naftiko: 1.0.0-alpha2 info: label: Veracode Findings REST API — Findings description: 'Veracode Findings REST API — Findings. 3 operations. Lead operation: List Findings. Self-contained Naftiko capability covering one Veracode business surface.' tags: - Veracode - Findings created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: VERACODE_API_KEY: VERACODE_API_KEY capability: consumes: - type: http namespace: findings-findings baseUri: https://api.veracode.com description: Veracode Findings REST API — Findings business capability. Self-contained, no shared references. resources: - name: appsec-v2-applications-applicationGuid-findings path: /appsec/v2/applications/{applicationGuid}/findings operations: - name: listfindings method: GET description: List Findings outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: applicationGuid in: path type: string description: Application unique identifier required: true - name: scan_type in: query type: array description: Filter by scan type - name: severity in: query type: integer description: Filter by severity level (0=Informational, 1=Very Low, 2=Low, 3=Medium, 4=High, 5=Very High) - name: severity_gte in: query type: integer description: Filter findings with severity greater than or equal to this value - name: cwe in: query type: string description: Filter by CWE ID - name: cvss_gte in: query type: number description: Filter findings with CVSS score greater than or equal to this value - name: violates_policy in: query type: boolean description: Filter to only policy-violating findings - name: include_annot in: query type: boolean description: Include annotation data in response - name: new in: query type: boolean description: Filter to only new findings - name: context in: query type: string description: Sandbox GUID for sandbox-specific findings - name: page in: query type: integer - name: size in: query type: integer - name: appsec-v2-applications-applicationGuid-findings-findingId-static_flaw_info path: /appsec/v2/applications/{applicationGuid}/findings/{findingId}/static_flaw_info operations: - name: getstaticflawinfo method: GET description: Get Static Flaw Info outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: applicationGuid in: path type: string required: true - name: findingId in: path type: integer description: Finding unique identifier required: true - name: appsec-v2-applications-applicationGuid-findings-issueId-dynamic_flaw_info path: /appsec/v2/applications/{applicationGuid}/findings/{issueId}/dynamic_flaw_info operations: - name: getdynamicflawinfo method: GET description: Get Dynamic Flaw Info outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: applicationGuid in: path type: string required: true - name: issueId in: path type: integer description: Finding issue ID required: true exposes: - type: rest namespace: findings-findings-rest port: 8080 description: REST adapter for Veracode Findings REST API — Findings. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/appsec/v2/applications/{applicationguid}/findings name: appsec-v2-applications-applicationguid-findings description: REST surface for appsec-v2-applications-applicationGuid-findings. operations: - method: GET name: listfindings description: List Findings call: findings-findings.listfindings with: applicationGuid: rest.applicationGuid scan_type: rest.scan_type severity: rest.severity severity_gte: rest.severity_gte cwe: rest.cwe cvss_gte: rest.cvss_gte violates_policy: rest.violates_policy include_annot: rest.include_annot new: rest.new context: rest.context page: rest.page size: rest.size outputParameters: - type: object mapping: $. - path: /v1/appsec/v2/applications/{applicationguid}/findings/{findingid}/static-flaw-info name: appsec-v2-applications-applicationguid-findings-findingid-static-flaw-info description: REST surface for appsec-v2-applications-applicationGuid-findings-findingId-static_flaw_info. operations: - method: GET name: getstaticflawinfo description: Get Static Flaw Info call: findings-findings.getstaticflawinfo with: applicationGuid: rest.applicationGuid findingId: rest.findingId outputParameters: - type: object mapping: $. - path: /v1/appsec/v2/applications/{applicationguid}/findings/{issueid}/dynamic-flaw-info name: appsec-v2-applications-applicationguid-findings-issueid-dynamic-flaw-info description: REST surface for appsec-v2-applications-applicationGuid-findings-issueId-dynamic_flaw_info. operations: - method: GET name: getdynamicflawinfo description: Get Dynamic Flaw Info call: findings-findings.getdynamicflawinfo with: applicationGuid: rest.applicationGuid issueId: rest.issueId outputParameters: - type: object mapping: $. - type: mcp namespace: findings-findings-mcp port: 9090 transport: http description: MCP adapter for Veracode Findings REST API — Findings. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: list-findings description: List Findings hints: readOnly: true destructive: false idempotent: true call: findings-findings.listfindings with: applicationGuid: tools.applicationGuid scan_type: tools.scan_type severity: tools.severity severity_gte: tools.severity_gte cwe: tools.cwe cvss_gte: tools.cvss_gte violates_policy: tools.violates_policy include_annot: tools.include_annot new: tools.new context: tools.context page: tools.page size: tools.size outputParameters: - type: object mapping: $. - name: get-static-flaw-info description: Get Static Flaw Info hints: readOnly: true destructive: false idempotent: true call: findings-findings.getstaticflawinfo with: applicationGuid: tools.applicationGuid findingId: tools.findingId outputParameters: - type: object mapping: $. - name: get-dynamic-flaw-info description: Get Dynamic Flaw Info hints: readOnly: true destructive: false idempotent: true call: findings-findings.getdynamicflawinfo with: applicationGuid: tools.applicationGuid issueId: tools.issueId outputParameters: - type: object mapping: $.