Fortify · Schema

Fortify Scan

Represents a security scan performed by Fortify tools. Scans analyze applications for vulnerabilities using static analysis (SAST), dynamic analysis (DAST), mobile testing, or software composition analysis. Each scan produces vulnerability findings associated with a release.

Application SecurityDASTDevSecOpsSASTSCASecurity TestingVulnerability Scanning

Properties

Name Type Description
scanId integer Unique identifier of the scan
scanType string Type of security scan performed
analysisStatusType string Current analysis status of the scan
releaseId integer Identifier of the associated release
applicationId integer Identifier of the associated application
assessmentTypeId integer Assessment type used for the scan
entitlementId integer Entitlement used for the scan
startedDateTime string Date and time when the scan started
completedDateTime string Date and time when the scan completed
totalIssues integer Total number of vulnerability issues found
issueCountCritical integer Number of critical severity issues found
issueCountHigh integer Number of high severity issues found
issueCountMedium integer Number of medium severity issues found
issueCountLow integer Number of low severity issues found
isRemediationScan boolean Whether this scan is a remediation verification scan
isBundledAssessment boolean Whether this scan used a bundled assessment
passFailStatus boolean Whether the scan passes the configured security policy
passFailReasonType string Reason for the pass or fail determination
technologyStack string Technology stack analyzed (for static scans)
languageLevel string Language level used for analysis (for static scans)
View JSON Schema on GitHub

JSON Schema

fortify-scan-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://github.com/api-search/fortify/json-schema/fortify-scan-schema.json",
  "title": "Fortify Scan",
  "description": "Represents a security scan performed by Fortify tools. Scans analyze applications for vulnerabilities using static analysis (SAST), dynamic analysis (DAST), mobile testing, or software composition analysis. Each scan produces vulnerability findings associated with a release.",
  "type": "object",
  "properties": {
    "scanId": {
      "type": "integer",
      "format": "int32",
      "description": "Unique identifier of the scan"
    },
    "scanType": {
      "type": "string",
      "description": "Type of security scan performed",
      "enum": [
        "Static",
        "Dynamic",
        "Mobile",
        "OpenSource"
      ]
    },
    "analysisStatusType": {
      "type": "string",
      "description": "Current analysis status of the scan"
    },
    "releaseId": {
      "type": "integer",
      "format": "int32",
      "description": "Identifier of the associated release"
    },
    "applicationId": {
      "type": "integer",
      "format": "int32",
      "description": "Identifier of the associated application"
    },
    "assessmentTypeId": {
      "type": "integer",
      "format": "int32",
      "description": "Assessment type used for the scan"
    },
    "entitlementId": {
      "type": "integer",
      "format": "int32",
      "description": "Entitlement used for the scan"
    },
    "startedDateTime": {
      "type": "string",
      "format": "date-time",
      "description": "Date and time when the scan started"
    },
    "completedDateTime": {
      "type": "string",
      "format": "date-time",
      "description": "Date and time when the scan completed"
    },
    "totalIssues": {
      "type": "integer",
      "format": "int32",
      "description": "Total number of vulnerability issues found",
      "minimum": 0
    },
    "issueCountCritical": {
      "type": "integer",
      "format": "int32",
      "description": "Number of critical severity issues found",
      "minimum": 0
    },
    "issueCountHigh": {
      "type": "integer",
      "format": "int32",
      "description": "Number of high severity issues found",
      "minimum": 0
    },
    "issueCountMedium": {
      "type": "integer",
      "format": "int32",
      "description": "Number of medium severity issues found",
      "minimum": 0
    },
    "issueCountLow": {
      "type": "integer",
      "format": "int32",
      "description": "Number of low severity issues found",
      "minimum": 0
    },
    "isRemediationScan": {
      "type": "boolean",
      "description": "Whether this scan is a remediation verification scan",
      "default": false
    },
    "isBundledAssessment": {
      "type": "boolean",
      "description": "Whether this scan used a bundled assessment",
      "default": false
    },
    "passFailStatus": {
      "type": "boolean",
      "description": "Whether the scan passes the configured security policy"
    },
    "passFailReasonType": {
      "type": "string",
      "description": "Reason for the pass or fail determination"
    },
    "technologyStack": {
      "type": "string",
      "description": "Technology stack analyzed (for static scans)"
    },
    "languageLevel": {
      "type": "string",
      "description": "Language level used for analysis (for static scans)"
    }
  },
  "additionalProperties": true
}