Search everything...

Stats

Actions

Available In

fortify

Name: fortify
Author: fortify

By fortify

OpenText Fortify AppSec skills. Use for SAST/DAST/SCA scanning, vulnerability triage, audit workflows, CI/CD pipeline integration, and FCLI commands. Supports Fortify on Demand (FoD) and Software Security Center (SSC).

npx claudepluginhub fortify/skills --plugin fortify-skills

Popularity

Stars

Above avg

Med: 0·Avg: 285

Installs

Med: 0·Avg: 1

What's Inside

Agents1

fortify-onboarding

/fortify-onboard.agent

Orchestrate end-to-end onboarding of new applications into Fortify (FoD or SSC). Activate to create one or more new Fortify applications, set up a project or repo for Fortify scanning, or onboard an entire GitHub/GitLab/Azure DevOps organization. Handles app creation and optional CI/CD pipeline setup (PR included).

Skills7

fortify-remediate

/fortify-remediate

Remediate security vulnerabilities detected by Fortify (SAST, DAST, and SCA/open source). Fix specific issues, categories, or general issue reduction. Supports FoD (Fortify on Demand) and SSC (Software Security Center).

fortify-ssc

/fortify-ssc

Perform tasks against Fortify SSC (Application Security Center). Answer questions about applications, application versions, security issues/vulnerabilities, policy compliance or portfolio-level analysis. Create new app versions (not applications). Start & monitor ScanCentral SAST/DAST scans or upload FPR artifacts. Audit & triage issues.

fortify-exploitability-analysis

/fortify-exploitability-analysis

Triage whether a known CVE/GHSA vulnerability is actually exploitable in this project. Use when the user wants a reachability verdict on a specific advisory — is the project really affected, or is the advisory noise? Analysis only; for fixes, hand off to fortify-remediate.

fortify-fod

/fortify-fod

Perform tasks against Fortify on Demand (FoD). Answer questions about applications, releases, security issues/vulnerabilities, policy compliance or portfolio-level analysis. Create new releases (not applications). Start & monitor SAST/DAST/SCA/open source scans. Import FPR/SARIF/CycloneDX artifacts. Audit & triage issues.

fcli-common

/fcli-common

Generic reference for the Fortify CLI (fcli). Install, upgrade, authenticate, fcli environment variables, output formats, SpEL query syntax, variable chaining and custom action framework.

Stats

Version1.1.1

ReleasedMay 21, 2026

Stars4

Forks2

MaintenanceExcellent

LicenseMIT

Last CommitMay 21, 2026

AddedApr 28, 2026

Actions

View on GitHub View README Plugin Marketplace JSON Homepage

Own this plugin?

Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).

Available In

fortify4

README

OpenText Fortify Skills

AI agent skills that teach Claude, GitHub Copilot and other AI agents how to use OpenText Fortify effectively — covering SAST/DAST/SCA scanning, vulnerability triage, audit workflows, CI/CD integration, FCLI commands and more.

Skills

Skill	Description
fortify-fod	Fortify on Demand (SaaS) — applications, releases, scans, issues, OSS analysis, portfolio reporting
fortify-ssc	Software Security Center (on-premise) — manage application versions, artifacts, scan jobs, issue triage
fortify-remediate	Fix vulnerabilities detected by Fortify — SAST, DAST, and SCA findings; Aviator AI remediation
fortify-security-assistant	Detect common, high impact security issues in code as it is being generated
fortify-create-app	Create new Fortify applications in FoD or SSC — guided onboarding with validation and defaults
fortify-cicd-integration	Add Fortify scanning to CI/CD pipelines — GitHub Actions, GitLab CI, Azure DevOps, Jenkins
fcli-common	Fortify CLI (fcli) — installation, authentication, output formats, SpEL queries, custom actions

Agents

Agents are multi-skill orchestrators that handle end-to-end workflows.

Agent	Description
fortify-onboarding	Onboard new applications into Fortify (FoD or SSC) — creates the app, configures settings, and optionally sets up CI/CD scanning pipelines. Handles single repos, bulk lists, or entire GitHub/GitLab/Azure DevOps organizations

Prerequisites

fcli installed and on your PATH — install instructions
An active Fortify on Demand (FoD) or Software Security Center (SSC) account
An AI assistant that supports Agent Skills (Claude Code, GitHub Copilot, Cursor, Gemini CLI, etc.)

Installation

Claude Code

Add the marketplace from GitHub, then install the plugin:

claude plugin marketplace add fortify/skills
claude plugin install fortify-skills@fortify

The plugin registers all seven skills and the onboarding agent automatically.

GitHub Copilot

Recommended: install the Fortify Code Security VS Code extension. It bundles all Fortify skills, can automatically install fcli, and adds full IDE integration (scanning, vulnerability review, Aviator AI remediation, and an optional fcli MCP server):

Open VS Code and search for Fortify Code Security in the Extensions panel, or install directly:
```
ext install fortifyvsts.fortify-code-security
```
The extension registers all skills automatically and sets up GitHub Copilot Agent Mode integration.

Alternative: manual install. Copy the skills to your Copilot skills directory:

<user>/.copilot/skills/

This gives you the skills without the IDE features (scanning UI, vulnerability browser, Aviator inline fixes, MCP server).

OpenAI Codex

This repository includes a marketplace catalog at .agents/plugins/marketplace.json. When the repo is your current workspace, Codex discovers it automatically as a repo-scoped marketplace. Open the plugin directory, select OpenText Fortify, and install fortify-skills.

To make the plugin available across all workspaces, add an entry to your personal marketplace at ~/.agents/plugins/marketplace.json (create the file if it doesn't exist), replacing <path> with the absolute path to this directory:

{
  "name": "fortify",
  "interface": { "displayName": "OpenText Fortify" },
  "plugins": [
    {
      "name": "fortify-skills",
      "source": { "source": "local", "path": "<path>" },
      "policy": { "installation": "AVAILABLE", "authentication": "ON_INSTALL" },
      "category": "Security"
    }
  ]
}

Then restart Codex. The plugin registers all seven skills automatically.

Gemini CLI

Install directly from the GitHub repository:

gemini extensions install https://github.com/fortify/skills

The extension bundles all seven skills. Gemini CLI auto-discovers them and activates whichever skill is relevant to your task.

To test locally before publishing:

gemini extensions link /path/to/public

Other AI assistants

Any assistant that supports the Agent Skills standard can load skills from this directory. Point your assistant's skill path to the skills/ subdirectory.

Usage

Once installed, the skills activate automatically when relevant. Examples of prompts that trigger each skill:

View full README on GitHub

fortify

Popularity

What's Inside

Confidence

README

OpenText Fortify Skills

Skills

Agents

Prerequisites

Installation

Claude Code

GitHub Copilot

OpenAI Codex

Gemini CLI

Other AI assistants

Usage

Similar Plugins

ecc

fullstack-dev-skills

feature-dev

reverse-engineering

context7-plugin

OpenText Fortify Skills

Skills

Agents

Prerequisites

Installation

Claude Code

GitHub Copilot

OpenAI Codex

Gemini CLI

Other AI assistants

Usage

Popularity

Health & Quality

Similar Plugins

ecc

fullstack-dev-skills

feature-dev

reverse-engineering

context7-plugin