Fortify · Capability

Fortify on Demand API — Releases

Fortify on Demand API — Releases. 16 operations. Lead operation: Fortify List application releases. Self-contained Naftiko capability covering one Fortify business surface.

Run with Naftiko FortifyReleases

What You Can Do

GET
Listapplicationreleases — Fortify List application releases
/v1/api/v3/applications/{applicationid}/releases
GET
Listreleases — Fortify List releases
/v1/api/v3/releases
POST
Createrelease — Fortify Create release
/v1/api/v3/releases
GET
Getrelease — Fortify Get release
/v1/api/v3/releases/{releaseid}
PUT
Updaterelease — Fortify Update release
/v1/api/v3/releases/{releaseid}
DELETE
Deleterelease — Fortify Delete release
/v1/api/v3/releases/{releaseid}
GET
Listreleaseassessmenttypes — Fortify List assessment types
/v1/api/v3/releases/{releaseid}/assessment-types
POST
Setreleaseauditaction — Fortify Set audit action
/v1/api/v3/releases/{releaseid}/audit-action
GET
Getreleaseauditoptions — Fortify Get audit options
/v1/api/v3/releases/{releaseid}/audit-options
GET
Listreleasecategoryrollups — Fortify List vulnerability category rollups
/v1/api/v3/releases/{releaseid}/category-rollups
GET
Downloadreleasefpr — Fortify Download release FPR
/v1/api/v3/releases/{releaseid}/fpr
GET
Getreleaseimportscansessionid — Fortify Get import scan session ID
/v1/api/v3/releases/{releaseid}/import-scan-session-id
GET
Listreleasescans — Fortify List release scans
/v1/api/v3/releases/{releaseid}/scans
GET
Getreleasescan — Fortify Get release scan
/v1/api/v3/releases/{releaseid}/scans/{scanid}
GET
Getreleasescanpollingsummary — Fortify Get scan polling summary
/v1/api/v3/releases/{releaseid}/scans/{scanid}/polling-summary
GET
Getreleasestaticscanoptions — Fortify Get static scan options
/v1/api/v3/releases/{releaseid}/static-scan-options

MCP Tools

fortify-list-application-releases

Fortify List application releases

read-only idempotent
fortify-list-releases

Fortify List releases

read-only idempotent
fortify-create-release

Fortify Create release

fortify-get-release

Fortify Get release

read-only idempotent
fortify-update-release

Fortify Update release

idempotent
fortify-delete-release

Fortify Delete release

idempotent
fortify-list-assessment-types

Fortify List assessment types

read-only idempotent
fortify-set-audit-action

Fortify Set audit action

fortify-get-audit-options

Fortify Get audit options

read-only idempotent
fortify-list-vulnerability-category-rollups

Fortify List vulnerability category rollups

read-only idempotent
fortify-download-release-fpr

Fortify Download release FPR

read-only idempotent
fortify-get-import-scan-session

Fortify Get import scan session ID

read-only idempotent
fortify-list-release-scans

Fortify List release scans

read-only idempotent
fortify-get-release-scan

Fortify Get release scan

read-only idempotent
fortify-get-scan-polling-summary

Fortify Get scan polling summary

read-only idempotent
fortify-get-static-scan-options

Fortify Get static scan options

read-only idempotent

Capability Spec

on-demand-releases.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Fortify on Demand API — Releases
  description: 'Fortify on Demand API — Releases. 16 operations. Lead operation: Fortify List application releases. Self-contained
    Naftiko capability covering one Fortify business surface.'
  tags:
  - Fortify
  - Releases
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    FORTIFY_API_KEY: FORTIFY_API_KEY
capability:
  consumes:
  - type: http
    namespace: on-demand-releases
    baseUri: https://api.ams.fortify.com
    description: Fortify on Demand API — Releases business capability. Self-contained, no shared references.
    resources:
    - name: api-v3-applications-applicationId-releases
      path: /api/v3/applications/{applicationId}/releases
      operations:
      - name: listapplicationreleases
        method: GET
        description: Fortify List application releases
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: modifiedStartDate
          in: query
          type: string
          description: Filter releases modified after this date
    - name: api-v3-releases
      path: /api/v3/releases
      operations:
      - name: listreleases
        method: GET
        description: Fortify List releases
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: modifiedStartDate
          in: query
          type: string
          description: Filter releases modified after this date
      - name: createrelease
        method: POST
        description: Fortify Create release
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-v3-releases-releaseId
      path: /api/v3/releases/{releaseId}
      operations:
      - name: getrelease
        method: GET
        description: Fortify Get release
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updaterelease
        method: PUT
        description: Fortify Update release
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
      - name: deleterelease
        method: DELETE
        description: Fortify Delete release
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-releases-releaseId-assessment-types
      path: /api/v3/releases/{releaseId}/assessment-types
      operations:
      - name: listreleaseassessmenttypes
        method: GET
        description: Fortify List assessment types
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: scanType
          in: query
          type: string
          description: Type of scan to retrieve assessment types for
          required: true
    - name: api-v3-releases-releaseId-audit-action
      path: /api/v3/releases/{releaseId}/audit-action
      operations:
      - name: setreleaseauditaction
        method: POST
        description: Fortify Set audit action
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-v3-releases-releaseId-audit-options
      path: /api/v3/releases/{releaseId}/audit-options
      operations:
      - name: getreleaseauditoptions
        method: GET
        description: Fortify Get audit options
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-releases-releaseId-category-rollups
      path: /api/v3/releases/{releaseId}/category-rollups
      operations:
      - name: listreleasecategoryrollups
        method: GET
        description: Fortify List vulnerability category rollups
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: showFixed
          in: query
          type: boolean
          description: Include fixed vulnerabilities
        - name: vulnerabilitiesSeverityType
          in: query
          type: string
          description: Filter by severity type
    - name: api-v3-releases-releaseId-fpr
      path: /api/v3/releases/{releaseId}/fpr
      operations:
      - name: downloadreleasefpr
        method: GET
        description: Fortify Download release FPR
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: scanType
          in: query
          type: string
          description: Type of scan to download FPR for
    - name: api-v3-releases-releaseId-import-scan-session-id
      path: /api/v3/releases/{releaseId}/import-scan-session-id
      operations:
      - name: getreleaseimportscansessionid
        method: GET
        description: Fortify Get import scan session ID
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-releases-releaseId-scans
      path: /api/v3/releases/{releaseId}/scans
      operations:
      - name: listreleasescans
        method: GET
        description: Fortify List release scans
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-v3-releases-releaseId-scans-scanId
      path: /api/v3/releases/{releaseId}/scans/{scanId}
      operations:
      - name: getreleasescan
        method: GET
        description: Fortify Get release scan
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: scanId
          in: path
          type: integer
          description: Unique identifier of the scan
          required: true
    - name: api-v3-releases-releaseId-scans-scanId-polling-summary
      path: /api/v3/releases/{releaseId}/scans/{scanId}/polling-summary
      operations:
      - name: getreleasescanpollingsummary
        method: GET
        description: Fortify Get scan polling summary
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: scanId
          in: path
          type: integer
          description: Unique identifier of the scan
          required: true
    - name: api-v3-releases-releaseId-static-scan-options
      path: /api/v3/releases/{releaseId}/static-scan-options
      operations:
      - name: getreleasestaticscanoptions
        method: GET
        description: Fortify Get static scan options
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: technologyStack
          in: query
          type: string
          description: Technology stack identifier
        - name: languageLevel
          in: query
          type: string
          description: Language level identifier
        - name: assessmentTypeId
          in: query
          type: integer
          description: Assessment type identifier
        - name: entitlementFrequencyType
          in: query
          type: string
          description: Entitlement frequency type
    authentication:
      type: bearer
      token: '{{env.FORTIFY_API_KEY}}'
  exposes:
  - type: rest
    namespace: on-demand-releases-rest
    port: 8080
    description: REST adapter for Fortify on Demand API — Releases. One Spectral-compliant resource per consumed operation,
      prefixed with /v1.
    resources:
    - path: /v1/api/v3/applications/{applicationid}/releases
      name: api-v3-applications-applicationid-releases
      description: REST surface for api-v3-applications-applicationId-releases.
      operations:
      - method: GET
        name: listapplicationreleases
        description: Fortify List application releases
        call: on-demand-releases.listapplicationreleases
        with:
          modifiedStartDate: rest.modifiedStartDate
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v3/releases
      name: api-v3-releases
      description: REST surface for api-v3-releases.
      operations:
      - method: GET
        name: listreleases
        description: Fortify List releases
        call: on-demand-releases.listreleases
        with:
          modifiedStartDate: rest.modifiedStartDate
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: createrelease
        description: Fortify Create release
        call: on-demand-releases.createrelease
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v3/releases/{releaseid}
      name: api-v3-releases-releaseid
      description: REST surface for api-v3-releases-releaseId.
      operations:
      - method: GET
        name: getrelease
        description: Fortify Get release
        call: on-demand-releases.getrelease
        outputParameters:
        - type: object
          mapping: $.
      - method: PUT
        name: updaterelease
        description: Fortify Update release
        call: on-demand-releases.updaterelease
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
      - method: DELETE
        name: deleterelease
        description: Fortify Delete release
        call: on-demand-releases.deleterelease
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v3/releases/{releaseid}/assessment-types
      name: api-v3-releases-releaseid-assessment-types
      description: REST surface for api-v3-releases-releaseId-assessment-types.
      operations:
      - method: GET
        name: listreleaseassessmenttypes
        description: Fortify List assessment types
        call: on-demand-releases.listreleaseassessmenttypes
        with:
          scanType: rest.scanType
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v3/releases/{releaseid}/audit-action
      name: api-v3-releases-releaseid-audit-action
      description: REST surface for api-v3-releases-releaseId-audit-action.
      operations:
      - method: POST
        name: setreleaseauditaction
        description: Fortify Set audit action
        call: on-demand-releases.setreleaseauditaction
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v3/releases/{releaseid}/audit-options
      name: api-v3-releases-releaseid-audit-options
      description: REST surface for api-v3-releases-releaseId-audit-options.
      operations:
      - method: GET
        name: getreleaseauditoptions
        description: Fortify Get audit options
        call: on-demand-releases.getreleaseauditoptions
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v3/releases/{releaseid}/category-rollups
      name: api-v3-releases-releaseid-category-rollups
      description: REST surface for api-v3-releases-releaseId-category-rollups.
      operations:
      - method: GET
        name: listreleasecategoryrollups
        description: Fortify List vulnerability category rollups
        call: on-demand-releases.listreleasecategoryrollups
        with:
          showFixed: rest.showFixed
          vulnerabilitiesSeverityType: rest.vulnerabilitiesSeverityType
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v3/releases/{releaseid}/fpr
      name: api-v3-releases-releaseid-fpr
      description: REST surface for api-v3-releases-releaseId-fpr.
      operations:
      - method: GET
        name: downloadreleasefpr
        description: Fortify Download release FPR
        call: on-demand-releases.downloadreleasefpr
        with:
          scanType: rest.scanType
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v3/releases/{releaseid}/import-scan-session-id
      name: api-v3-releases-releaseid-import-scan-session-id
      description: REST surface for api-v3-releases-releaseId-import-scan-session-id.
      operations:
      - method: GET
        name: getreleaseimportscansessionid
        description: Fortify Get import scan session ID
        call: on-demand-releases.getreleaseimportscansessionid
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v3/releases/{releaseid}/scans
      name: api-v3-releases-releaseid-scans
      description: REST surface for api-v3-releases-releaseId-scans.
      operations:
      - method: GET
        name: listreleasescans
        description: Fortify List release scans
        call: on-demand-releases.listreleasescans
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v3/releases/{releaseid}/scans/{scanid}
      name: api-v3-releases-releaseid-scans-scanid
      description: REST surface for api-v3-releases-releaseId-scans-scanId.
      operations:
      - method: GET
        name: getreleasescan
        description: Fortify Get release scan
        call: on-demand-releases.getreleasescan
        with:
          scanId: rest.scanId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v3/releases/{releaseid}/scans/{scanid}/polling-summary
      name: api-v3-releases-releaseid-scans-scanid-polling-summary
      description: REST surface for api-v3-releases-releaseId-scans-scanId-polling-summary.
      operations:
      - method: GET
        name: getreleasescanpollingsummary
        description: Fortify Get scan polling summary
        call: on-demand-releases.getreleasescanpollingsummary
        with:
          scanId: rest.scanId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v3/releases/{releaseid}/static-scan-options
      name: api-v3-releases-releaseid-static-scan-options
      description: REST surface for api-v3-releases-releaseId-static-scan-options.
      operations:
      - method: GET
        name: getreleasestaticscanoptions
        description: Fortify Get static scan options
        call: on-demand-releases.getreleasestaticscanoptions
        with:
          technologyStack: rest.technologyStack
          languageLevel: rest.languageLevel
          assessmentTypeId: rest.assessmentTypeId
          entitlementFrequencyType: rest.entitlementFrequencyType
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: on-demand-releases-mcp
    port: 9090
    transport: http
    description: MCP adapter for Fortify on Demand API — Releases. One tool per consumed operation, routed inline through
      this capability's consumes block.
    tools:
    - name: fortify-list-application-releases
      description: Fortify List application releases
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: on-demand-releases.listapplicationreleases
      with:
        modifiedStartDate: tools.modifiedStartDate
      outputParameters:
      - type: object
        mapping: $.
    - name: fortify-list-releases
      description: Fortify List releases
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: on-demand-releases.listreleases
      with:
        modifiedStartDate: tools.modifiedStartDate
      outputParameters:
      - type: object
        mapping: $.
    - name: fortify-create-release
      description: Fortify Create release
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: on-demand-releases.createrelease
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: fortify-get-release
      description: Fortify Get release
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: on-demand-releases.getrelease
      outputParameters:
      - type: object
        mapping: $.
    - name: fortify-update-release
      description: Fortify Update release
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: on-demand-releases.updaterelease
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: fortify-delete-release
      description: Fortify Delete release
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: on-demand-releases.deleterelease
      outputParameters:
      - type: object
        mapping: $.
    - name: fortify-list-assessment-types
      description: Fortify List assessment types
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: on-demand-releases.listreleaseassessmenttypes
      with:
        scanType: tools.scanType
      outputParameters:
      - type: object
        mapping: $.
    - name: fortify-set-audit-action
      description: Fortify Set audit action
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: on-demand-releases.setreleaseauditaction
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: fortify-get-audit-options
      description: Fortify Get audit options
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: on-demand-releases.getreleaseauditoptions
      outputParameters:
      - type: object
        mapping: $.
    - name: fortify-list-vulnerability-category-rollups
      description: Fortify List vulnerability category rollups
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: on-demand-releases.listreleasecategoryrollups
      with:
        showFixed: tools.showFixed
        vulnerabilitiesSeverityType: tools.vulnerabilitiesSeverityType
      outputParameters:
      - type: object
        mapping: $.
    - name: fortify-download-release-fpr
      description: Fortify Download release FPR
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: on-demand-releases.downloadreleasefpr
      with:
        scanType: tools.scanType
      outputParameters:
      - type: object
        mapping: $.
    - name: fortify-get-import-scan-session
      description: Fortify Get import scan session ID
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: on-demand-releases.getreleaseimportscansessionid
      outputParameters:
      - type: object
        mapping: $.
    - name: fortify-list-release-scans
      description: Fortify List release scans
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: on-demand-releases.listreleasescans
      outputParameters:
      - type: object
        mapping: $.
    - name: fortify-get-release-scan
      description: Fortify Get release scan
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: on-demand-releases.getreleasescan
      with:
        scanId: tools.scanId
      outputParameters:
      - type: object
        mapping: $.
    - name: fortify-get-scan-polling-summary
      description: Fortify Get scan polling summary
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: on-demand-releases.getreleasescanpollingsummary
      with:
        scanId: tools.scanId
      outputParameters:
      - type: object
        mapping: $.
    - name: fortify-get-static-scan-options
      description: Fortify Get static scan options
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: on-demand-releases.getreleasestaticscanoptions
      with:
        technologyStack: tools.technologyStack
        languageLevel: tools.languageLevel
        assessmentTypeId: tools.assessmentTypeId
        entitlementFrequencyType: tools.entitlementFrequencyType
      outputParameters:
      - type: object
        mapping: $.