Checkmarx
БесплатноНе проверенThe Checkmarx Security MCP server bridges your AI assistant (Claude, Cursor, Copilot, etc.) with Checkmarx One's enterprise application security platform. It ex
Описание
The Checkmarx Security MCP server bridges your AI assistant (Claude, Cursor, Copilot, etc.) with Checkmarx One's enterprise application security platform. It exposes security workflows as natural-language-accessible MCP tools, allowing developers to scan code, investigate findings, and receive context-aware fixes without leaving their development environment.
README
The Checkmarx Security MCP (Model Context Protocol) server that connects AI coding assistants to Checkmarx One — enabling real-time security scanning, vulnerability management, and AI-generated remediation directly inside your IDE or AI agent.
Table of Contents
Overview
The Checkmarx Security MCP server bridges your AI assistant (Claude, Cursor, Copilot, etc.) with Checkmarx One's enterprise application security platform. It exposes security workflows as natural-language-accessible MCP tools, allowing developers to scan code, investigate findings, and receive context-aware fixes without leaving their development environment.
Supported scan engines:
- SAST — Static Application Security Testing (30+ languages)
- SCA — Software Composition Analysis (open-source dependencies)
- KICS — Infrastructure as Code security (Terraform, CloudFormation, Kubernetes, Dockerfile)
- Secret Detection — Hardcoded credentials, API keys, tokens
Supported transport protocols
Multi-protocol support to facilitate secure and efficient communication between clients and the server:
stdio: Standard input/output for CLI or embedded agentssse(Server-Sent Events): For real-time streaming to web-based clientshttpstreamableHttp: HTTP-compatible protocol for stream-based messaging
Features
| Category | Capabilities |
|---|---|
| Scanning | Plan, trigger, and monitor multi-engine security scans (CLI or API mode) |
| Findings | List, filter, and inspect vulnerabilities with severity and state tracking |
| Remediation | AI-generated fixes for code vulnerabilities, insecure packages, and container images |
| Project Management | Create, configure, and search Checkmarx One projects |
| Application Management | Group projects into applications and get org-wide security metrics |
| Analytics | Tenant-wide vulnerability summaries, risk scores, and time-windowed trends |
| Supply Chain | Detect malicious npm/Maven/PyPI/Go/NuGet packages via Dustico integration |
| Enterprise Auth | JWT (JWKS-verified), OAuth2 token exchange, Redis session caching |
| Observability | Structured logging (zerolog), OpenTelemetry tracing |
Authentication
The server uses API Key and OAuth2 authentication.
API Key Authentication
- Clients authenticate to Checkmarx One and get an API key.
- This API key will be used during MCP client configuration, include the API Key in the
Authorizationheader as mentioned in the MCP Client Configuration section.
OAuth2 Authentication
Checkmarx MCP supports Dynamic Client Registration (DCR) flow allows an AI client (such as Cursor or Claude Desktop) to connect securely.
- User only needs to configure the MCP client as mentioned in the MCP Client Configuration section.
- When the client attempts to connect to the MCP server, it will be redirected to Checkmarx One login page for authentication.
- Once authentication is successful with valid Checkmarx credentials, the MCP client can use the tools provided by the MCP server.
Note: You required valid Checkmarx credentials to get the API Key or connect to the MCP server.
Refer Authentication for detailed authentication instructions and troubleshooting.
MCP Client Configuration
Prerequisites
- A Checkmarx One tenant
- Checkmarx API Host
- API Key (with required access if using API key authentication)
JSON Configuration
Below are examples to add the server to your MCP client configuration. See the examples/ folder for ready-to-use client config files.
Windsurf IDE
API Key Authentication:
{
"mcpServers": {
"Checkmarx": {
"serverUrl": "https://{api_host}/api/security-mcp/mcp/{tenant}",
"headers": {
"cx-origin": "Windsurf",
"Authorization": "API_KEY"
}
}
}
}
OAuth2 Authentication
{
"mcpServers": {
"Checkmarx": {
"serverUrl": "https://{api_host}/api/security-mcp/mcp/{tenant}"
}
}
}
Claude Desktop / Claude Code
API Key Authentication:
{
"mcpServers": {
"Checkmarx": {
"type": "http",
"url": "https://{api_host}/api/security-mcp/mcp/{tenant}",
"headers": {
"Authorization": "<API_KEY>"
}
}
}
}
Available Tools
Refer usage for detail information.
Scanning
| Tool | Description |
|---|---|
planScan |
Recommend scan engines based on the project |
triggerScan |
Start a scan (CLI for local code, API for repository URL) |
getScanDetails |
Get scan status, progress, and severity summary |
getLatestScans |
Retrieve recent scans for a project |
listScans |
List scans with status, date, and branch filters |
listFindings |
List vulnerabilities from a scan with severity filtering |
getFindingDetails |
Get detailed information for a specific finding |
Project management
| Tool | Description |
|---|---|
resolveProject |
Look up a project by name |
createProject |
Create a new Checkmarx One project |
listProjects |
Browse or search all projects |
getProjectConfig |
Get full project configuration |
Application management
| Tool | Description |
|---|---|
listApplications |
Browse or search applications |
createApplication |
Create a new application |
getApplicationDetails |
Get application details by ID |
associateProject |
Link projects to an application |
Analytics & risk
| Tool | Description |
|---|---|
getTenantVulnerabilitiesSummary |
Returns org-wide severity counts by engine over a time window (trends). |
Remediation
| Tool | Description |
|---|---|
codeRemediation |
Provides fixes for code-level issues: SAST, secrets, and IaC misconfigurations. |
packageRemediation |
Analyzes and remediates a specific vulnerable or malicious package/dependency. |
imageRemediation |
Provides remediation for container image CVEs and safer base-image alternatives. |
License
Apache 2.0 — see LICENSE for details.
Contributing
See CONTRIBUTING.md for development setup, module architecture, and contribution guidelines.
Website: Checkmarx.
© 2026 Checkmarx Ltd. All Rights Reserved.
Установка Checkmarx
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/Checkmarx/cx-agentic-aiFAQ
Checkmarx MCP бесплатный?
Да, Checkmarx MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Checkmarx?
Нет, Checkmarx работает без API-ключей и переменных окружения.
Checkmarx — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить Checkmarx в Claude Desktop, Claude Code или Cursor?
Открой Checkmarx на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
GitHub
PRs, issues, code search, CI status
автор: GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
автор: mcpdotdirectCompare Checkmarx with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории development
