Fortify · Capability

Fortify on Demand API — Applications

Fortify on Demand API — Applications. 14 operations. Lead operation: Fortify List applications. Self-contained Naftiko capability covering one Fortify business surface.

Run with Naftiko FortifyApplications

What You Can Do

GET
Listapplications — Fortify List applications
/v1/api/v3/applications
POST
Createapplication — Fortify Create application
/v1/api/v3/applications
GET
Listapplicationowners — Fortify List application owners
/v1/api/v3/applications/owners
GET
Getapplication — Fortify Get application
/v1/api/v3/applications/{applicationid}
PUT
Updateapplication — Fortify Update application
/v1/api/v3/applications/{applicationid}
DELETE
Deleteapplication — Fortify Delete application
/v1/api/v3/applications/{applicationid}
GET
Getapplicationissuecountbyseverity — Fortify Get issue count by severity
/v1/api/v3/applications/{applicationid}/issue-count-by-severity
GET
Listapplicationmicroservices — Fortify List application microservices
/v1/api/v3/applications/{applicationid}/microservices
POST
Createapplicationmicroservice — Fortify Create application microservice
/v1/api/v3/applications/{applicationid}/microservices
GET
Listapplicationreleases — Fortify List application releases
/v1/api/v3/applications/{applicationid}/releases
GET
Listapplicationscans — Fortify List application scans
/v1/api/v3/applications/{applicationid}/scans
GET
Listapplicationusers — Fortify List application users
/v1/api/v3/applications/{applicationid}/users
GET
Getapplicationvulnerability — Fortify Get application vulnerability
/v1/api/v3/applications/{applicationid}/vulnerabilities/{vulnerabilityid}
GET
Listfortifyconnectnetworks — List Fortify Connect networks
/v1/api/v3/fortify-on-demand-connect-networks

MCP Tools

fortify-list-applications

Fortify List applications

read-only idempotent
fortify-create-application

Fortify Create application

fortify-list-application-owners

Fortify List application owners

read-only idempotent
fortify-get-application

Fortify Get application

read-only idempotent
fortify-update-application

Fortify Update application

idempotent
fortify-delete-application

Fortify Delete application

idempotent
fortify-get-issue-count-severity

Fortify Get issue count by severity

read-only idempotent
fortify-list-application-microservices

Fortify List application microservices

read-only idempotent
fortify-create-application-microservice

Fortify Create application microservice

fortify-list-application-releases

Fortify List application releases

read-only idempotent
fortify-list-application-scans

Fortify List application scans

read-only idempotent
fortify-list-application-users

Fortify List application users

read-only idempotent
fortify-get-application-vulnerability

Fortify Get application vulnerability

read-only idempotent
list-fortify-connect-networks

List Fortify Connect networks

read-only idempotent

Capability Spec

on-demand-applications.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Fortify on Demand API — Applications
  description: 'Fortify on Demand API — Applications. 14 operations. Lead operation: Fortify List applications. Self-contained
    Naftiko capability covering one Fortify business surface.'
  tags:
  - Fortify
  - Applications
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    FORTIFY_API_KEY: FORTIFY_API_KEY
capability:
  consumes:
  - type: http
    namespace: on-demand-applications
    baseUri: https://api.ams.fortify.com
    description: Fortify on Demand API — Applications business capability. Self-contained, no shared references.
    resources:
    - name: api-v3-applications
      path: /api/v3/applications
      operations:
      - name: listapplications
        method: GET
        description: Fortify List applications
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: modifiedStartDate
          in: query
          type: string
          description: Filter applications modified after this date
      - name: createapplication
        method: POST
        description: Fortify Create application
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-v3-applications-owners
      path: /api/v3/applications/owners
      operations:
      - name: listapplicationowners
        method: GET
        description: Fortify List application owners
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-applications-applicationId
      path: /api/v3/applications/{applicationId}
      operations:
      - name: getapplication
        method: GET
        description: Fortify Get application
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updateapplication
        method: PUT
        description: Fortify Update application
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
      - name: deleteapplication
        method: DELETE
        description: Fortify Delete application
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-applications-applicationId-issue-count-by-severity
      path: /api/v3/applications/{applicationId}/issue-count-by-severity
      operations:
      - name: getapplicationissuecountbyseverity
        method: GET
        description: Fortify Get issue count by severity
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-applications-applicationId-microservices
      path: /api/v3/applications/{applicationId}/microservices
      operations:
      - name: listapplicationmicroservices
        method: GET
        description: Fortify List application microservices
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: includeReleases
          in: query
          type: boolean
          description: Whether to include release information for each microservice
      - name: createapplicationmicroservice
        method: POST
        description: Fortify Create application microservice
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-v3-applications-applicationId-releases
      path: /api/v3/applications/{applicationId}/releases
      operations:
      - name: listapplicationreleases
        method: GET
        description: Fortify List application releases
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: modifiedStartDate
          in: query
          type: string
          description: Filter releases modified after this date
    - name: api-v3-applications-applicationId-scans
      path: /api/v3/applications/{applicationId}/scans
      operations:
      - name: listapplicationscans
        method: GET
        description: Fortify List application scans
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-applications-applicationId-users
      path: /api/v3/applications/{applicationId}/users
      operations:
      - name: listapplicationusers
        method: GET
        description: Fortify List application users
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-applications-applicationId-vulnerabilities-vulnerabilityId
      path: /api/v3/applications/{applicationId}/vulnerabilities/{vulnerabilityId}
      operations:
      - name: getapplicationvulnerability
        method: GET
        description: Fortify Get application vulnerability
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: vulnerabilityId
          in: path
          type: integer
          description: Unique identifier of the vulnerability
          required: true
        - name: includeFixed
          in: query
          type: boolean
          description: Include fixed vulnerabilities in results
        - name: includeSuppressed
          in: query
          type: boolean
          description: Include suppressed vulnerabilities in results
        - name: keywordSearch
          in: query
          type: string
          description: Keyword search filter for vulnerabilities
    - name: api-v3-fortify-on-demand-connect-networks
      path: /api/v3/fortify-on-demand-connect-networks
      operations:
      - name: listfortifyconnectnetworks
        method: GET
        description: List Fortify Connect networks
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    authentication:
      type: bearer
      token: '{{env.FORTIFY_API_KEY}}'
  exposes:
  - type: rest
    namespace: on-demand-applications-rest
    port: 8080
    description: REST adapter for Fortify on Demand API — Applications. One Spectral-compliant resource per consumed operation,
      prefixed with /v1.
    resources:
    - path: /v1/api/v3/applications
      name: api-v3-applications
      description: REST surface for api-v3-applications.
      operations:
      - method: GET
        name: listapplications
        description: Fortify List applications
        call: on-demand-applications.listapplications
        with:
          modifiedStartDate: rest.modifiedStartDate
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: createapplication
        description: Fortify Create application
        call: on-demand-applications.createapplication
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v3/applications/owners
      name: api-v3-applications-owners
      description: REST surface for api-v3-applications-owners.
      operations:
      - method: GET
        name: listapplicationowners
        description: Fortify List application owners
        call: on-demand-applications.listapplicationowners
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v3/applications/{applicationid}
      name: api-v3-applications-applicationid
      description: REST surface for api-v3-applications-applicationId.
      operations:
      - method: GET
        name: getapplication
        description: Fortify Get application
        call: on-demand-applications.getapplication
        outputParameters:
        - type: object
          mapping: $.
      - method: PUT
        name: updateapplication
        description: Fortify Update application
        call: on-demand-applications.updateapplication
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
      - method: DELETE
        name: deleteapplication
        description: Fortify Delete application
        call: on-demand-applications.deleteapplication
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v3/applications/{applicationid}/issue-count-by-severity
      name: api-v3-applications-applicationid-issue-count-by-severity
      description: REST surface for api-v3-applications-applicationId-issue-count-by-severity.
      operations:
      - method: GET
        name: getapplicationissuecountbyseverity
        description: Fortify Get issue count by severity
        call: on-demand-applications.getapplicationissuecountbyseverity
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v3/applications/{applicationid}/microservices
      name: api-v3-applications-applicationid-microservices
      description: REST surface for api-v3-applications-applicationId-microservices.
      operations:
      - method: GET
        name: listapplicationmicroservices
        description: Fortify List application microservices
        call: on-demand-applications.listapplicationmicroservices
        with:
          includeReleases: rest.includeReleases
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: createapplicationmicroservice
        description: Fortify Create application microservice
        call: on-demand-applications.createapplicationmicroservice
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v3/applications/{applicationid}/releases
      name: api-v3-applications-applicationid-releases
      description: REST surface for api-v3-applications-applicationId-releases.
      operations:
      - method: GET
        name: listapplicationreleases
        description: Fortify List application releases
        call: on-demand-applications.listapplicationreleases
        with:
          modifiedStartDate: rest.modifiedStartDate
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v3/applications/{applicationid}/scans
      name: api-v3-applications-applicationid-scans
      description: REST surface for api-v3-applications-applicationId-scans.
      operations:
      - method: GET
        name: listapplicationscans
        description: Fortify List application scans
        call: on-demand-applications.listapplicationscans
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v3/applications/{applicationid}/users
      name: api-v3-applications-applicationid-users
      description: REST surface for api-v3-applications-applicationId-users.
      operations:
      - method: GET
        name: listapplicationusers
        description: Fortify List application users
        call: on-demand-applications.listapplicationusers
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v3/applications/{applicationid}/vulnerabilities/{vulnerabilityid}
      name: api-v3-applications-applicationid-vulnerabilities-vulnerabilityid
      description: REST surface for api-v3-applications-applicationId-vulnerabilities-vulnerabilityId.
      operations:
      - method: GET
        name: getapplicationvulnerability
        description: Fortify Get application vulnerability
        call: on-demand-applications.getapplicationvulnerability
        with:
          vulnerabilityId: rest.vulnerabilityId
          includeFixed: rest.includeFixed
          includeSuppressed: rest.includeSuppressed
          keywordSearch: rest.keywordSearch
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v3/fortify-on-demand-connect-networks
      name: api-v3-fortify-on-demand-connect-networks
      description: REST surface for api-v3-fortify-on-demand-connect-networks.
      operations:
      - method: GET
        name: listfortifyconnectnetworks
        description: List Fortify Connect networks
        call: on-demand-applications.listfortifyconnectnetworks
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: on-demand-applications-mcp
    port: 9090
    transport: http
    description: MCP adapter for Fortify on Demand API — Applications. One tool per consumed operation, routed inline through
      this capability's consumes block.
    tools:
    - name: fortify-list-applications
      description: Fortify List applications
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: on-demand-applications.listapplications
      with:
        modifiedStartDate: tools.modifiedStartDate
      outputParameters:
      - type: object
        mapping: $.
    - name: fortify-create-application
      description: Fortify Create application
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: on-demand-applications.createapplication
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: fortify-list-application-owners
      description: Fortify List application owners
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: on-demand-applications.listapplicationowners
      outputParameters:
      - type: object
        mapping: $.
    - name: fortify-get-application
      description: Fortify Get application
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: on-demand-applications.getapplication
      outputParameters:
      - type: object
        mapping: $.
    - name: fortify-update-application
      description: Fortify Update application
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: on-demand-applications.updateapplication
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: fortify-delete-application
      description: Fortify Delete application
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: on-demand-applications.deleteapplication
      outputParameters:
      - type: object
        mapping: $.
    - name: fortify-get-issue-count-severity
      description: Fortify Get issue count by severity
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: on-demand-applications.getapplicationissuecountbyseverity
      outputParameters:
      - type: object
        mapping: $.
    - name: fortify-list-application-microservices
      description: Fortify List application microservices
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: on-demand-applications.listapplicationmicroservices
      with:
        includeReleases: tools.includeReleases
      outputParameters:
      - type: object
        mapping: $.
    - name: fortify-create-application-microservice
      description: Fortify Create application microservice
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: on-demand-applications.createapplicationmicroservice
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: fortify-list-application-releases
      description: Fortify List application releases
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: on-demand-applications.listapplicationreleases
      with:
        modifiedStartDate: tools.modifiedStartDate
      outputParameters:
      - type: object
        mapping: $.
    - name: fortify-list-application-scans
      description: Fortify List application scans
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: on-demand-applications.listapplicationscans
      outputParameters:
      - type: object
        mapping: $.
    - name: fortify-list-application-users
      description: Fortify List application users
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: on-demand-applications.listapplicationusers
      outputParameters:
      - type: object
        mapping: $.
    - name: fortify-get-application-vulnerability
      description: Fortify Get application vulnerability
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: on-demand-applications.getapplicationvulnerability
      with:
        vulnerabilityId: tools.vulnerabilityId
        includeFixed: tools.includeFixed
        includeSuppressed: tools.includeSuppressed
        keywordSearch: tools.keywordSearch
      outputParameters:
      - type: object
        mapping: $.
    - name: list-fortify-connect-networks
      description: List Fortify Connect networks
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: on-demand-applications.listfortifyconnectnetworks
      outputParameters:
      - type: object
        mapping: $.