fortify-fod
Fortify on Demand (FoD) Skill
Fortify on Demand (FoD) integration via Model Context Protocol (MCP).
When to Use This Skill
- List applications and releases
- Run security scans (SAST, SCA, DAST, MAST)
- List security issues/vulnerabilities with filtering by severity, category, etc.
- Count issues grouped by severity, category, etc.
- Manage scan configurations and monitor scan progress
- Generate and download security reports
Parameter Formats
Common formats and examples for key parameters:
| Parameter | Format | Example |
|---|---|---|
--release |
"<App>[:<MicroService>]:<Release>" - case-sensitive, colon-separated (for *_list, *_scan_setup, *_scan_start, *_scan_get_config tools) |
"MyApp:MyRelease" or "MyApp:MyService:MyRelease" |
qualifiedReleaseNameOrId |
"<App>[:<MicroService>]:<Release>" - positional param, case-sensitive, colon-separated (for release_get tool) |
"MyApp:MyRelease" or "MyApp:MyService:MyRelease" |
appNameOrId |
Application name or ID - positional param, camelCase (for app_get tool) |
"MyApp" or "5011" |
releaseQualifiedScanOrId |
Scan ID or qualified scan ID (for *_scan_get tools) - Always use scan ID returned from *_scan_start or from *_scan_list |
"12345" or "MyApp:MyRelease:12345" |
More from crance/agent-skills-fortify
fortify-ssc
use this skill whenever the user wants to list and filter application security findings, discover applications and versions, and manage applications using Fortify Software Security Center (SSC). Triggers include: any mention of 'SSC', 'list vulnerabilities', 'list applications', and similar requests indicating interaction with Fortify SSC for application security tasks. OpenText Application Security is the new name for Fortify Software Security Center.
7fortify-onprem
Use this skill whenever the user wants to list and filter application security findings, run SAST or DAST scans, discover applications and versions, and manage security assessments using Fortify on-premises products: Software Security Center (SSC), ScanCentral SAST (SC-SAST), and ScanCentral DAST (SC-DAST). Triggers include: any mention of 'SSC', 'ScanCentral', 'SC-SAST', 'SC-DAST', 'list vulnerabilities', 'run SAST scan', 'run DAST scan', 'list applications', 'DAST scan', 'web scan', 'dynamic scan', and similar requests for on-premises Fortify products.
6fortify-scdast
ScanCentral DAST guide for MCP tools. Run dynamic application security testing (DAST) scans, list and filter scan results, discover scan settings and policies, and manage web application security scanning using Fortify ScanCentral DAST. Triggers include any mention of 'SC-DAST', 'ScanCentral DAST', 'DAST scan', 'web scan', 'dynamic scan', 'run DAST scan', 'list scans', and similar requests indicating interaction with SC-DAST for dynamic application security scanning.
5fortify-scsast
ScanCentral SAST guide for MCP tools. Package source code, run SAST scans on ScanCentral sensors, monitor scan progress, and retrieve results from SSC.
5