naftiko: 1.0.0-alpha2 info: label: Fortify on Demand API — DAST Automated Scans description: 'Fortify on Demand API — DAST Automated Scans. 4 operations. Lead operation: Fortify Save DAST automated OpenAPI scan setup. Self-contained Naftiko capability covering one Fortify business surface.' tags: - Fortify - DAST Automated Scans created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: FORTIFY_API_KEY: FORTIFY_API_KEY capability: consumes: - type: http namespace: on-demand-dast-automated-scans baseUri: https://api.ams.fortify.com description: Fortify on Demand API — DAST Automated Scans business capability. Self-contained, no shared references. resources: - name: api-v3-releases-releaseId-dast-automated-scans-openapi-scan-setup path: /api/v3/releases/{releaseId}/dast-automated-scans/openapi-scan-setup operations: - name: savedastautomatedopenapiscansetup method: PUT description: Fortify Save DAST automated OpenAPI scan setup outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-v3-releases-releaseId-dast-automated-scans-scan-setup path: /api/v3/releases/{releaseId}/dast-automated-scans/scan-setup operations: - name: getdastautomatedscansetup method: GET description: Fortify Get DAST automated scan setup outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-v3-releases-releaseId-dast-automated-scans-start-scan path: /api/v3/releases/{releaseId}/dast-automated-scans/start-scan operations: - name: startdastautomatedscan method: POST description: Fortify Start DAST automated scan outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: networkName in: query type: string description: Name of the Fortify on Demand Connect network to use for scanning - name: api-v3-releases-releaseId-dast-automated-scans-website-scan-setup path: /api/v3/releases/{releaseId}/dast-automated-scans/website-scan-setup operations: - name: savedastautomatedwebsitescansetup method: PUT description: Fortify Save DAST automated website scan setup outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true authentication: type: bearer token: '{{env.FORTIFY_API_KEY}}' exposes: - type: rest namespace: on-demand-dast-automated-scans-rest port: 8080 description: REST adapter for Fortify on Demand API — DAST Automated Scans. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/api/v3/releases/{releaseid}/dast-automated-scans/openapi-scan-setup name: api-v3-releases-releaseid-dast-automated-scans-openapi-scan-setup description: REST surface for api-v3-releases-releaseId-dast-automated-scans-openapi-scan-setup. operations: - method: PUT name: savedastautomatedopenapiscansetup description: Fortify Save DAST automated OpenAPI scan setup call: on-demand-dast-automated-scans.savedastautomatedopenapiscansetup with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/v3/releases/{releaseid}/dast-automated-scans/scan-setup name: api-v3-releases-releaseid-dast-automated-scans-scan-setup description: REST surface for api-v3-releases-releaseId-dast-automated-scans-scan-setup. operations: - method: GET name: getdastautomatedscansetup description: Fortify Get DAST automated scan setup call: on-demand-dast-automated-scans.getdastautomatedscansetup outputParameters: - type: object mapping: $. - path: /v1/api/v3/releases/{releaseid}/dast-automated-scans/start-scan name: api-v3-releases-releaseid-dast-automated-scans-start-scan description: REST surface for api-v3-releases-releaseId-dast-automated-scans-start-scan. operations: - method: POST name: startdastautomatedscan description: Fortify Start DAST automated scan call: on-demand-dast-automated-scans.startdastautomatedscan with: networkName: rest.networkName outputParameters: - type: object mapping: $. - path: /v1/api/v3/releases/{releaseid}/dast-automated-scans/website-scan-setup name: api-v3-releases-releaseid-dast-automated-scans-website-scan-setup description: REST surface for api-v3-releases-releaseId-dast-automated-scans-website-scan-setup. operations: - method: PUT name: savedastautomatedwebsitescansetup description: Fortify Save DAST automated website scan setup call: on-demand-dast-automated-scans.savedastautomatedwebsitescansetup with: body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: on-demand-dast-automated-scans-mcp port: 9090 transport: http description: MCP adapter for Fortify on Demand API — DAST Automated Scans. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: fortify-save-dast-automated-openapi description: Fortify Save DAST automated OpenAPI scan setup hints: readOnly: false destructive: false idempotent: true call: on-demand-dast-automated-scans.savedastautomatedopenapiscansetup with: body: tools.body outputParameters: - type: object mapping: $. - name: fortify-get-dast-automated-scan description: Fortify Get DAST automated scan setup hints: readOnly: true destructive: false idempotent: true call: on-demand-dast-automated-scans.getdastautomatedscansetup outputParameters: - type: object mapping: $. - name: fortify-start-dast-automated-scan description: Fortify Start DAST automated scan hints: readOnly: false destructive: false idempotent: false call: on-demand-dast-automated-scans.startdastautomatedscan with: networkName: tools.networkName outputParameters: - type: object mapping: $. - name: fortify-save-dast-automated-website description: Fortify Save DAST automated website scan setup hints: readOnly: false destructive: false idempotent: true call: on-demand-dast-automated-scans.savedastautomatedwebsitescansetup with: body: tools.body outputParameters: - type: object mapping: $.