naftiko: 1.0.0-alpha2 info: label: Fortify ScanCentral DAST API — CI/CD description: 'Fortify ScanCentral DAST API — CI/CD. 3 operations. Lead operation: Fortify Get CI/CD token. Self-contained Naftiko capability covering one Fortify business surface.' tags: - Fortify - CI/CD created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: FORTIFY_API_KEY: FORTIFY_API_KEY capability: consumes: - type: http namespace: scancentral-dast-ci-cd baseUri: '' description: Fortify ScanCentral DAST API — CI/CD business capability. Self-contained, no shared references. resources: - name: scan-settings-scanSettingsId-cicd-token path: /scan-settings/{scanSettingsId}/cicd-token operations: - name: getscansettingscicdtoken method: GET description: Fortify Get CI/CD token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: scanSettingsId in: path type: string description: Unique identifier of the scan settings required: true - name: regeneratescansettingscicdtoken method: POST description: Fortify Regenerate CI/CD token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: scanSettingsId in: path type: string description: Unique identifier of the scan settings required: true - name: scans-start-scan-cicd path: /scans/start-scan-cicd operations: - name: startscancicd method: POST description: Fortify Start scan from CI/CD outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true authentication: type: apikey key: Authorization value: '{{env.FORTIFY_API_KEY}}' placement: header exposes: - type: rest namespace: scancentral-dast-ci-cd-rest port: 8080 description: REST adapter for Fortify ScanCentral DAST API — CI/CD. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/scan-settings/{scansettingsid}/cicd-token name: scan-settings-scansettingsid-cicd-token description: REST surface for scan-settings-scanSettingsId-cicd-token. operations: - method: GET name: getscansettingscicdtoken description: Fortify Get CI/CD token call: scancentral-dast-ci-cd.getscansettingscicdtoken with: scanSettingsId: rest.scanSettingsId outputParameters: - type: object mapping: $. - method: POST name: regeneratescansettingscicdtoken description: Fortify Regenerate CI/CD token call: scancentral-dast-ci-cd.regeneratescansettingscicdtoken with: scanSettingsId: rest.scanSettingsId outputParameters: - type: object mapping: $. - path: /v1/scans/start-scan-cicd name: scans-start-scan-cicd description: REST surface for scans-start-scan-cicd. operations: - method: POST name: startscancicd description: Fortify Start scan from CI/CD call: scancentral-dast-ci-cd.startscancicd with: body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: scancentral-dast-ci-cd-mcp port: 9090 transport: http description: MCP adapter for Fortify ScanCentral DAST API — CI/CD. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: fortify-get-ci-cd-token description: Fortify Get CI/CD token hints: readOnly: true destructive: false idempotent: true call: scancentral-dast-ci-cd.getscansettingscicdtoken with: scanSettingsId: tools.scanSettingsId outputParameters: - type: object mapping: $. - name: fortify-regenerate-ci-cd-token description: Fortify Regenerate CI/CD token hints: readOnly: false destructive: false idempotent: false call: scancentral-dast-ci-cd.regeneratescansettingscicdtoken with: scanSettingsId: tools.scanSettingsId outputParameters: - type: object mapping: $. - name: fortify-start-scan-ci-cd description: Fortify Start scan from CI/CD hints: readOnly: false destructive: false idempotent: false call: scancentral-dast-ci-cd.startscancicd with: body: tools.body outputParameters: - type: object mapping: $.