naftiko: 1.0.0-alpha2
info:
  label: Checkmarx SCA API — Risk Reports
  description: 'Checkmarx SCA API — Risk Reports. 4 operations. Lead operation: Checkmarx Get project risk report. Self-contained
    Naftiko capability covering one Checkmarx business surface.'
  tags:
  - Checkmarx
  - Risk Reports
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    CHECKMARX_API_KEY: CHECKMARX_API_KEY
capability:
  consumes:
  - type: http
    namespace: sca-risk-reports
    baseUri: https://api-sca.checkmarx.net
    description: Checkmarx SCA API — Risk Reports business capability. Self-contained, no shared references.
    resources:
    - name: risk-management-risk-reports-projectId
      path: /risk-management/risk-reports/{projectId}
      operations:
      - name: getriskreport
        method: GET
        description: Checkmarx Get project risk report
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: risk-management-risk-reports-projectId-licenses
      path: /risk-management/risk-reports/{projectId}/licenses
      operations:
      - name: listprojectlicenses
        method: GET
        description: Checkmarx List project licenses
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: risk-management-risk-reports-projectId-packages
      path: /risk-management/risk-reports/{projectId}/packages
      operations:
      - name: listprojectpackages
        method: GET
        description: Checkmarx List project packages
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: risk-management-risk-reports-projectId-vulnerabilities
      path: /risk-management/risk-reports/{projectId}/vulnerabilities
      operations:
      - name: listprojectvulnerabilities
        method: GET
        description: Checkmarx List project vulnerabilities
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    authentication:
      type: bearer
      token: '{{env.CHECKMARX_API_KEY}}'
  exposes:
  - type: rest
    namespace: sca-risk-reports-rest
    port: 8080
    description: REST adapter for Checkmarx SCA API — Risk Reports. One Spectral-compliant resource per consumed operation,
      prefixed with /v1.
    resources:
    - path: /v1/risk-management/risk-reports/{projectid}
      name: risk-management-risk-reports-projectid
      description: REST surface for risk-management-risk-reports-projectId.
      operations:
      - method: GET
        name: getriskreport
        description: Checkmarx Get project risk report
        call: sca-risk-reports.getriskreport
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/risk-management/risk-reports/{projectid}/licenses
      name: risk-management-risk-reports-projectid-licenses
      description: REST surface for risk-management-risk-reports-projectId-licenses.
      operations:
      - method: GET
        name: listprojectlicenses
        description: Checkmarx List project licenses
        call: sca-risk-reports.listprojectlicenses
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/risk-management/risk-reports/{projectid}/packages
      name: risk-management-risk-reports-projectid-packages
      description: REST surface for risk-management-risk-reports-projectId-packages.
      operations:
      - method: GET
        name: listprojectpackages
        description: Checkmarx List project packages
        call: sca-risk-reports.listprojectpackages
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/risk-management/risk-reports/{projectid}/vulnerabilities
      name: risk-management-risk-reports-projectid-vulnerabilities
      description: REST surface for risk-management-risk-reports-projectId-vulnerabilities.
      operations:
      - method: GET
        name: listprojectvulnerabilities
        description: Checkmarx List project vulnerabilities
        call: sca-risk-reports.listprojectvulnerabilities
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: sca-risk-reports-mcp
    port: 9090
    transport: http
    description: MCP adapter for Checkmarx SCA API — Risk Reports. One tool per consumed operation, routed inline through
      this capability's consumes block.
    tools:
    - name: checkmarx-get-project-risk-report
      description: Checkmarx Get project risk report
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: sca-risk-reports.getriskreport
      outputParameters:
      - type: object
        mapping: $.
    - name: checkmarx-list-project-licenses
      description: Checkmarx List project licenses
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: sca-risk-reports.listprojectlicenses
      outputParameters:
      - type: object
        mapping: $.
    - name: checkmarx-list-project-packages
      description: Checkmarx List project packages
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: sca-risk-reports.listprojectpackages
      outputParameters:
      - type: object
        mapping: $.
    - name: checkmarx-list-project-vulnerabilities
      description: Checkmarx List project vulnerabilities
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: sca-risk-reports.listprojectvulnerabilities
      outputParameters:
      - type: object
        mapping: $.