Bring Appsec
to Mastra AI
Create your Vinkius account to connect Checkmarx to Mastra AI and start using all 10 AI tools in minutes. Fully managed, enterprise secure, and ready to use without writing a single line of code. No hosting, no server setup — just connect and start using.
GDPR Free for SubscribersCompatible with every major AI agent and IDE
Gemini
What is the Checkmarx MCP Server?
Connect your Checkmarx One enterprise environment to any AI agent and take programmatic control over your Application Security posture. Analyze deep code flaws through natural chat instead of navigating complex cyber dashboards.
What you can do
- Projects & Applications — Inventory your codebase containers, inspect active project linkages, and prepare specific branches for security scanning
- Scans Lifecycle — Trigger dynamic SAST/SCA security scans on repos, cancel redundant queues, and poll engines for precise execution timing
- Vulnerability Triage — Extract core datasets of severe vulnerabilities, mapping exact lines of code where the flawed logic resides
- Best Fix Location (BFL) — Ask the agent to calculate the exact optimal spot in your execution path to apply a patch that resolves the flaw entirely
- KICS (IaC) — Read specialized Infrastructure as Code metrics isolating misconfigurations exclusively in Terraform, Dockerfiles, or Kubernetes YAML
How it works
- Subscribe to this server
- Provide your Checkmarx One JWT Token
- Uncover code vulnerabilities natively inside Claude, Cursor, or any compatible MCP agent
Who is this for?
- Security Engineers (AppSec) — seamlessly orchestrate vulnerability triage without toggling away from your primary workstation or ticket tracker
- DevOps & Platform Teams — investigate misconfigured KICS results in staging branches actively through the agent before deploying
- Developers — grab the exact Best Fix Location (BFL) for a zero-day issue and ask the LLM to rewrite the sanitization logic instantly
Built-in capabilities (10)
Prevents unnecessary engine resource consumption and drops the scanning context if the developer pushed a new commit overlapping the running job. Cancel an actively running Checkmarx scan
Focuses solely on Terraform, CloudFormation, Kubernetes YAML, and Dockerfile misconfigurations rather than typical application source code flaws. Get specialized Infrastructure as Code (KICS) findings
Essential for ensuring the correct branch and source control context is selected before triggering new scans. Get details for a specific Checkmarx project
It returns granular execution details including which scan engines (SAST, SCA, KICS) were fired, their individual execution timings, and any engine-specific failure reasons. Check the precise status and configuration of a Checkmarx scan
Each result includes the vulnerability severity, state (To Verify, Confirmed, Urgent), description, and the exact lines of code where the flaw was detected. Requires a completed scan ID. Download SAST and security vulnerability findings for a scan
An Application acts as an overarching container for multiple individual microservices or projects, providing aggregated risk reporting and security metric visibility across a logical product. List Checkmarx One Applications
Provide the scan ID and the specific query (rule) ID string. Get Best Fix Location (BFL) for a specific vulnerability node
A Project represents a specific codebase. Includes project metadata, IDs, and assigned application linkages. List all Checkmarx One Projects
Includes the scan ID, current status (Completed, Running, Failed, Canceled), branch targeted, and timestamps. Use the scan ID to fetch the actual vulnerability results. List all historical and active scans for a Checkmarx project
Extensively used in CI/CD integrations to assert security quality on PRs. Returns the ID of the newly queued scan. Trigger a new Checkmarx One code scan
Why Mastra AI?
Mastra's agent abstraction provides a clean separation between LLM logic and Checkmarx tool infrastructure. Connect 10 tools through Vinkius and use Mastra's built-in workflow engine to chain tool calls with conditional logic, retries, and parallel execution. deployable to any Node.js host in one command.
- —
Mastra's agent abstraction provides a clean separation between LLM logic and tool infrastructure. add Checkmarx without touching business code
- —
Built-in workflow engine chains MCP tool calls with conditional logic, retries, and parallel execution for complex automation
- —
TypeScript-native: full type inference for every Checkmarx tool response with IDE autocomplete and compile-time checks
- —
One-command deployment to any Node.js host. Vercel, Railway, Fly.io, or your own infrastructure
Checkmarx in Mastra AI
Why run Checkmarx with Vinkius?
The Checkmarx connection runs on our fully managed, secure cloud infrastructure. We handle the hosting, maintenance, and security so you don't have to deal with servers or code. All 10 tools are ready to work instantly without any complex setup.
You stay in complete control of your data. Your AI only accesses the information you approve, keeping your sensitive passwords and private details completely safe. Plus, with automatic optimizations, your AI works faster and more efficiently.
* Every connection is hosted and maintained by Vinkius. We handle the security, updates, and infrastructure so you don't have to write code or manage servers. See our infrastructure
Over 4,000 integrations ready for AI agents
Explore a vast library of pre-built integrations, optimized and ready to deploy.
Connect securely in under 30 seconds
Generate tokens to authenticate and link external services in a single step.
Complete visibility into every agent action
Audit live requests, latency, success rates, and active security compliance policies.
Optimize spending and track token ROI
Analyze real-time token consumption and cost metrics detailed by connection.
Explore our live AI Agents Analytics dashboard to see it all working
This dashboard is included when you connect Checkmarx using Vinkius. You will never be left in the dark about what your AI agents are doing with your tools.
Checkmarx and 4,000+ other AI tools. No hosting, no code, ready to use.
Professionals who connect Checkmarx to Mastra AI through Vinkius don't need to write code, manage servers, or worry about security. Everything is pre-configured, secure, and runs automatically in the background.
Raw MCP | Vinkius | |
|---|---|---|
| Ready-to-use MCPs | Find and configure each manually | 4,000+ MCPs ready to use |
| Connection Setup | Manual coding & server setup | 1-click instant connection |
| Server Hosting | You host it yourself (needs 24/7 uptime) | 100% hosted & managed by Vinkius |
| Security & Privacy | Stored in plaintext config files | Bank-grade encrypted vault |
| Activity Visibility | Blind execution (no logs or tracking) | Live dashboard with real-time logs |
| Cost Control | Runaway AI token spend risk | Automatic budget limits |
| Revoking Access | Must delete files or code to stop | 1-click disconnect button |
How Vinkius secures
Checkmarx for Mastra AI
Every request between Mastra AI and Checkmarx is protected by our secure gateway. We automatically keep your sensitive data private, prevent unauthorized access, and let you disconnect instantly at any time.
Frequently asked questions
How can the AI help me fix a vulnerability faster?
Once an issue is identified via scan results, ask your agent to pull the 'Best Fix Location' (BFL) using the query ID. Checkmarx mathematically finds the common root code block, and your AI can instantly rewrite that exact block to sanitize the flaw. You save hours tracing code paths.
Can the agent initiate a static code scan independently?
Yes! Tell the agent to 'Run a scan on project ID X targeting the main branch'. It initiates the analysis array natively across Checkmarx One engines. You can poll for completion status later and retrieve the new dataset directly via chat.
Does it segregate AppSec results from Cloud infrastructure flaws?
It does. Application flaws are pulled cleanly via get_scan_results, whereas misconfigurations tied to Docker, Kubernetes, or Terraform limits use a dedicated get_kics_results pipeline. The agent intrinsically separates the context for your DevOps team.
How does Mastra AI connect to MCP servers?
Create an MCPClient with the server URL and pass it to your agent. Mastra discovers all tools and makes them available with full TypeScript types.
Can Mastra agents use tools from multiple servers?
Yes. Pass multiple MCP clients to the agent constructor. Mastra merges all tool schemas and the agent can call any tool from any server.
Does Mastra support workflow orchestration?
Yes. Mastra has a built-in workflow engine that lets you chain MCP tool calls with branching logic, error handling, and parallel execution.
createMCPClient not exported
Install: npm install @mastra/mcp
Explore More MCP Servers
View all →
NOAA Space Weather — Solar & Geomagnetic Intelligence
6 toolsReal-time space weather intelligence: planetary Kp geomagnetic index, 3-day Kp forecast, solar wind speed and magnetic field, aurora probability forecast (Ovation model), solar flux (F10.7), and Dst storm index from NOAA SWPC.
BrasilAPI
6 toolsAccess Brazilian institutional data — audit CEP, CNPJ, and banks via AI.
Business Timezone & Holiday Scheduler
2 toolsEradicate LLM scheduling errors. Calculate exact business days skipping global public holidays and convert precise timezones flawlessly.
LawPay
12 toolsAccept legal payments online with trust and operating account compliance that meets bar association requirements for law firms.