and your AI can instantly rewrite that exact block to sanitize the flaw. You save hours tracing code paths.
Can the agent initiate a static code scan independently?
Yes! Tell the agent to 'Run a scan on project ID X targeting the main branch'. It initiates the analysis array natively across Checkmarx One engines. You can poll for completion status later and retrieve the new dataset directly via chat.
Does it segregate AppSec results from Cloud infrastructure flaws?
It does. Application flaws are pulled cleanly via get_scan_results, whereas misconfigurations tied to Docker, Kubernetes, or Terraform limits use a dedicated get_kics_results pipeline. The agent intrinsically separates the context for your DevOps team.
How does Google ADK connect to MCP servers?
Import the MCP toolset class and pass the server URL. ADK discovers and registers all tools automatically, making them available to your agent's tool-use loop.
Can ADK agents use multiple MCP servers?
Yes. Declare multiple MCP tool providers in your agent configuration. ADK merges all tool schemas and the agent can call tools from any server in a single turn.
Which Gemini models work best with MCP tools?
Gemini 2.0 Flash and Pro models both support function calling required for MCP tools. Flash is recommended for latency-sensitive use cases, Pro for complex reasoning.
McpToolset not found
Update: pip install --upgrade google-adk
Explore More MCP Servers
View all →
EZO Asset Intelligence
10 toolsEquip your AI agent to manage fixed assets, track inventory, and monitor checkouts via the EZO.io (EZOfficeInventory) API.
Open-Meteo Weather Forecast
4 toolsGive your AI agent live weather intelligence: 16-day forecasts, current conditions, and hourly breakdowns for any GPS coordinate on Earth — zero API keys required.
PedidosYa
14 toolsAutomate restaurant operations on PedidosYa — manage orders, update menus, request couriers, and track deliveries across Latin America from any AI agent.
Bazaarvoice
10 toolsAnalyze and manage user-generated content via Bazaarvoice — list products, reviews, and customer questions directly from any AI agent.