fortify-onprem
Fortify On-Premises Skill
Combined skill for Fortify on-premises products via Model Context Protocol (MCP):
- SSC — Application security findings, vulnerability management
- SC-SAST — Static application security testing at scale
- SC-DAST — Dynamic application security testing
Parameter Formats
| Parameter | Format | Example |
|---|---|---|
appVersionNameOrId / --appversion / --publish-to |
"<App>:<Version>" — case-sensitive, colon-separated |
"MyApp:1.0" |
--filter (SSC issues) |
"<FilterType>:<Value>" — discover via issue_list_filters first |
"Folder:Critical" |
--filterset |
Filter set title or ID | "Security Auditor View" |
--embed (SSC issues) |
Comma-separated values | "details,auditHistory" |
--by (SSC issue_count) |
Group name from issue_list_groups |
"Folder", "Category" |
--sc-client-version (SC-SAST) |
Version string or latest |
"latest" (recommended) |
--settings (SC-DAST) |
CICD token or numeric ID | "MY_APP_SETTINGS" |
--mode (SC-DAST) |
Scan mode string | "CrawlOnly", "CrawlAndAudit", "AuditOnly" |
--login-macro (SC-DAST) |
Login macro ID (optional) | "98765" |
--until (SC-DAST wait) |
Wait condition | "status=Complete" |
More from crance/agent-skills-fortify
fortify-fod
use this skill whenever the user wants to list and filter application security findings, run SAST/SCA/DAST scans, discover applications and releases, and manage security scanning using Fortify on Demand (FoD). Triggers include: any mention of 'FoD', 'Fortify on Demand', 'list vulnerabilities', 'run SAST scan', 'run SCA scan', 'run DAST scan', 'list applications', 'list releases', 'package source code', 'security scan', and similar requests indicating interaction with FoD for application security scanning and vulnerability management.
11fortify-ssc
use this skill whenever the user wants to list and filter application security findings, discover applications and versions, and manage applications using Fortify Software Security Center (SSC). Triggers include: any mention of 'SSC', 'list vulnerabilities', 'list applications', and similar requests indicating interaction with Fortify SSC for application security tasks. OpenText Application Security is the new name for Fortify Software Security Center.
7fortify-scdast
ScanCentral DAST guide for MCP tools. Run dynamic application security testing (DAST) scans, list and filter scan results, discover scan settings and policies, and manage web application security scanning using Fortify ScanCentral DAST. Triggers include any mention of 'SC-DAST', 'ScanCentral DAST', 'DAST scan', 'web scan', 'dynamic scan', 'run DAST scan', 'list scans', and similar requests indicating interaction with SC-DAST for dynamic application security scanning.
5fortify-scsast
ScanCentral SAST guide for MCP tools. Package source code, run SAST scans on ScanCentral sensors, monitor scan progress, and retrieve results from SSC.
5