Fortify · Capability

Fortify on Demand API

REST API for Fortify on Demand (FoD), the cloud-based application security testing service from OpenText. Provides programmatic access to manage applications, releases, initiate static, dynamic, and mobile scans, retrieve vulnerability results, and manage tenant-level settings. Supports OAuth2 client credentials and resource owner password grant flows for authentication.

Run with Naftiko FortifyAPI

What You Can Do

GET
Listapplications — Fortify List applications
/api/v3/applications
POST
Createapplication — Fortify Create application
/api/v3/applications
GET
Getapplication — Fortify Get application
/api/v3/applications/{applicationId}
PUT
Updateapplication — Fortify Update application
/api/v3/applications/{applicationId}
DELETE
Deleteapplication — Fortify Delete application
/api/v3/applications/{applicationId}
GET
Listapplicationreleases — Fortify List application releases
/api/v3/applications/{applicationId}/releases
GET
Listapplicationscans — Fortify List application scans
/api/v3/applications/{applicationId}/scans
GET
Getapplicationissuecountbyseverity — Fortify Get issue count by severity
/api/v3/applications/{applicationId}/issue-count-by-severity
GET
Listapplicationusers — Fortify List application users
/api/v3/applications/{applicationId}/users
GET
Listapplicationmicroservices — Fortify List application microservices
/api/v3/applications/{applicationId}/microservices
POST
Createapplicationmicroservice — Fortify Create application microservice
/api/v3/applications/{applicationId}/microservices
GET
Getapplicationvulnerability — Fortify Get application vulnerability
/api/v3/applications/{applicationId}/vulnerabilities/{vulnerabilityId}
GET
Listapplicationowners — Fortify List application owners
/api/v3/applications/owners
GET
Listopensourcecomponents — Fortify List open source components
/api/v3/applications/open-source-components
GET
Listreleases — Fortify List releases
/api/v3/releases
POST
Createrelease — Fortify Create release
/api/v3/releases
GET
Getrelease — Fortify Get release
/api/v3/releases/{releaseId}
PUT
Updaterelease — Fortify Update release
/api/v3/releases/{releaseId}
DELETE
Deleterelease — Fortify Delete release
/api/v3/releases/{releaseId}
GET
Listreleasescans — Fortify List release scans
/api/v3/releases/{releaseId}/scans
GET
Getreleasescan — Fortify Get release scan
/api/v3/releases/{releaseId}/scans/{scanId}
GET
Getreleasescanpollingsummary — Fortify Get scan polling summary
/api/v3/releases/{releaseId}/scans/{scanId}/polling-summary
GET
Downloadreleasefpr — Fortify Download release FPR
/api/v3/releases/{releaseId}/fpr
GET
Listreleasecategoryrollups — Fortify List vulnerability category rollups
/api/v3/releases/{releaseId}/category-rollups
GET
Listreleaseassessmenttypes — Fortify List assessment types
/api/v3/releases/{releaseId}/assessment-types
GET
Getreleasestaticscanoptions — Fortify Get static scan options
/api/v3/releases/{releaseId}/static-scan-options
POST
Setreleaseauditaction — Fortify Set audit action
/api/v3/releases/{releaseId}/audit-action
GET
Getreleaseauditoptions — Fortify Get audit options
/api/v3/releases/{releaseId}/audit-options
GET
Getdastautomatedscansetup — Fortify Get DAST automated scan setup
/api/v3/releases/{releaseId}/dast-automated-scans/scan-setup
PUT
Savedastautomatedwebsitescansetup — Fortify Save DAST automated website scan setup
/api/v3/releases/{releaseId}/dast-automated-scans/website-scan-setup
PUT
Savedastautomatedopenapiscansetup — Fortify Save DAST automated OpenAPI scan setup
/api/v3/releases/{releaseId}/dast-automated-scans/openapi-scan-setup
POST
Startdastautomatedscan — Fortify Start DAST automated scan
/api/v3/releases/{releaseId}/dast-automated-scans/start-scan
GET
Getdynamicscansetup — Fortify Get dynamic scan setup
/api/v3/releases/{releaseId}/dynamic-scans/scan-setup
PUT
Savedynamicscansetup — Fortify Save dynamic scan setup
/api/v3/releases/{releaseId}/dynamic-scans/scan-setup
POST
Startdynamicscan — Fortify Start dynamic scan
/api/v3/releases/{releaseId}/dynamic-scans/start-scan
GET
Getmobilescansetup — Fortify Get mobile scan setup
/api/v3/releases/{releaseId}/mobile-scans/scan-setup
PUT
Savemobilescansetup — Fortify Save mobile scan setup
/api/v3/releases/{releaseId}/mobile-scans/scan-setup
POST
Startmobilescan — Fortify Start mobile scan
/api/v3/releases/{releaseId}/mobile-scans/start-scan
POST
Startopensourcescan — Fortify Start open source scan
/api/v3/releases/{releaseId}/open-source-scans/start-scan
GET
Getreleaseimportscansessionid — Fortify Get import scan session ID
/api/v3/releases/{releaseId}/import-scan-session-id
GET
Downloadopensourcesbom — Fortify Download open source SBOM
/api/v3/open-source-scans/{scanId}/sbom
GET
Listapikeys — Fortify List API keys
/api/v3/api-keys
POST
Createapikey — Fortify Create API key
/api/v3/api-keys
GET
Getapikey — Fortify Get API key
/api/v3/api-keys/{apiKeyId}
PUT
Updateapikey — Fortify Update API key
/api/v3/api-keys/{apiKeyId}
DELETE
Deleteapikey — Fortify Delete API key
/api/v3/api-keys/{apiKeyId}
GET
Listpersonalaccesstokens — Fortify List personal access tokens
/api/v3/personal-access-tokens
POST
Createpersonalaccesstoken — Fortify Create personal access token
/api/v3/personal-access-tokens
GET
Getpersonalaccesstoken — Fortify Get personal access token
/api/v3/personal-access-tokens/{personalAccessTokenId}
PUT
Updatepersonalaccesstoken — Fortify Update personal access token
/api/v3/personal-access-tokens/{personalAccessTokenId}
DELETE
Deletepersonalaccesstoken — Fortify Delete personal access token
/api/v3/personal-access-tokens/{personalAccessTokenId}
GET
Listattributes — Fortify List attributes
/api/v3/attributes
POST
Createattribute — Fortify Create attribute
/api/v3/attributes
PUT
Updateattribute — Fortify Update attribute
/api/v3/attributes/{attributeId}
DELETE
Deleteattribute — Fortify Delete attribute
/api/v3/attributes/{attributeId}
GET
Listunreadnotifications — Fortify List unread notifications
/api/v3/notifications/unread
GET
Listreadnotifications — Fortify List read notifications
/api/v3/notifications/read
POST
Marknotificationsasread — Fortify Mark notifications as read
/api/v3/notifications/markasread
GET
Listlookupitems — Fortify List lookup items
/api/v3/lookup-items
GET
Downloadeventlogs — Fortify Download event logs
/api/v3/eventlogs/download

MCP Tools

listapplications

Fortify List applications

read-only idempotent
createapplication

Fortify Create application

getapplication

Fortify Get application

read-only idempotent
updateapplication

Fortify Update application

idempotent
deleteapplication

Fortify Delete application

idempotent
listapplicationreleases

Fortify List application releases

read-only idempotent
listapplicationscans

Fortify List application scans

read-only idempotent
getapplicationissuecountbyseverity

Fortify Get issue count by severity

read-only idempotent
listapplicationusers

Fortify List application users

read-only idempotent
listapplicationmicroservices

Fortify List application microservices

read-only idempotent
createapplicationmicroservice

Fortify Create application microservice

getapplicationvulnerability

Fortify Get application vulnerability

read-only idempotent
listapplicationowners

Fortify List application owners

read-only idempotent
listopensourcecomponents

Fortify List open source components

read-only idempotent
listreleases

Fortify List releases

read-only idempotent
createrelease

Fortify Create release

getrelease

Fortify Get release

read-only idempotent
updaterelease

Fortify Update release

idempotent
deleterelease

Fortify Delete release

idempotent
listreleasescans

Fortify List release scans

read-only idempotent
getreleasescan

Fortify Get release scan

read-only idempotent
getreleasescanpollingsummary

Fortify Get scan polling summary

read-only idempotent
downloadreleasefpr

Fortify Download release FPR

read-only idempotent
listreleasecategoryrollups

Fortify List vulnerability category rollups

read-only idempotent
listreleaseassessmenttypes

Fortify List assessment types

read-only idempotent
getreleasestaticscanoptions

Fortify Get static scan options

read-only idempotent
setreleaseauditaction

Fortify Set audit action

getreleaseauditoptions

Fortify Get audit options

read-only idempotent
getdastautomatedscansetup

Fortify Get DAST automated scan setup

read-only idempotent
savedastautomatedwebsitescansetup

Fortify Save DAST automated website scan setup

idempotent
savedastautomatedopenapiscansetup

Fortify Save DAST automated OpenAPI scan setup

idempotent
startdastautomatedscan

Fortify Start DAST automated scan

getdynamicscansetup

Fortify Get dynamic scan setup

read-only idempotent
savedynamicscansetup

Fortify Save dynamic scan setup

idempotent
startdynamicscan

Fortify Start dynamic scan

getmobilescansetup

Fortify Get mobile scan setup

read-only idempotent
savemobilescansetup

Fortify Save mobile scan setup

idempotent
startmobilescan

Fortify Start mobile scan

startopensourcescan

Fortify Start open source scan

getreleaseimportscansessionid

Fortify Get import scan session ID

read-only idempotent
downloadopensourcesbom

Fortify Download open source SBOM

read-only idempotent
listapikeys

Fortify List API keys

read-only idempotent
createapikey

Fortify Create API key

getapikey

Fortify Get API key

read-only idempotent
updateapikey

Fortify Update API key

idempotent
deleteapikey

Fortify Delete API key

idempotent
listpersonalaccesstokens

Fortify List personal access tokens

read-only idempotent
createpersonalaccesstoken

Fortify Create personal access token

getpersonalaccesstoken

Fortify Get personal access token

read-only idempotent
updatepersonalaccesstoken

Fortify Update personal access token

idempotent
deletepersonalaccesstoken

Fortify Delete personal access token

idempotent
listattributes

Fortify List attributes

read-only idempotent
createattribute

Fortify Create attribute

updateattribute

Fortify Update attribute

idempotent
deleteattribute

Fortify Delete attribute

idempotent
listunreadnotifications

Fortify List unread notifications

read-only idempotent
listreadnotifications

Fortify List read notifications

read-only idempotent
marknotificationsasread

Fortify Mark notifications as read

listlookupitems

Fortify List lookup items

read-only idempotent
downloadeventlogs

Fortify Download event logs

read-only idempotent

Capability Spec

fortify-capability.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Fortify on Demand API
  description: REST API for Fortify on Demand (FoD), the cloud-based application security testing service from OpenText. Provides
    programmatic access to manage applications, releases, initiate static, dynamic, and mobile scans, retrieve vulnerability
    results, and manage tenant-level settings. Supports OAuth2 client credentials and resource owner password grant flows
    for authentication.
  tags:
  - Fortify
  - API
  created: '2026-05-06'
  modified: '2026-05-06'
capability:
  consumes:
  - type: http
    namespace: fortify
    baseUri: https://api.ams.fortify.com
    description: Fortify on Demand API HTTP API.
    authentication:
      type: bearer
      token: '{{FORTIFY_TOKEN}}'
    resources:
    - name: api-v3-applications
      path: /api/v3/applications
      operations:
      - name: listapplications
        method: GET
        description: Fortify List applications
        inputParameters:
        - name: modifiedStartDate
          in: query
          type: string
          description: Filter applications modified after this date
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: createapplication
        method: POST
        description: Fortify Create application
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-applications-applicationid
      path: /api/v3/applications/{applicationId}
      operations:
      - name: getapplication
        method: GET
        description: Fortify Get application
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updateapplication
        method: PUT
        description: Fortify Update application
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: deleteapplication
        method: DELETE
        description: Fortify Delete application
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-applications-applicationid-releases
      path: /api/v3/applications/{applicationId}/releases
      operations:
      - name: listapplicationreleases
        method: GET
        description: Fortify List application releases
        inputParameters:
        - name: modifiedStartDate
          in: query
          type: string
          description: Filter releases modified after this date
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-applications-applicationid-scans
      path: /api/v3/applications/{applicationId}/scans
      operations:
      - name: listapplicationscans
        method: GET
        description: Fortify List application scans
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-applications-applicationid-issue-count-by
      path: /api/v3/applications/{applicationId}/issue-count-by-severity
      operations:
      - name: getapplicationissuecountbyseverity
        method: GET
        description: Fortify Get issue count by severity
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-applications-applicationid-users
      path: /api/v3/applications/{applicationId}/users
      operations:
      - name: listapplicationusers
        method: GET
        description: Fortify List application users
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-applications-applicationid-microservices
      path: /api/v3/applications/{applicationId}/microservices
      operations:
      - name: listapplicationmicroservices
        method: GET
        description: Fortify List application microservices
        inputParameters:
        - name: includeReleases
          in: query
          type: boolean
          description: Whether to include release information for each microservice
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: createapplicationmicroservice
        method: POST
        description: Fortify Create application microservice
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-applications-applicationid-vulnerabilitie
      path: /api/v3/applications/{applicationId}/vulnerabilities/{vulnerabilityId}
      operations:
      - name: getapplicationvulnerability
        method: GET
        description: Fortify Get application vulnerability
        inputParameters:
        - name: vulnerabilityId
          in: path
          type: integer
          required: true
          description: Unique identifier of the vulnerability
        - name: includeFixed
          in: query
          type: boolean
          description: Include fixed vulnerabilities in results
        - name: includeSuppressed
          in: query
          type: boolean
          description: Include suppressed vulnerabilities in results
        - name: keywordSearch
          in: query
          type: string
          description: Keyword search filter for vulnerabilities
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-applications-owners
      path: /api/v3/applications/owners
      operations:
      - name: listapplicationowners
        method: GET
        description: Fortify List application owners
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-applications-open-source-components
      path: /api/v3/applications/open-source-components
      operations:
      - name: listopensourcecomponents
        method: GET
        description: Fortify List open source components
        inputParameters:
        - name: openSourceScanType
          in: query
          type: string
          description: Type of open source scan engine
        - name: returnTotalComponentCount
          in: query
          type: boolean
          description: Whether to include total count in response
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-releases
      path: /api/v3/releases
      operations:
      - name: listreleases
        method: GET
        description: Fortify List releases
        inputParameters:
        - name: modifiedStartDate
          in: query
          type: string
          description: Filter releases modified after this date
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: createrelease
        method: POST
        description: Fortify Create release
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-releases-releaseid
      path: /api/v3/releases/{releaseId}
      operations:
      - name: getrelease
        method: GET
        description: Fortify Get release
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updaterelease
        method: PUT
        description: Fortify Update release
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: deleterelease
        method: DELETE
        description: Fortify Delete release
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-releases-releaseid-scans
      path: /api/v3/releases/{releaseId}/scans
      operations:
      - name: listreleasescans
        method: GET
        description: Fortify List release scans
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-releases-releaseid-scans-scanid
      path: /api/v3/releases/{releaseId}/scans/{scanId}
      operations:
      - name: getreleasescan
        method: GET
        description: Fortify Get release scan
        inputParameters:
        - name: scanId
          in: path
          type: integer
          required: true
          description: Unique identifier of the scan
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-releases-releaseid-scans-scanid-polling-s
      path: /api/v3/releases/{releaseId}/scans/{scanId}/polling-summary
      operations:
      - name: getreleasescanpollingsummary
        method: GET
        description: Fortify Get scan polling summary
        inputParameters:
        - name: scanId
          in: path
          type: integer
          required: true
          description: Unique identifier of the scan
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-releases-releaseid-fpr
      path: /api/v3/releases/{releaseId}/fpr
      operations:
      - name: downloadreleasefpr
        method: GET
        description: Fortify Download release FPR
        inputParameters:
        - name: scanType
          in: query
          type: string
          description: Type of scan to download FPR for
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-releases-releaseid-category-rollups
      path: /api/v3/releases/{releaseId}/category-rollups
      operations:
      - name: listreleasecategoryrollups
        method: GET
        description: Fortify List vulnerability category rollups
        inputParameters:
        - name: showFixed
          in: query
          type: boolean
          description: Include fixed vulnerabilities
        - name: vulnerabilitiesSeverityType
          in: query
          type: string
          description: Filter by severity type
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-releases-releaseid-assessment-types
      path: /api/v3/releases/{releaseId}/assessment-types
      operations:
      - name: listreleaseassessmenttypes
        method: GET
        description: Fortify List assessment types
        inputParameters:
        - name: scanType
          in: query
          type: string
          required: true
          description: Type of scan to retrieve assessment types for
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-releases-releaseid-static-scan-options
      path: /api/v3/releases/{releaseId}/static-scan-options
      operations:
      - name: getreleasestaticscanoptions
        method: GET
        description: Fortify Get static scan options
        inputParameters:
        - name: technologyStack
          in: query
          type: string
          description: Technology stack identifier
        - name: languageLevel
          in: query
          type: string
          description: Language level identifier
        - name: assessmentTypeId
          in: query
          type: integer
          description: Assessment type identifier
        - name: entitlementFrequencyType
          in: query
          type: string
          description: Entitlement frequency type
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-releases-releaseid-audit-action
      path: /api/v3/releases/{releaseId}/audit-action
      operations:
      - name: setreleaseauditaction
        method: POST
        description: Fortify Set audit action
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-releases-releaseid-audit-options
      path: /api/v3/releases/{releaseId}/audit-options
      operations:
      - name: getreleaseauditoptions
        method: GET
        description: Fortify Get audit options
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-releases-releaseid-dast-automated-scans-s
      path: /api/v3/releases/{releaseId}/dast-automated-scans/scan-setup
      operations:
      - name: getdastautomatedscansetup
        method: GET
        description: Fortify Get DAST automated scan setup
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-releases-releaseid-dast-automated-scans-w
      path: /api/v3/releases/{releaseId}/dast-automated-scans/website-scan-setup
      operations:
      - name: savedastautomatedwebsitescansetup
        method: PUT
        description: Fortify Save DAST automated website scan setup
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-releases-releaseid-dast-automated-scans-o
      path: /api/v3/releases/{releaseId}/dast-automated-scans/openapi-scan-setup
      operations:
      - name: savedastautomatedopenapiscansetup
        method: PUT
        description: Fortify Save DAST automated OpenAPI scan setup
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-releases-releaseid-dast-automated-scans-s
      path: /api/v3/releases/{releaseId}/dast-automated-scans/start-scan
      operations:
      - name: startdastautomatedscan
        method: POST
        description: Fortify Start DAST automated scan
        inputParameters:
        - name: networkName
          in: query
          type: string
          description: Name of the Fortify on Demand Connect network to use for scanning
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-releases-releaseid-dynamic-scans-scan-set
      path: /api/v3/releases/{releaseId}/dynamic-scans/scan-setup
      operations:
      - name: getdynamicscansetup
        method: GET
        description: Fortify Get dynamic scan setup
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: savedynamicscansetup
        method: PUT
        description: Fortify Save dynamic scan setup
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-releases-releaseid-dynamic-scans-start-sc
      path: /api/v3/releases/{releaseId}/dynamic-scans/start-scan
      operations:
      - name: startdynamicscan
        method: POST
        description: Fortify Start dynamic scan
        inputParameters:
        - name: networkName
          in: query
          type: string
          description: Name of the Fortify on Demand Connect network to use for scanning
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-releases-releaseid-mobile-scans-scan-setu
      path: /api/v3/releases/{releaseId}/mobile-scans/scan-setup
      operations:
      - name: getmobilescansetup
        method: GET
        description: Fortify Get mobile scan setup
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: savemobilescansetup
        method: PUT
        description: Fortify Save mobile scan setup
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-releases-releaseid-mobile-scans-start-sca
      path: /api/v3/releases/{releaseId}/mobile-scans/start-scan
      operations:
      - name: startmobilescan
        method: POST
        description: Fortify Start mobile scan
        inputParameters:
        - name: startDate
          in: query
          type: string
          description: Scheduled start date for the scan
        - name: assessmentTypeId
          in: query
          type: integer
          description: Assessment type identifier
        - name: frameworkType
          in: query
          type: string
          description: Mobile framework type
        - name: timeZone
          in: query
          type: string
          description: Time zone for scheduled scans
        - name: entitlementId
          in: query
          type: integer
          description: Entitlement identifier
        - name: entitlementFrequencyType
          in: query
          type: string
          description: Entitlement frequency type
        - name: isRemediationScan
          in: query
          type: boolean
          description: Whether this is a remediation scan
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-releases-releaseid-open-source-scans-star
      path: /api/v3/releases/{releaseId}/open-source-scans/start-scan
      operations:
      - name: startopensourcescan
        method: POST
        description: Fortify Start open source scan
        inputParameters:
        - name: fragNo
          in: query
          type: integer
          description: Fragment number for chunked upload
        - name: offset
          in: query
          type: integer
          description: Byte offset for chunked upload
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-releases-releaseid-import-scan-session-id
      path: /api/v3/releases/{releaseId}/import-scan-session-id
      operations:
      - name: getreleaseimportscansessionid
        method: GET
        description: Fortify Get import scan session ID
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-open-source-scans-scanid-sbom
      path: /api/v3/open-source-scans/{scanId}/sbom
      operations:
      - name: downloadopensourcesbom
        method: GET
        description: Fortify Download open source SBOM
        inputParameters:
        - name: scanId
          in: path
          type: integer
          required: true
          description: Unique identifier of the open source scan
        - name: format
          in: query
          type: string
          description: SBOM output format
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-api-keys
      path: /api/v3/api-keys
      operations:
      - name: listapikeys
        method: GET
        description: Fortify List API keys
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: createapikey
        method: POST
        description: Fortify Create API key
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-api-keys-apikeyid
      path: /api/v3/api-keys/{apiKeyId}
      operations:
      - name: getapikey
        method: GET
        description: Fortify Get API key
        inputParameters:
        - name: apiKeyId
          in: path
          type: integer
          required: true
          description: Unique identifier of the API key
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updateapikey
        method: PUT
        description: Fortify Update API key
        inputParameters:
        - name: apiKeyId
          in: path
          type: integer
          required: true
          description: Unique identifier of the API key
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: deleteapikey
        method: DELETE
        description: Fortify Delete API key
        inputParameters:
        - name: apiKeyId
          in: path
          type: integer
          required: true
          description: Unique identifier of the API key
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-personal-access-tokens
      path: /api/v3/personal-access-tokens
      operations:
      - name: listpersonalaccesstokens
        method: GET
        description: Fortify List personal access tokens
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: createpersonalaccesstoken
        method: POST
        description: Fortify Create personal access token
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-personal-access-tokens-personalaccesstoke
      path: /api/v3/personal-access-tokens/{personalAccessTokenId}
      operations:
      - name: getpersonalaccesstoken
        method: GET
        description: Fortify Get personal access token
        inputParameters:
        - name: personalAccessTokenId
          in: path
          type: integer
          required: true
          description: Unique identifier of the personal access token
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updatepersonalaccesstoken
        method: PUT
        description: Fortify Update personal access token
        inputParameters:
        - name: personalAccessTokenId
          in: path
          type: integer
          required: true
          description: Unique identifier of the personal access token
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: deletepersonalaccesstoken
        method: DELETE
        description: Fortify Delete personal access token
        inputParameters:
        - name: personalAccessTokenId
          in: path
          type: integer
          required: true
          description: Unique identifier of the personal access token
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-attributes
      path: /api/v3/attributes
      operations:
      - name: listattributes
        method: GET
        description: Fortify List attributes
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: createattribute
        method: POST
        description: Fortify Create attribute
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-attributes-attributeid
      path: /api/v3/attributes/{attributeId}
      operations:
      - name: updateattribute
        method: PUT
        description: Fortify Update attribute
        inputParameters:
        - name: attributeId
          in: path
          type: integer
          required: true
          description: Unique identifier of the attribute
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: deleteattribute
        method: DELETE
        description: Fortify Delete attribute
        inputParameters:
        - name: attributeId
          in: path
          type: integer
          required: true
          description: Unique identifier of the attribute
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-notifications-unread
      path: /api/v3/notifications/unread
      operations:
      - name: listunreadnotifications
        method: GET
        description: Fortify List unread notifications
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-notifications-read
      path: /api/v3/notifications/read
      operations:
      - name: listreadnotifications
        method: GET
        description: Fortify List read notifications
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-notifications-markasread
      path: /api/v3/notifications/markasread
      operations:
      - name: marknotificationsasread
        method: POST
        description: Fortify Mark notifications as read
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-lookup-items
      path: /api/v3/lookup-items
      operations:
      - name: listlookupitems
        method: GET
        description: Fortify List lookup items
        inputParameters:
        - name: type
          in: query
          type: string
          required: true
          description: The type of lookup items to retrieve
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-eventlogs-download
      path: /api/v3/eventlogs/download
      operations:
      - name: downloadeventlogs
        method: GET
        description: Fortify Download event logs
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
  exposes:
  - type: rest
    port: 8080
    namespace: fortify-rest
    description: REST adapter for Fortify on Demand API.
    resources:
    - path: /api/v3/applications
      name: listapplications
      operations:
      - method: GET
        name: listapplications
        description: Fortify List applications
        call: fortify.listapplications
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v3/applications
      name: createapplication
      operations:
      - method: POST
        name: createapplication
        description: Fortify Create application
        call: fortify.createapplication
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v3/applications/{applicationId}
      name: getapplication
      operations:
      - method: GET
        name: getapplication
        description: Fortify Get application
        call: fortify.getapplication
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v3/applications/{applicationId}
      name: updateapplication
      operations:
      - method: PUT
        name: updateapplication
        description: Fortify Update application
        call: fortify.updateapplication
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v3/applications/{applicationId}
      name: deleteapplication
      operations:
      - method: DELETE
        name: deleteapplication
        description: Fortify Delete application
        call: fortify.deleteapplication
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v3/applications/{applicationId}/releases
      name: listapplicationreleases
      operations:
      - method: GET
        name: listapplicationreleases
        description: Fortify List application releases
        call: fortify.listapplicationreleases
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v3/applications/{applicationId}/scans
      name: listapplicationscans
      operations:
      - method: GET
        name: listapplicationscans
        description: Fortify List application scans
        call: fortify.listapplicationscans
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v3/applications/{applicationId}/issue-count-by-severity
      name: getapplicationissuecountbyseverity
      operations:
      - method: GET
        name: getapplicationissuecountbyseverity
        description: Fortify Get issue count by severity
        call: fortify.getapplicationissuecountbyseverity
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v3/applications/{applicationId}/users
      name: listapplicationusers
      operations:
      - method: GET
        name: listapplicationusers
        description: Fortify List application users
        call: fortify.listapplicationusers
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v3/applications/{applicationId}/microservices
      name: listapplicationmicroservices
      operations:
      - method: GET
        name: listapplicationmicroservices
        description: Fortify List application microservices
        call: fortify.listapplicationmicroservices
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v3/applications/{applicationId}/microservices
      name: createapplicationmicroservice
      operations:
      - method: POST
        name: createapplicationmicroservice
        description: Fortify Create application microservice
        call: fortify.createapplicationmicroservice
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v3/applications/{applicationId}/vulnerabilities/{vulnerabilityId}
      name: getapplicationvulnerability
      operations:
      - method: GET
        name: getapplicationvulnerability
        description: Fortify Get application vulnerability
        call: fortify.getapplicationvulnerability
        with:
          vulnerabilityId: rest.vulnerabilityId
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v3/applications/owners
      name: listapplicationowners
      operations:
      - method: GET
        name: listapplicationowners
        description: Fortify List application owners
        call: fortify.listapplicationowners
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v3/applications/open-source-components
      name: listopensourcecomponents
      operations:
      - method: GET
        name: listopensourcecomponents
        description: Fortify List open source components
        call: fortify.listopensourcecomponents
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v3/releases
      name: listreleases
      operations:
      - method: GET
        name: listreleases
        description: Fortify List releases
        call: fortify.listreleases
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v3/releases
      name: createrelease
      operations:
      - method: POST
        name: createrelease
        description: Fortify Create release
        call: fortify.createrelease
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v3/releases/{releaseId}
      name: getrelease
      operations:
      - method: GET
        name: getrelease
        description: Fortify Get release
        call: fortify.getrelease
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v3/releases/{releaseId}
      name: updaterelease
      operations:
      - method: PUT
        name: updaterelease
        description: Fortify Update release
        call: fortify.updaterelease
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v3/releases/{releaseId}
      name: deleterelease
      operations:
      - method: DELETE
        name: deleterelease
        description: Fortify Delete release
        call: fortify.deleterelease
        outputParameters:
        - type: object
          mapping: $.
    - path: /api/v3/releases/{releaseId}/scans
      name: listreleasescans
      operations:
      - method: GET
        name: listreleasescans
        description: For

# --- truncated at 32 KB (69 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/fortify/refs/heads/main/capabilities/fortify-capability.yaml