fortify-ssc

use this skill whenever the user wants to list and filter application security findings, discover applications and versions, and manage applications using Fortify Software Security Center (SSC). Triggers include: any mention of 'SSC', 'list vulnerabilities', 'list applications', and similar requests indicating interaction with Fortify SSC for application security tasks. OpenText Application Security is the new name for Fortify Software Security Center.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "fortify-ssc" with this command: npx skills add crance/agent-skills-fortify/crance-agent-skills-fortify-fortify-ssc

Fortify Software Security Center (SSC) Skill

Fortify Software Security Center (SSC) integration via Model Context Protocol (MCP).

When to Use This Skill

  • List application and application version
  • List security issues/vulnerabilities with filtering by severity, category, etc.
  • Count issues grouped by severity, category, etc.

Available MCP Tools

Only key MCP tools for SSC are listed here.

ToolDescriptionWhen to Use
fcli_ssc_session_listList authentication sessionsCheck authentication status
fcli_ssc_app_listList applicationsDiscover available applications
fcli_ssc_app_getGet details of a specific applicationRetrieve detailed information about an application
fcli_ssc_appversion_listList application versionsDiscover available application versions
fcli_ssc_appversion_getGet details of a specific application versionRetrieve detailed information about an application version
fcli_ssc_issue_listList issuesRetrieve a list of security issues/vulnerabilities
fcli_ssc_issue_list_filtersDiscover available filtering options for issuesLook for most appropriate filter to use
fcli_ssc_issue_list_groupsDiscover available grouping options for issuesLook for most appropriate group to use
fcli_ssc_issue_countGroup and count issuesCount issues grouped by severity, category, etc. Always include --by parameter
fcli_ssc_mcp_jobWait for background jobs to completeWhen pagination.jobToken is present in responses

Parameter Formats

Common formats and examples for key parameters:

ParameterFormatExample
appVersionNameOrId or --appversion"<App>:<Version>" - case-sensitive, colon-separated"MyApp:MyRelease"
--filter"<FilterType>:<Value>" - preferred server-side filtering; discover via issue_list_filters first"Folder:Critical"
--filtersetFilter set title or ID - predefined SSC filter combinations (e.g., "Security Auditor View", "Quick View"); distinct from --filter"Security Auditor View"
--embedComma-separated values to include additional data (see reference files for specific options)"details,auditHistory"
--byGroup name from issue_list_groups - always include when using issue_count"Folder", "Category"

Authentication

All operations require authentication. Always verify session before any operation:

fcli_ssc_session_list with refresh-cache=true
  • If Expired = No → proceed
  • If expired → ask user to run locally: fcli ssc session login --url "<URL>" -u "<user>" -p '<pass>'
  • When running any SSC tool, if authentication error occurs, prompt user to re-authenticate locally.

Note: Reference workflows assume authentication has been verified.

Filtering: Prefer --filter; query Optional

  • Prefer --filter for server-side filtering (fastest, smallest payloads)
  • Optionally use query as a client-side post-filter when you need a simple match on returned fields
  • Always discover available filters with issue_list_filters before applying them

Pagination

  • If pagination.hasMore = true → use pagination-offset for next page
  • If pagination.jobToken present → background loading; wait with fcli_ssc_mcp_job (see Background Job Handling)
  • Once pagination.totalRecords appears → all records collected

Error Recovery

ErrorRecovery
"Session expired"Refer to flow in Authentication section
"Application version not found"Run app_list to discover correct names
"Unknown filter"Run issue_list_filters to discover valid filters

Decision Tree: Choosing the Right Approach

User IntentAction
"list/show vulnerabilities"issue_list with --filter + --embed details
"how many / count / summary"issue_count with --by
"find app / which version"app_listappversion_list

Best Practices

DO:

  • ✅ Use --filter for filtering
  • ✅ Prioritize server-side filtering over client-side
  • ✅ Prioritize use MCP tool over FCLI CLI directly

Do NOT:

  • ❌ Guess application/version names - ask the user
  • ❌ Prompt user for credentials - ask user to run fcli ssc session login locally
  • ❌ Assume filter names exist - always run issue_list_filters first
  • ❌ Make multiple API calls for details - use --embed parameter instead

References

Example Workflows

WorkflowUse When User Says...
List and find Applications Versions"list applications", "show application versions", "what applications are available"
List, Filter and Query Issues"list vulnerabilities", "show security issues", "filter issues by severity", "include suppressed issues"
Summarise and Count Issues"count issues", "show summary", "breakdown by severity"
Provide Recommendations"show recommendations", "provide remediation advice", "how to fix"
Background Job HandlingWhen pagination.jobToken appears in responses, background data loading

External Resources

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Automation

fortify-fod

No summary provided by upstream source.

Repository SourceNeeds Review
6-crance
Automation

fortify-scsast

No summary provided by upstream source.

Repository SourceNeeds Review
4-crance
Automation

fortify-scdast

No summary provided by upstream source.

Repository SourceNeeds Review
4-crance
Security

Due Diligence Data Room

Organize, audit, and generate investor or acquirer due diligence data rooms for startups and SMBs. Maps required documents by category (financial, legal, HR,...

Registry SourceRecently Updated
140samledger67-dotcom