naftiko: 1.0.0-alpha2 info: label: Synopsys Application Security Testing description: Unified application security testing capability combining Synopsys Polaris platform APIs for project management, scan orchestration, security issue tracking, and report generation. Enables DevSecOps teams to automate security testing workflows across SAST, SCA, and IAST testing types. tags: - Synopsys - Application Security Testing - DevSecOps - Static Analysis - Software Composition Analysis - SAST - SCA created: '2026-05-03' modified: '2026-05-06' binds: - namespace: env keys: POLARIS_ACCESS_TOKEN: POLARIS_ACCESS_TOKEN capability: consumes: - type: http namespace: synopsys-polaris baseUri: https://polaris.synopsys.com/api/v1 description: Synopsys Polaris application security testing API. authentication: type: bearer token: '{{POLARIS_ACCESS_TOKEN}}' resources: - name: projects path: /portfolios/projects description: Security project management. operations: - name: list-projects method: GET description: Retrieves a list of application security projects. inputParameters: - name: page in: query type: integer required: false - name: pageSize in: query type: integer required: false - name: filter in: query type: string required: false outputRawFormat: json outputParameters: - name: result type: object value: $. - name: get-project method: GET description: Retrieves details for a specific security project. inputParameters: - name: projectId in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: scans path: /jobs/runs description: Scan run management. operations: - name: list-scans method: GET description: Retrieves a list of scan runs with status and results. inputParameters: - name: projectId in: query type: string required: false - name: branchId in: query type: string required: false - name: status in: query type: string required: false outputRawFormat: json outputParameters: - name: result type: object value: $. - name: issues path: /issues description: Security issue retrieval. operations: - name: list-issues method: GET description: Retrieves security issues found by Polaris scans. inputParameters: - name: projectId in: query type: string required: false - name: branchId in: query type: string required: false - name: severity in: query type: string required: false - name: type in: query type: string required: false - name: page in: query type: integer required: false - name: pageSize in: query type: integer required: false outputRawFormat: json outputParameters: - name: result type: object value: $. - name: get-issue method: GET description: Retrieves details for a specific security issue. inputParameters: - name: issueId in: path type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: reports path: /reports description: Security report generation. operations: - name: generate-report method: POST description: Initiates generation of a security report. inputParameters: - name: projectId in: body type: string required: true - name: format in: body type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. body: type: json data: projectId: '{{tools.projectId}}' format: '{{tools.format}}' exposes: - type: rest port: 8080 namespace: synopsys-appsec-api description: Unified REST API for Synopsys application security testing workflows. resources: - path: /v1/projects name: projects description: Application security project management. operations: - method: GET name: list-projects description: List all application security projects. call: synopsys-polaris.list-projects with: page: rest.page pageSize: rest.pageSize filter: rest.filter outputParameters: - type: object mapping: $. - method: GET name: get-project description: Get details for a specific security project. call: synopsys-polaris.get-project with: projectId: rest.projectId outputParameters: - type: object mapping: $. - path: /v1/scans name: scans description: Security scan management. operations: - method: GET name: list-scans description: List scan runs with status and issue counts. call: synopsys-polaris.list-scans with: projectId: rest.projectId branchId: rest.branchId status: rest.status outputParameters: - type: object mapping: $. - path: /v1/issues name: issues description: Security issues from scans. operations: - method: GET name: list-issues description: List security issues found by Polaris scans. call: synopsys-polaris.list-issues with: projectId: rest.projectId branchId: rest.branchId severity: rest.severity type: rest.type page: rest.page pageSize: rest.pageSize outputParameters: - type: object mapping: $. - method: GET name: get-issue description: Get details for a specific security issue. call: synopsys-polaris.get-issue with: issueId: rest.issueId outputParameters: - type: object mapping: $. - path: /v1/reports name: reports description: Security report generation. operations: - method: POST name: generate-report description: Generate a security report for a project. call: synopsys-polaris.generate-report with: projectId: rest.projectId format: rest.format outputParameters: - type: object mapping: $. - type: mcp port: 9090 namespace: synopsys-appsec-mcp transport: http description: MCP server for AI-assisted application security testing using Synopsys Polaris. tools: - name: list-projects description: List all application security projects in the Synopsys Polaris platform. hints: readOnly: true destructive: false idempotent: true call: synopsys-polaris.list-projects with: page: tools.page pageSize: tools.pageSize filter: tools.filter outputParameters: - type: object mapping: $. - name: get-project description: Get details for a specific Polaris security project including branches. hints: readOnly: true destructive: false idempotent: true call: synopsys-polaris.get-project with: projectId: tools.projectId outputParameters: - type: object mapping: $. - name: list-scans description: List security scan runs for a project or branch with status tracking. hints: readOnly: true destructive: false idempotent: true call: synopsys-polaris.list-scans with: projectId: tools.projectId branchId: tools.branchId status: tools.status outputParameters: - type: object mapping: $. - name: list-issues description: List security issues discovered by Polaris scans, filterable by severity and type. hints: readOnly: true destructive: false idempotent: true call: synopsys-polaris.list-issues with: projectId: tools.projectId branchId: tools.branchId severity: tools.severity type: tools.type page: tools.page pageSize: tools.pageSize outputParameters: - type: object mapping: $. - name: get-issue description: Get full details for a specific security issue including CWE, file path, and line number. hints: readOnly: true destructive: false idempotent: true call: synopsys-polaris.get-issue with: issueId: tools.issueId outputParameters: - type: object mapping: $. - name: generate-security-report description: Generate a security report (PDF, JSON, or CSV) for a Polaris project. hints: readOnly: false destructive: false idempotent: false call: synopsys-polaris.generate-report with: projectId: tools.projectId format: tools.format outputParameters: - type: object mapping: $.