naftiko: 1.0.0-alpha2 info: label: Vanta API — Vulnerabilities description: 'Vanta API — Vulnerabilities. 5 operations. Lead operation: List API Endpoint Vulnerabilities. Self-contained Naftiko capability covering one Vanta business surface.' tags: - Vanta - Vulnerabilities created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: VANTA_API_KEY: VANTA_API_KEY capability: consumes: - type: http namespace: vanta-vulnerabilities baseUri: https://api.vanta.com description: Vanta API — Vulnerabilities business capability. Self-contained, no shared references. resources: - name: v1-resources-api_endpoint_vulnerability_connectors path: /v1/resources/api_endpoint_vulnerability_connectors operations: - name: listapiendpointvulnerabilities method: GET description: List API Endpoint Vulnerabilities outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: resourceId in: query type: string description: Vanta generated identifier for the given resource required: true - name: syncapiendpointvulnerabilities method: PUT description: Sync API Endpoint Vulnerabilities outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: v1-resources-package_vulnerability_connectors path: /v1/resources/package_vulnerability_connectors operations: - name: listpackagevulnerabilities method: GET description: List Package Vulnerabilities outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: resourceId in: query type: string description: Vanta generated identifier for the given resource required: true - name: v1-resources-vulnerable_component path: /v1/resources/vulnerable_component operations: - name: listvulnerablecomponents method: GET description: List Vulnerable Components outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: resourceId in: query type: string description: Vanta generated identifier for the given resource required: true - name: v1-vulnerabilities path: /v1/vulnerabilities operations: - name: listvulnerabilities method: GET description: Get Vulnerabilities outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: severity in: query type: string description: Filter by vulnerability severity - name: status in: query type: string description: Filter by remediation status authentication: type: bearer token: '{{env.VANTA_API_KEY}}' exposes: - type: rest namespace: vanta-vulnerabilities-rest port: 8080 description: REST adapter for Vanta API — Vulnerabilities. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/v1/resources/api-endpoint-vulnerability-connectors name: v1-resources-api-endpoint-vulnerability-connectors description: REST surface for v1-resources-api_endpoint_vulnerability_connectors. operations: - method: GET name: listapiendpointvulnerabilities description: List API Endpoint Vulnerabilities call: vanta-vulnerabilities.listapiendpointvulnerabilities with: resourceId: rest.resourceId outputParameters: - type: object mapping: $. - method: PUT name: syncapiendpointvulnerabilities description: Sync API Endpoint Vulnerabilities call: vanta-vulnerabilities.syncapiendpointvulnerabilities with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/v1/resources/package-vulnerability-connectors name: v1-resources-package-vulnerability-connectors description: REST surface for v1-resources-package_vulnerability_connectors. operations: - method: GET name: listpackagevulnerabilities description: List Package Vulnerabilities call: vanta-vulnerabilities.listpackagevulnerabilities with: resourceId: rest.resourceId outputParameters: - type: object mapping: $. - path: /v1/v1/resources/vulnerable-component name: v1-resources-vulnerable-component description: REST surface for v1-resources-vulnerable_component. operations: - method: GET name: listvulnerablecomponents description: List Vulnerable Components call: vanta-vulnerabilities.listvulnerablecomponents with: resourceId: rest.resourceId outputParameters: - type: object mapping: $. - path: /v1/v1/vulnerabilities name: v1-vulnerabilities description: REST surface for v1-vulnerabilities. operations: - method: GET name: listvulnerabilities description: Get Vulnerabilities call: vanta-vulnerabilities.listvulnerabilities with: severity: rest.severity status: rest.status outputParameters: - type: object mapping: $. - type: mcp namespace: vanta-vulnerabilities-mcp port: 9090 transport: http description: MCP adapter for Vanta API — Vulnerabilities. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: list-api-endpoint-vulnerabilities description: List API Endpoint Vulnerabilities hints: readOnly: true destructive: false idempotent: true call: vanta-vulnerabilities.listapiendpointvulnerabilities with: resourceId: tools.resourceId outputParameters: - type: object mapping: $. - name: sync-api-endpoint-vulnerabilities description: Sync API Endpoint Vulnerabilities hints: readOnly: false destructive: false idempotent: true call: vanta-vulnerabilities.syncapiendpointvulnerabilities with: body: tools.body outputParameters: - type: object mapping: $. - name: list-package-vulnerabilities description: List Package Vulnerabilities hints: readOnly: true destructive: false idempotent: true call: vanta-vulnerabilities.listpackagevulnerabilities with: resourceId: tools.resourceId outputParameters: - type: object mapping: $. - name: list-vulnerable-components description: List Vulnerable Components hints: readOnly: true destructive: false idempotent: true call: vanta-vulnerabilities.listvulnerablecomponents with: resourceId: tools.resourceId outputParameters: - type: object mapping: $. - name: get-vulnerabilities description: Get Vulnerabilities hints: readOnly: true destructive: false idempotent: true call: vanta-vulnerabilities.listvulnerabilities with: severity: tools.severity status: tools.status outputParameters: - type: object mapping: $.