naftiko: 1.0.0-alpha2 info: label: Checkmarx SAST API — Scans description: 'Checkmarx SAST API — Scans. 4 operations. Lead operation: Checkmarx List all scans. Self-contained Naftiko capability covering one Checkmarx business surface.' tags: - Checkmarx - Scans created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: CHECKMARX_API_KEY: CHECKMARX_API_KEY capability: consumes: - type: http namespace: sast-scans baseUri: https://{checkmarx-server}/cxrestapi description: Checkmarx SAST API — Scans business capability. Self-contained, no shared references. resources: - name: sast-scans path: /sast/scans operations: - name: listscans method: GET description: Checkmarx List all scans outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: projectId in: query type: integer description: Filter scans by project ID - name: scanStatus in: query type: string description: Filter by scan status - name: last in: query type: integer description: Number of most recent scans to return - name: createscan method: POST description: Checkmarx Create a new scan outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: sast-scans-scanId path: /sast/scans/{scanId} operations: - name: getscan method: GET description: Checkmarx Get scan details outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updatescanstatus method: PATCH description: Checkmarx Update scan status outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true authentication: type: bearer token: '{{env.CHECKMARX_API_KEY}}' exposes: - type: rest namespace: sast-scans-rest port: 8080 description: REST adapter for Checkmarx SAST API — Scans. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/sast/scans name: sast-scans description: REST surface for sast-scans. operations: - method: GET name: listscans description: Checkmarx List all scans call: sast-scans.listscans with: projectId: rest.projectId scanStatus: rest.scanStatus last: rest.last outputParameters: - type: object mapping: $. - method: POST name: createscan description: Checkmarx Create a new scan call: sast-scans.createscan with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/sast/scans/{scanid} name: sast-scans-scanid description: REST surface for sast-scans-scanId. operations: - method: GET name: getscan description: Checkmarx Get scan details call: sast-scans.getscan outputParameters: - type: object mapping: $. - method: PATCH name: updatescanstatus description: Checkmarx Update scan status call: sast-scans.updatescanstatus with: body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: sast-scans-mcp port: 9090 transport: http description: MCP adapter for Checkmarx SAST API — Scans. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: checkmarx-list-all-scans description: Checkmarx List all scans hints: readOnly: true destructive: false idempotent: true call: sast-scans.listscans with: projectId: tools.projectId scanStatus: tools.scanStatus last: tools.last outputParameters: - type: object mapping: $. - name: checkmarx-create-new-scan description: Checkmarx Create a new scan hints: readOnly: false destructive: false idempotent: false call: sast-scans.createscan with: body: tools.body outputParameters: - type: object mapping: $. - name: checkmarx-get-scan-details description: Checkmarx Get scan details hints: readOnly: true destructive: false idempotent: true call: sast-scans.getscan outputParameters: - type: object mapping: $. - name: checkmarx-update-scan-status description: Checkmarx Update scan status hints: readOnly: false destructive: false idempotent: true call: sast-scans.updatescanstatus with: body: tools.body outputParameters: - type: object mapping: $.