Fortify

Fortify Software Security Center API

REST API for the on-premise Fortify Software Security Center (SSC), which provides centralized management and reporting of security assessment data across an organization's application portfolio.

Documentation GitHub OpenAPI

Documentation

https://www.microfocus.com/documentation/fortify-software-security-center/2520/

https://your-ssc-server/ssc/html/docs/api-reference/

https://your-ssc-server/ssc/api/v1/auth

https://www.microfocus.com/documentation/fortify-software-security-center/

Specifications

https://raw.githubusercontent.com/api-evangelist/fortify/refs/heads/main/openapi/fortify-software-security-center-openapi.yml

Other Resources

https://github.com/fortify/ssc-restapi-client

NaftikoCapability

https://raw.githubusercontent.com/api-evangelist/fortify/refs/heads/main/capabilities/software-security-center-alert-definitions.yaml

NaftikoCapability

https://raw.githubusercontent.com/api-evangelist/fortify/refs/heads/main/capabilities/software-security-center-artifacts.yaml

NaftikoCapability

https://raw.githubusercontent.com/api-evangelist/fortify/refs/heads/main/capabilities/software-security-center-attributes.yaml

NaftikoCapability

https://raw.githubusercontent.com/api-evangelist/fortify/refs/heads/main/capabilities/software-security-center-auth-entities.yaml

NaftikoCapability

https://raw.githubusercontent.com/api-evangelist/fortify/refs/heads/main/capabilities/software-security-center-authentication.yaml

NaftikoCapability

https://raw.githubusercontent.com/api-evangelist/fortify/refs/heads/main/capabilities/software-security-center-cloud-pools.yaml

NaftikoCapability

https://raw.githubusercontent.com/api-evangelist/fortify/refs/heads/main/capabilities/software-security-center-custom-tags.yaml

NaftikoCapability

https://raw.githubusercontent.com/api-evangelist/fortify/refs/heads/main/capabilities/software-security-center-features.yaml

NaftikoCapability

https://raw.githubusercontent.com/api-evangelist/fortify/refs/heads/main/capabilities/software-security-center-file-tokens.yaml

NaftikoCapability

https://raw.githubusercontent.com/api-evangelist/fortify/refs/heads/main/capabilities/software-security-center-issue-selectors.yaml

NaftikoCapability

https://raw.githubusercontent.com/api-evangelist/fortify/refs/heads/main/capabilities/software-security-center-issues.yaml

NaftikoCapability

https://raw.githubusercontent.com/api-evangelist/fortify/refs/heads/main/capabilities/software-security-center-jobs.yaml

NaftikoCapability

https://raw.githubusercontent.com/api-evangelist/fortify/refs/heads/main/capabilities/software-security-center-performance-indicators.yaml

NaftikoCapability

https://raw.githubusercontent.com/api-evangelist/fortify/refs/heads/main/capabilities/software-security-center-project-versions.yaml

NaftikoCapability

https://raw.githubusercontent.com/api-evangelist/fortify/refs/heads/main/capabilities/software-security-center-projects.yaml

NaftikoCapability

https://raw.githubusercontent.com/api-evangelist/fortify/refs/heads/main/capabilities/software-security-center-reports.yaml

NaftikoCapability

https://raw.githubusercontent.com/api-evangelist/fortify/refs/heads/main/capabilities/software-security-center-saved-reports.yaml

NaftikoCapability

https://raw.githubusercontent.com/api-evangelist/fortify/refs/heads/main/capabilities/software-security-center-users.yaml

OpenAPI Specification

openapi: 3.1.0
info:
  title: Fortify Software Security Center API
  description: >-
    REST API for the on-premise Fortify Software Security Center (SSC), which
    provides centralized management and reporting of security assessment data
    across an organization's application portfolio. Enables managing projects,
    application versions, issues, artifacts, reports, users, and authentication
    tokens. The SSC REST API uses token-based authentication via the
    FortifyToken authorization header.
  version: v1
  contact:
    name: OpenText Fortify Support
    url: https://www.opentext.com/support
    email: [email protected]
  license:
    name: Proprietary
    url: https://www.opentext.com/about/legal/website-terms-of-use
  x-logo:
    url: https://www.microfocus.com/brand/fortify-logo.png
externalDocs:
  description: Fortify Software Security Center Documentation
  url: https://www.microfocus.com/documentation/fortify-software-security-center/
servers:
  - url: '{protocol}://{host}/ssc/api/v1'
    description: Fortify SSC Server
    variables:
      protocol:
        default: https
        enum:
          - https
          - http
      host:
        default: localhost
        description: Your SSC server hostname and optional port
security:
  - fortifyToken: []
tags:
  - name: Alert Definitions
    description: Manage alert definitions
  - name: Artifacts
    description: Manage scan artifacts and uploads
  - name: Attributes
    description: Manage attribute definitions and values
  - name: Auth Entities
    description: Manage authentication entities (users and LDAP groups)
  - name: Authentication
    description: Manage authentication tokens
  - name: Cloud Pools
    description: Manage cloud scan worker pools
  - name: Custom Tags
    description: Manage custom tags for issue triage
  - name: Features
    description: System feature and connectivity information
  - name: File Tokens
    description: Manage file transfer tokens
  - name: Issue Selectors
    description: Retrieve issue filter metadata
  - name: Issues
    description: Access and manage vulnerability issues
  - name: Jobs
    description: Monitor processing jobs
  - name: Performance Indicators
    description: Access performance indicator data
  - name: Project Versions
    description: Manage application versions within projects
  - name: Projects
    description: Manage top-level projects
  - name: Reports
    description: Generate and manage reports
  - name: Saved Reports
    description: Manage saved report configurations
  - name: Users
    description: Manage local user accounts
paths:
  /projects:
    get:
      operationId: listProjects
      summary: Fortify List projects
      description: >-
        Retrieves a paginated list of projects. Projects are the top-level
        organizational unit containing one or more application versions.
      tags:
        - Projects
      parameters:
        - $ref: '#/components/parameters/Start'
        - $ref: '#/components/parameters/PageLimit'
        - $ref: '#/components/parameters/Q'
        - $ref: '#/components/parameters/OrderBy'
        - $ref: '#/components/parameters/Fields'
      responses:
        '200':
          description: Successful response with list of projects
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ProjectListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
    post:
      operationId: createProject
      summary: Fortify Create project
      description: Creates a new project for organizing application versions.
      tags:
        - Projects
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateProjectRequest'
      responses:
        '201':
          description: Project created successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiResultProject'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
  /projects/{id}:
    get:
      operationId: getProject
      summary: Fortify Get project
      description: Retrieves details for a specific project by identifier.
      tags:
        - Projects
      parameters:
        - $ref: '#/components/parameters/ResourceId'
        - $ref: '#/components/parameters/Fields'
      responses:
        '200':
          description: Successful response with project details
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiResultProject'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
    put:
      operationId: updateProject
      summary: Fortify Update project
      description: Updates an existing project's properties.
      tags:
        - Projects
      parameters:
        - $ref: '#/components/parameters/ResourceId'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UpdateProjectRequest'
      responses:
        '200':
          description: Project updated successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiResultProject'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
    delete:
      operationId: deleteProject
      summary: Fortify Delete project
      description: >-
        Permanently deletes a project and all associated versions and data.
      tags:
        - Projects
      parameters:
        - $ref: '#/components/parameters/ResourceId'
      responses:
        '200':
          description: Project deleted successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiResultVoid'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
  /projectVersions:
    get:
      operationId: listProjectVersions
      summary: Fortify List project versions
      description: >-
        Retrieves a paginated list of all project versions (application versions)
        accessible to the authenticated user.
      tags:
        - Project Versions
      parameters:
        - $ref: '#/components/parameters/Start'
        - $ref: '#/components/parameters/PageLimit'
        - $ref: '#/components/parameters/Q'
        - $ref: '#/components/parameters/OrderBy'
        - $ref: '#/components/parameters/Fields'
      responses:
        '200':
          description: Successful response with list of project versions
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ProjectVersionListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
    post:
      operationId: createProjectVersion
      summary: Fortify Create project version
      description: >-
        Creates a new project version. Requires committing the version after
        creation to activate it.
      tags:
        - Project Versions
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateProjectVersionRequest'
      responses:
        '201':
          description: Project version created successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiResultProjectVersion'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
  /projectVersions/{parentId}:
    get:
      operationId: getProjectVersion
      summary: Fortify Get project version
      description: Retrieves details for a specific project version by identifier.
      tags:
        - Project Versions
      parameters:
        - $ref: '#/components/parameters/ParentId'
        - $ref: '#/components/parameters/Fields'
      responses:
        '200':
          description: Successful response with project version details
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiResultProjectVersion'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
    put:
      operationId: updateProjectVersion
      summary: Fortify Update project version
      description: Updates an existing project version's properties.
      tags:
        - Project Versions
      parameters:
        - $ref: '#/components/parameters/ParentId'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UpdateProjectVersionRequest'
      responses:
        '200':
          description: Project version updated successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiResultProjectVersion'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
    delete:
      operationId: deleteProjectVersion
      summary: Fortify Delete project version
      description: >-
        Permanently deletes a project version and all associated scan data.
      tags:
        - Project Versions
      parameters:
        - $ref: '#/components/parameters/ParentId'
      responses:
        '200':
          description: Project version deleted successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiResultVoid'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
  /projectVersions/{parentId}/action:
    post:
      operationId: performProjectVersionAction
      summary: Fortify Perform project version action
      description: >-
        Performs an action on a project version such as committing, copying
        state, or sending for analysis.
      tags:
        - Project Versions
      parameters:
        - $ref: '#/components/parameters/ParentId'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ProjectVersionActionRequest'
      responses:
        '200':
          description: Action performed successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiResultVoid'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
  /projectVersions/{parentId}/issues:
    get:
      operationId: listProjectVersionIssues
      summary: Fortify List project version issues
      description: >-
        Retrieves a paginated list of vulnerability issues for the specified
        project version. Supports filtering using Fortify search syntax.
      tags:
        - Issues
      parameters:
        - $ref: '#/components/parameters/ParentId'
        - $ref: '#/components/parameters/Start'
        - $ref: '#/components/parameters/PageLimit'
        - $ref: '#/components/parameters/Q'
        - name: qm
          in: query
          description: >-
            Query mode for filtering (e.g., issues, hidden, removed, suppressed)
          schema:
            type: string
        - name: filter
          in: query
          description: Named filter to apply
          schema:
            type: string
        - name: filterset
          in: query
          description: Filter set GUID to use
          schema:
            type: string
        - name: groupid
          in: query
          description: Group identifier for issue grouping
          schema:
            type: string
        - name: groupingtype
          in: query
          description: Type of grouping to apply
          schema:
            type: string
        - $ref: '#/components/parameters/OrderBy'
        - $ref: '#/components/parameters/Fields'
      responses:
        '200':
          description: Successful response with list of issues
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/IssueListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
  /projectVersions/{parentId}/issues/{id}:
    get:
      operationId: getProjectVersionIssue
      summary: Fortify Get project version issue
      description: Retrieves details for a specific issue within a project version.
      tags:
        - Issues
      parameters:
        - $ref: '#/components/parameters/ParentId'
        - $ref: '#/components/parameters/ResourceId'
        - $ref: '#/components/parameters/Fields'
      responses:
        '200':
          description: Successful response with issue details
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiResultIssue'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
  /projectVersions/{parentId}/artifacts:
    get:
      operationId: listProjectVersionArtifacts
      summary: Fortify List project version artifacts
      description: >-
        Retrieves a paginated list of artifacts (uploaded scan results) for the
        specified project version.
      tags:
        - Artifacts
      parameters:
        - $ref: '#/components/parameters/ParentId'
        - $ref: '#/components/parameters/Start'
        - $ref: '#/components/parameters/PageLimit'
        - $ref: '#/components/parameters/Q'
        - $ref: '#/components/parameters/Fields'
      responses:
        '200':
          description: Successful response with list of artifacts
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ArtifactListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
    post:
      operationId: uploadProjectVersionArtifact
      summary: Fortify Upload artifact
      description: >-
        Uploads a scan artifact (FPR file) to the specified project version
        for processing.
      tags:
        - Artifacts
      parameters:
        - $ref: '#/components/parameters/ParentId'
      requestBody:
        required: true
        content:
          multipart/form-data:
            schema:
              type: object
              properties:
                file:
                  type: string
                  format: binary
                  description: The FPR or scan results file to upload
      responses:
        '201':
          description: Artifact uploaded successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiResultArtifact'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
  /projectVersions/{parentId}/artifacts/{id}:
    get:
      operationId: getProjectVersionArtifact
      summary: Fortify Get artifact
      description: Retrieves details for a specific artifact.
      tags:
        - Artifacts
      parameters:
        - $ref: '#/components/parameters/ParentId'
        - $ref: '#/components/parameters/ResourceId'
        - $ref: '#/components/parameters/Fields'
      responses:
        '200':
          description: Successful response with artifact details
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiResultArtifact'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
    delete:
      operationId: deleteProjectVersionArtifact
      summary: Fortify Delete artifact
      description: Deletes a specific artifact from the project version.
      tags:
        - Artifacts
      parameters:
        - $ref: '#/components/parameters/ParentId'
        - $ref: '#/components/parameters/ResourceId'
      responses:
        '200':
          description: Artifact deleted successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiResultVoid'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
  /projectVersions/{parentId}/attributes:
    get:
      operationId: listProjectVersionAttributes
      summary: Fortify List project version attributes
      description: >-
        Retrieves attribute values assigned to the specified project version.
      tags:
        - Attributes
      parameters:
        - $ref: '#/components/parameters/ParentId'
        - $ref: '#/components/parameters/Fields'
      responses:
        '200':
          description: Successful response with attribute values
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AttributeValueListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
    put:
      operationId: updateProjectVersionAttributes
      summary: Fortify Update project version attributes
      description: Updates attribute values for the specified project version.
      tags:
        - Attributes
      parameters:
        - $ref: '#/components/parameters/ParentId'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: array
              items:
                $ref: '#/components/schemas/AttributeValue'
      responses:
        '200':
          description: Attributes updated successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AttributeValueListResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
  /projectVersions/{parentId}/authEntities:
    get:
      operationId: listProjectVersionAuthEntities
      summary: Fortify List project version auth entities
      description: >-
        Retrieves authentication entities (users and LDAP groups) assigned to
        the specified project version.
      tags:
        - Auth Entities
      parameters:
        - $ref: '#/components/parameters/ParentId'
        - $ref: '#/components/parameters/Start'
        - $ref: '#/components/parameters/PageLimit'
        - $ref: '#/components/parameters/Fields'
      responses:
        '200':
          description: Successful response with auth entities
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuthEntityListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
    put:
      operationId: updateProjectVersionAuthEntities
      summary: Fortify Update project version auth entities
      description: >-
        Assigns or updates authentication entities for the specified project
        version.
      tags:
        - Auth Entities
      parameters:
        - $ref: '#/components/parameters/ParentId'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: array
              items:
                $ref: '#/components/schemas/AuthEntity'
      responses:
        '200':
          description: Auth entities updated successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuthEntityListResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
  /projectVersions/{parentId}/issueSelectorSet:
    get:
      operationId: getProjectVersionIssueSelectorSet
      summary: Fortify Get issue selector set
      description: >-
        Retrieves the issue selector set (filter metadata) for the specified
        project version, providing available groupings, filters, and filter
        sets for issue queries.
      tags:
        - Issue Selectors
      parameters:
        - $ref: '#/components/parameters/ParentId'
        - $ref: '#/components/parameters/Fields'
      responses:
        '200':
          description: Successful response with issue selector set
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/IssueSelectorSetResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
  /projectVersions/{parentId}/customTags:
    get:
      operationId: listProjectVersionCustomTags
      summary: Fortify List project version custom tags
      description: >-
        Retrieves custom tags configured for the specified project version.
      tags:
        - Custom Tags
      parameters:
        - $ref: '#/components/parameters/ParentId'
        - $ref: '#/components/parameters/Start'
        - $ref: '#/components/parameters/PageLimit'
        - $ref: '#/components/parameters/Fields'
      responses:
        '200':
          description: Successful response with custom tags
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CustomTagListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
  /tokens:
    post:
      operationId: createToken
      summary: Fortify Create authentication token
      description: >-
        Creates an authentication token for API access. Supports
        UnifiedLoginToken, AnalysisUploadToken, AuditToken, and
        DownloadFileTransferToken types. This endpoint accepts HTTP Basic
        authentication.
      tags:
        - Authentication
      security:
        - basicAuth: []
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateTokenRequest'
      responses:
        '201':
          description: Token created successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiResultAuthToken'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /tokens/{id}:
    delete:
      operationId: revokeToken
      summary: Fortify Revoke authentication token
      description: Revokes an existing authentication token.
      tags:
        - Authentication
      parameters:
        - $ref: '#/components/parameters/ResourceId'
      responses:
        '200':
          description: Token revoked successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiResultVoid'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
  /localUsers:
    get:
      operationId: listLocalUsers
      summary: Fortify List local users
      description: Retrieves a paginated list of local user accounts.
      tags:
        - Users
      parameters:
        - $ref: '#/components/parameters/Start'
        - $ref: '#/components/parameters/PageLimit'
        - $ref: '#/components/parameters/Q'
        - $ref: '#/components/parameters/Fields'
      responses:
        '200':
          description: Successful response with list of local users
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/LocalUserListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
    post:
      operationId: createLocalUser
      summary: Fortify Create local user
      description: Creates a new local user account.
      tags:
        - Users
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateLocalUserRequest'
      responses:
        '201':
          description: Local user created successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiResultLocalUser'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
  /localUsers/{id}:
    get:
      operationId: getLocalUser
      summary: Fortify Get local user
      description: Retrieves details for a specific local user.
      tags:
        - Users
      parameters:
        - $ref: '#/components/parameters/ResourceId'
        - $ref: '#/components/parameters/Fields'
      responses:
        '200':
          description: Successful response with local user details
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiResultLocalUser'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
    put:
      operationId: updateLocalUser
      summary: Fortify Update local user
      description: Updates an existing local user account.
      tags:
        - Users
      parameters:
        - $ref: '#/components/parameters/ResourceId'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UpdateLocalUserRequest'
      responses:
        '200':
          description: Local user updated successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiResultLocalUser'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
    delete:
      operationId: deleteLocalUser
      summary: Fortify Delete local user
      description: Permanently deletes a local user account.
      tags:
        - Users
      parameters:
        - $ref: '#/components/parameters/ResourceId'
      responses:
        '200':
          description: Local user deleted successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiResultVoid'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
  /attributeDefinitions:
    get:
      operationId: listAttributeDefinitions
      summary: Fortify List attribute definitions
      description: >-
        Retrieves the list of attribute definitions configured in the system.
      tags:
        - Attributes
      parameters:
        - $ref: '#/components/parameters/Start'
        - $ref: '#/components/parameters/PageLimit'
        - $ref: '#/components/parameters/Q'
        - $ref: '#/components/parameters/Fields'
      responses:
        '200':
          description: Successful response with attribute definitions
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AttributeDefinitionListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
    post:
      operationId: createAttributeDefinition
      summary: Fortify Create attribute definition
      description: Creates a new attribute definition.
      tags:
        - Attributes
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateAttributeDefinitionRequest'
      responses:
        '201':
          description: Attribute definition created successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiResultAttributeDefinition'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /reportDefinitions:
    get:
      operationId: listReportDefinitions
      summary: Fortify List report definitions
      description: >-
        Retrieves the list of available report definitions that can be used
        to generate reports.
      tags:
        - Reports
      parameters:
        - $ref: '#/components/parameters/Start'
        - $ref: '#/components/parameters/PageLimit'
        - $ref: '#/components/parameters/Q'
        - $ref: '#/components/parameters/Fields'
      responses:
        '200':
          description: Successful response with report definitions
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ReportDefinitionListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /savedReports:
    get:
      operationId: listSavedReports
      summary: Fortify List saved reports
      description: Retrieves a list of generated reports.
      tags:
        - Saved Reports
      parameters:
        - $ref: '#/components/parameters/Start'
        - $ref: '#/components/parameters/PageLimit'
        - $ref: '#/components/parameters/Q'
        - $ref: '#/components/parameters/Fields'
      responses:
        '200':
          description: Successful response with saved reports
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SavedReportListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
    post:
      operationId: generateReport
      summary: Fortify Generate report
      description: >-
        Schedules a report for generation based on a report definition and
        parameters.
      tags:
        - Saved Reports
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/GenerateReportRequest'
      responses:
        '201':
          description: Report generation scheduled successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiResultSavedReport'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /savedReports/{id}:
    get:
      operationId: getSavedReport
      summary: Fortify Get saved report
      description: Retrieves details for a specific saved report.
      tags:
        - Saved Reports
      parameters:
        - $ref: '#/components/parameters/ResourceId'
        - $ref: '#/components/parameters/Fields'
      responses:
        '200':
          description: Successful response with saved report details
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiResultSavedReport'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/componen

# --- truncated at 32 KB (66 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/fortify/refs/heads/main/openapi/fortify-software-security-center-openapi.yml