How can the AI help me fix a vulnerability faster?

Once an issue is identified via scan results, ask your agent to pull the 'Best Fix Location' (BFL) using the query ID. Checkmarx mathematically finds the common root code block, and your AI can instantly rewrite that exact block to sanitize the flaw. You save hours tracing code paths.

Can the agent initiate a static code scan independently?

Yes! Tell the agent to 'Run a scan on project ID X targeting the main branch'. It initiates the analysis array natively across Checkmarx One engines. You can poll for completion status later and retrieve the new dataset directly via chat.

Does it segregate AppSec results from Cloud infrastructure flaws?

It does. Application flaws are pulled cleanly via `get_scan_results`, whereas misconfigurations tied to Docker, Kubernetes, or Terraform limits use a dedicated `get_kics_results` pipeline. The agent intrinsically separates the context for your DevOps team.

Checkmarx MCP Server

Name: Checkmarx
Availability: InStock
Author: Vinkius

checkmarx.com

Built by Vinkius GDPR ToolsFree

Automate AppSec via Checkmarx One — trigger core scans, analyze vulnerabilities, discover Best Fix Locations (BFL), and monitor KICS results.

Vinkius AI Gateway supports streamable HTTP and SSE.

Works with every AI agent you already use

…and any MCP-compatible client

Checkmarx MCP Server: see your AI Agent in action

AI Agent→Vinkius→Checkmarx

You

Vinkius AI Gateway

GDPR·High Security·Kill Switch·Ultra-Low Latency·Plug and Play

Built-in capabilities (10)

cancel_scan

Prevents unnecessary engine resource consumption and drops the scanning context if the developer pushed a new commit overlapping the running job. Cancel an actively running Checkmarx scan

get_kics_results

Focuses solely on Terraform, CloudFormation, Kubernetes YAML, and Dockerfile misconfigurations rather than typical application source code flaws. Get specialized Infrastructure as Code (KICS) findings

get_project

Essential for ensuring the correct branch and source control context is selected before triggering new scans. Get details for a specific Checkmarx project

get_scan_details

It returns granular execution details including which scan engines (SAST, SCA, KICS) were fired, their individual execution timings, and any engine-specific failure reasons. Check the precise status and configuration of a Checkmarx scan

get_scan_results

Each result includes the vulnerability severity, state (To Verify, Confirmed, Urgent), description, and the exact lines of code where the flaw was detected. Requires a completed scan ID. Download SAST and security vulnerability findings for a scan

list_applications

An Application acts as an overarching container for multiple individual microservices or projects, providing aggregated risk reporting and security metric visibility across a logical product. List Checkmarx One Applications

list_bfl

Provide the scan ID and the specific query (rule) ID string. Get Best Fix Location (BFL) for a specific vulnerability node

list_projects

A Project represents a specific codebase. Includes project metadata, IDs, and assigned application linkages. List all Checkmarx One Projects

list_scans

Includes the scan ID, current status (Completed, Running, Failed, Canceled), branch targeted, and timestamps. Use the scan ID to fetch the actual vulnerability results. List all historical and active scans for a Checkmarx project

run_scan

Extensively used in CI/CD integrations to assert security quality on PRs. Returns the ID of the newly queued scan. Trigger a new Checkmarx One code scan

What this connector unlocks

Connect your Checkmarx One enterprise environment to any AI agent and take programmatic control over your Application Security posture. Analyze deep code flaws through natural chat instead of navigating complex cyber dashboards.

What you can do

Projects & Applications — Inventory your codebase containers, inspect active project linkages, and prepare specific branches for security scanning
Scans Lifecycle — Trigger dynamic SAST/SCA security scans on repos, cancel redundant queues, and poll engines for precise execution timing
Vulnerability Triage — Extract core datasets of severe vulnerabilities, mapping exact lines of code where the flawed logic resides
Best Fix Location (BFL) — Ask the agent to calculate the exact optimal spot in your execution path to apply a patch that resolves the flaw entirely
KICS (IaC) — Read specialized Infrastructure as Code metrics isolating misconfigurations exclusively in Terraform, Dockerfiles, or Kubernetes YAML

How it works

1. Subscribe to this server
2. Provide your Checkmarx One JWT Token
3. Uncover code vulnerabilities natively inside Claude, Cursor, or any compatible MCP agent

Who is this for?

Security Engineers (AppSec) — seamlessly orchestrate vulnerability triage without toggling away from your primary workstation or ticket tracker
DevOps & Platform Teams — investigate misconfigured KICS results in staging branches actively through the agent before deploying
Developers — grab the exact Best Fix Location (BFL) for a zero-day issue and ask the LLM to rewrite the sanitization logic instantly

Frequently asked questions

Give your AI agents the power of Checkmarx

Access Checkmarx and 2,000+ MCP servers — ready for your agents to use, right now. No glue code. No custom integrations. Just plug Vinkius AI Gateway and let your agents work.

DETAILS

CategoryFort Knox

Ping Identity

10 tools

Manage PingOne user identities, applications, groups, risk policies, and sign-on flows autonomously via AI.

Clerk

8 tools

Manage authentication and users via Clerk — track active sessions, monitor organizations, and manage invitations directly from any AI agent.

Plaid Enterprise Banking

10 tools

Ultimate Open Banking: balances, transactions, ML fraud logic, payroll, and asset verification.

Gainsight PX

12 tools

Manage product experience, track user behavior, and oversee engagements via AI agents with Gainsight PX.

Atlan

6 tools

Search and discover data assets, business glossaries, classifications, policies, and personas directly via your AI agent.

KPA Flex

10 tools

Manage EHS compliance — list inspections, audit employees, and search reports.