Synopsys · Capability

Synopsys Application Security Testing

Unified application security testing capability combining Synopsys Polaris platform APIs for project management, scan orchestration, security issue tracking, and report generation. Enables DevSecOps teams to automate security testing workflows across SAST, SCA, and IAST testing types.

Run with Naftiko SynopsysApplication Security TestingDevSecOpsStatic AnalysisSoftware Composition AnalysisSASTSCA

What You Can Do

GET
List projects — List all application security projects.
/v1/projects
GET
Get project — Get details for a specific security project.
/v1/projects
GET
List scans — List scan runs with status and issue counts.
/v1/scans
GET
List issues — List security issues found by Polaris scans.
/v1/issues
GET
Get issue — Get details for a specific security issue.
/v1/issues
POST
Generate report — Generate a security report for a project.
/v1/reports

MCP Tools

list-projects

List all application security projects in the Synopsys Polaris platform.

read-only idempotent
get-project

Get details for a specific Polaris security project including branches.

read-only idempotent
list-scans

List security scan runs for a project or branch with status tracking.

read-only idempotent
list-issues

List security issues discovered by Polaris scans, filterable by severity and type.

read-only idempotent
get-issue

Get full details for a specific security issue including CWE, file path, and line number.

read-only idempotent
generate-security-report

Generate a security report (PDF, JSON, or CSV) for a Polaris project.

APIs Used

synopsys-polaris

Capability Spec

application-security-testing.yaml Raw ↑ 
naftiko: "1.0.0-alpha1"

info:
  label: "Synopsys Application Security Testing"
  description: >-
    Unified application security testing capability combining Synopsys Polaris
    platform APIs for project management, scan orchestration, security issue
    tracking, and report generation. Enables DevSecOps teams to automate
    security testing workflows across SAST, SCA, and IAST testing types.
  tags:
    - Synopsys
    - Application Security Testing
    - DevSecOps
    - Static Analysis
    - Software Composition Analysis
    - SAST
    - SCA
  created: "2026-05-03"
  modified: "2026-05-03"

binds:
  - namespace: env
    keys:
      POLARIS_ACCESS_TOKEN: POLARIS_ACCESS_TOKEN

capability:
  consumes:
    - import: synopsys-polaris
      location: ./shared/polaris.yaml

  exposes:
    - type: rest
      port: 8080
      namespace: synopsys-appsec-api
      description: "Unified REST API for Synopsys application security testing workflows."
      resources:
        - path: /v1/projects
          name: projects
          description: "Application security project management."
          operations:
            - method: GET
              name: list-projects
              description: "List all application security projects."
              call: "synopsys-polaris.list-projects"
              with:
                page: "rest.page"
                pageSize: "rest.pageSize"
                filter: "rest.filter"
              outputParameters:
                - type: object
                  mapping: "$."
            - method: GET
              name: get-project
              description: "Get details for a specific security project."
              call: "synopsys-polaris.get-project"
              with:
                projectId: "rest.projectId"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/scans
          name: scans
          description: "Security scan management."
          operations:
            - method: GET
              name: list-scans
              description: "List scan runs with status and issue counts."
              call: "synopsys-polaris.list-scans"
              with:
                projectId: "rest.projectId"
                branchId: "rest.branchId"
                status: "rest.status"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/issues
          name: issues
          description: "Security issues from scans."
          operations:
            - method: GET
              name: list-issues
              description: "List security issues found by Polaris scans."
              call: "synopsys-polaris.list-issues"
              with:
                projectId: "rest.projectId"
                branchId: "rest.branchId"
                severity: "rest.severity"
                type: "rest.type"
                page: "rest.page"
                pageSize: "rest.pageSize"
              outputParameters:
                - type: object
                  mapping: "$."
            - method: GET
              name: get-issue
              description: "Get details for a specific security issue."
              call: "synopsys-polaris.get-issue"
              with:
                issueId: "rest.issueId"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/reports
          name: reports
          description: "Security report generation."
          operations:
            - method: POST
              name: generate-report
              description: "Generate a security report for a project."
              call: "synopsys-polaris.generate-report"
              with:
                projectId: "rest.projectId"
                format: "rest.format"
              outputParameters:
                - type: object
                  mapping: "$."

    - type: mcp
      port: 9090
      namespace: synopsys-appsec-mcp
      transport: http
      description: "MCP server for AI-assisted application security testing using Synopsys Polaris."
      tools:
        - name: list-projects
          description: "List all application security projects in the Synopsys Polaris platform."
          hints:
            readOnly: true
            destructive: false
            idempotent: true
          call: "synopsys-polaris.list-projects"
          with:
            page: "tools.page"
            pageSize: "tools.pageSize"
            filter: "tools.filter"
          outputParameters:
            - type: object
              mapping: "$."

        - name: get-project
          description: "Get details for a specific Polaris security project including branches."
          hints:
            readOnly: true
            destructive: false
            idempotent: true
          call: "synopsys-polaris.get-project"
          with:
            projectId: "tools.projectId"
          outputParameters:
            - type: object
              mapping: "$."

        - name: list-scans
          description: "List security scan runs for a project or branch with status tracking."
          hints:
            readOnly: true
            destructive: false
            idempotent: true
          call: "synopsys-polaris.list-scans"
          with:
            projectId: "tools.projectId"
            branchId: "tools.branchId"
            status: "tools.status"
          outputParameters:
            - type: object
              mapping: "$."

        - name: list-issues
          description: "List security issues discovered by Polaris scans, filterable by severity and type."
          hints:
            readOnly: true
            destructive: false
            idempotent: true
          call: "synopsys-polaris.list-issues"
          with:
            projectId: "tools.projectId"
            branchId: "tools.branchId"
            severity: "tools.severity"
            type: "tools.type"
            page: "tools.page"
            pageSize: "tools.pageSize"
          outputParameters:
            - type: object
              mapping: "$."

        - name: get-issue
          description: "Get full details for a specific security issue including CWE, file path, and line number."
          hints:
            readOnly: true
            destructive: false
            idempotent: true
          call: "synopsys-polaris.get-issue"
          with:
            issueId: "tools.issueId"
          outputParameters:
            - type: object
              mapping: "$."

        - name: generate-security-report
          description: "Generate a security report (PDF, JSON, or CSV) for a Polaris project."
          hints:
            readOnly: false
            destructive: false
            idempotent: false
          call: "synopsys-polaris.generate-report"
          with:
            projectId: "tools.projectId"
            format: "tools.format"
          outputParameters:
            - type: object
              mapping: "$."