naftiko: 1.0.0-alpha2 info: label: Fortify ScanCentral DAST API — Scans description: 'Fortify ScanCentral DAST API — Scans. 8 operations. Lead operation: Fortify List scans. Self-contained Naftiko capability covering one Fortify business surface.' tags: - Fortify - Scans created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: FORTIFY_API_KEY: FORTIFY_API_KEY capability: consumes: - type: http namespace: scancentral-dast-scans baseUri: '' description: Fortify ScanCentral DAST API — Scans business capability. Self-contained, no shared references. resources: - name: scans path: /scans operations: - name: listscans method: GET description: Fortify List scans outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: status in: query type: string description: Filter by scan status - name: scanSettingsId in: query type: string description: Filter by scan settings identifier - name: orderBy in: query type: string description: Field to sort results by - name: orderByDirection in: query type: string description: Sort direction - name: scans-start-scan path: /scans/start-scan operations: - name: startscan method: POST description: Fortify Start scan outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: scans-start-scan-cicd path: /scans/start-scan-cicd operations: - name: startscancicd method: POST description: Fortify Start scan from CI/CD outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: scans-scanId path: /scans/{scanId} operations: - name: getscan method: GET description: Fortify Get scan outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deletescan method: DELETE description: Fortify Delete scan outputRawFormat: json outputParameters: - name: result type: object value: $. - name: scans-scanId-action path: /scans/{scanId}/action operations: - name: performscanaction method: POST description: Fortify Perform scan action outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: scans-scanId-scan-log path: /scans/{scanId}/scan-log operations: - name: getscanlog method: GET description: Fortify Get scan log outputRawFormat: json outputParameters: - name: result type: object value: $. - name: scans-scanId-scan-summary path: /scans/{scanId}/scan-summary operations: - name: getscansummary method: GET description: Fortify Get scan summary outputRawFormat: json outputParameters: - name: result type: object value: $. authentication: type: apikey key: Authorization value: '{{env.FORTIFY_API_KEY}}' placement: header exposes: - type: rest namespace: scancentral-dast-scans-rest port: 8080 description: REST adapter for Fortify ScanCentral DAST API — Scans. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/scans name: scans description: REST surface for scans. operations: - method: GET name: listscans description: Fortify List scans call: scancentral-dast-scans.listscans with: status: rest.status scanSettingsId: rest.scanSettingsId orderBy: rest.orderBy orderByDirection: rest.orderByDirection outputParameters: - type: object mapping: $. - path: /v1/scans/start-scan name: scans-start-scan description: REST surface for scans-start-scan. operations: - method: POST name: startscan description: Fortify Start scan call: scancentral-dast-scans.startscan with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/scans/start-scan-cicd name: scans-start-scan-cicd description: REST surface for scans-start-scan-cicd. operations: - method: POST name: startscancicd description: Fortify Start scan from CI/CD call: scancentral-dast-scans.startscancicd with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/scans/{scanid} name: scans-scanid description: REST surface for scans-scanId. operations: - method: GET name: getscan description: Fortify Get scan call: scancentral-dast-scans.getscan outputParameters: - type: object mapping: $. - method: DELETE name: deletescan description: Fortify Delete scan call: scancentral-dast-scans.deletescan outputParameters: - type: object mapping: $. - path: /v1/scans/{scanid}/action name: scans-scanid-action description: REST surface for scans-scanId-action. operations: - method: POST name: performscanaction description: Fortify Perform scan action call: scancentral-dast-scans.performscanaction with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/scans/{scanid}/scan-log name: scans-scanid-scan-log description: REST surface for scans-scanId-scan-log. operations: - method: GET name: getscanlog description: Fortify Get scan log call: scancentral-dast-scans.getscanlog outputParameters: - type: object mapping: $. - path: /v1/scans/{scanid}/scan-summary name: scans-scanid-scan-summary description: REST surface for scans-scanId-scan-summary. operations: - method: GET name: getscansummary description: Fortify Get scan summary call: scancentral-dast-scans.getscansummary outputParameters: - type: object mapping: $. - type: mcp namespace: scancentral-dast-scans-mcp port: 9090 transport: http description: MCP adapter for Fortify ScanCentral DAST API — Scans. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: fortify-list-scans description: Fortify List scans hints: readOnly: true destructive: false idempotent: true call: scancentral-dast-scans.listscans with: status: tools.status scanSettingsId: tools.scanSettingsId orderBy: tools.orderBy orderByDirection: tools.orderByDirection outputParameters: - type: object mapping: $. - name: fortify-start-scan description: Fortify Start scan hints: readOnly: false destructive: false idempotent: false call: scancentral-dast-scans.startscan with: body: tools.body outputParameters: - type: object mapping: $. - name: fortify-start-scan-ci-cd description: Fortify Start scan from CI/CD hints: readOnly: false destructive: false idempotent: false call: scancentral-dast-scans.startscancicd with: body: tools.body outputParameters: - type: object mapping: $. - name: fortify-get-scan description: Fortify Get scan hints: readOnly: true destructive: false idempotent: true call: scancentral-dast-scans.getscan outputParameters: - type: object mapping: $. - name: fortify-delete-scan description: Fortify Delete scan hints: readOnly: false destructive: true idempotent: true call: scancentral-dast-scans.deletescan outputParameters: - type: object mapping: $. - name: fortify-perform-scan-action description: Fortify Perform scan action hints: readOnly: false destructive: false idempotent: false call: scancentral-dast-scans.performscanaction with: body: tools.body outputParameters: - type: object mapping: $. - name: fortify-get-scan-log description: Fortify Get scan log hints: readOnly: true destructive: false idempotent: true call: scancentral-dast-scans.getscanlog outputParameters: - type: object mapping: $. - name: fortify-get-scan-summary description: Fortify Get scan summary hints: readOnly: true destructive: false idempotent: true call: scancentral-dast-scans.getscansummary outputParameters: - type: object mapping: $.