naftiko: 1.0.0-alpha2 info: label: Veracode Findings REST API — Manual Penetration Testing description: 'Veracode Findings REST API — Manual Penetration Testing. 2 operations. Lead operation: List Manual Penetration Test Scans. Self-contained Naftiko capability covering one Veracode business surface.' tags: - Veracode - Manual Penetration Testing created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: VERACODE_API_KEY: VERACODE_API_KEY capability: consumes: - type: http namespace: findings-manual-penetration-testing baseUri: https://api.veracode.com description: Veracode Findings REST API — Manual Penetration Testing business capability. Self-contained, no shared references. resources: - name: appsec-v2-applications-mpt-v1-scans path: /appsec/v2/applications/mpt/v1/scans operations: - name: listmptscans method: GET description: List Manual Penetration Test Scans outputRawFormat: json outputParameters: - name: result type: object value: $. - name: appsec-v2-applications-mpt-v1-scans-scanId-findings path: /appsec/v2/applications/mpt/v1/scans/{scanId}/findings operations: - name: listmptscanfindings method: GET description: List Manual Penetration Test Findings outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: scanId in: path type: string description: MPT scan identifier required: true exposes: - type: rest namespace: findings-manual-penetration-testing-rest port: 8080 description: REST adapter for Veracode Findings REST API — Manual Penetration Testing. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/appsec/v2/applications/mpt/v1/scans name: appsec-v2-applications-mpt-v1-scans description: REST surface for appsec-v2-applications-mpt-v1-scans. operations: - method: GET name: listmptscans description: List Manual Penetration Test Scans call: findings-manual-penetration-testing.listmptscans outputParameters: - type: object mapping: $. - path: /v1/appsec/v2/applications/mpt/v1/scans/{scanid}/findings name: appsec-v2-applications-mpt-v1-scans-scanid-findings description: REST surface for appsec-v2-applications-mpt-v1-scans-scanId-findings. operations: - method: GET name: listmptscanfindings description: List Manual Penetration Test Findings call: findings-manual-penetration-testing.listmptscanfindings with: scanId: rest.scanId outputParameters: - type: object mapping: $. - type: mcp namespace: findings-manual-penetration-testing-mcp port: 9090 transport: http description: MCP adapter for Veracode Findings REST API — Manual Penetration Testing. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: list-manual-penetration-test-scans description: List Manual Penetration Test Scans hints: readOnly: true destructive: false idempotent: true call: findings-manual-penetration-testing.listmptscans outputParameters: - type: object mapping: $. - name: list-manual-penetration-test-findings description: List Manual Penetration Test Findings hints: readOnly: true destructive: false idempotent: true call: findings-manual-penetration-testing.listmptscanfindings with: scanId: tools.scanId outputParameters: - type: object mapping: $.