Fortify · Capability

Fortify ScanCentral DAST API — Scan Policies

Fortify ScanCentral DAST API — Scan Policies. 2 operations. Lead operation: Fortify List scan policies. Self-contained Naftiko capability covering one Fortify business surface.

Run with Naftiko FortifyScan Policies

What You Can Do

GET
Listscanpolicies — Fortify List scan policies
/v1/scan-policies
GET
Getscanpolicy — Fortify Get scan policy
/v1/scan-policies/{scanpolicyid}

MCP Tools

fortify-list-scan-policies

Fortify List scan policies

read-only idempotent
fortify-get-scan-policy

Fortify Get scan policy

read-only idempotent

Capability Spec

scancentral-dast-scan-policies.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Fortify ScanCentral DAST API — Scan Policies
  description: 'Fortify ScanCentral DAST API — Scan Policies. 2 operations. Lead operation: Fortify List scan policies. Self-contained
    Naftiko capability covering one Fortify business surface.'
  tags:
  - Fortify
  - Scan Policies
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    FORTIFY_API_KEY: FORTIFY_API_KEY
capability:
  consumes:
  - type: http
    namespace: scancentral-dast-scan-policies
    baseUri: ''
    description: Fortify ScanCentral DAST API — Scan Policies business capability. Self-contained, no shared references.
    resources:
    - name: scan-policies
      path: /scan-policies
      operations:
      - name: listscanpolicies
        method: GET
        description: Fortify List scan policies
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: scan-policies-scanPolicyId
      path: /scan-policies/{scanPolicyId}
      operations:
      - name: getscanpolicy
        method: GET
        description: Fortify Get scan policy
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: scanPolicyId
          in: path
          type: string
          description: Unique identifier of the scan policy
          required: true
    authentication:
      type: apikey
      key: Authorization
      value: '{{env.FORTIFY_API_KEY}}'
      placement: header
  exposes:
  - type: rest
    namespace: scancentral-dast-scan-policies-rest
    port: 8080
    description: REST adapter for Fortify ScanCentral DAST API — Scan Policies. One Spectral-compliant resource per consumed
      operation, prefixed with /v1.
    resources:
    - path: /v1/scan-policies
      name: scan-policies
      description: REST surface for scan-policies.
      operations:
      - method: GET
        name: listscanpolicies
        description: Fortify List scan policies
        call: scancentral-dast-scan-policies.listscanpolicies
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/scan-policies/{scanpolicyid}
      name: scan-policies-scanpolicyid
      description: REST surface for scan-policies-scanPolicyId.
      operations:
      - method: GET
        name: getscanpolicy
        description: Fortify Get scan policy
        call: scancentral-dast-scan-policies.getscanpolicy
        with:
          scanPolicyId: rest.scanPolicyId
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: scancentral-dast-scan-policies-mcp
    port: 9090
    transport: http
    description: MCP adapter for Fortify ScanCentral DAST API — Scan Policies. One tool per consumed operation, routed inline
      through this capability's consumes block.
    tools:
    - name: fortify-list-scan-policies
      description: Fortify List scan policies
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: scancentral-dast-scan-policies.listscanpolicies
      outputParameters:
      - type: object
        mapping: $.
    - name: fortify-get-scan-policy
      description: Fortify Get scan policy
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: scancentral-dast-scan-policies.getscanpolicy
      with:
        scanPolicyId: tools.scanPolicyId
      outputParameters:
      - type: object
        mapping: $.