fortify-ssc

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Fortify Software Security Center (SSC) Skill

Fortify Software Security Center (SSC) integration via Model Context Protocol (MCP).

通过Model Context Protocol (MCP)集成Fortify Software Security Center (SSC)。

When to Use This Skill

何时使用此Skill

List application and application version
List security issues/vulnerabilities with filtering by severity, category, etc.
Count issues grouped by severity, category, etc.

列出应用及应用版本
按严重程度、类别等筛选列出安全问题/漏洞
按严重程度、类别等分组统计问题数量

Available MCP Tools

可用的MCP工具

Only key MCP tools for SSC are listed here.

Tool	Description	When to Use
`fcli_ssc_session_list`	List authentication sessions	Check authentication status
`fcli_ssc_app_list`	List applications	Discover available applications
`fcli_ssc_app_get`	Get details of a specific application	Retrieve detailed information about an application
`fcli_ssc_appversion_list`	List application versions	Discover available application versions
`fcli_ssc_appversion_get`	Get details of a specific application version	Retrieve detailed information about an application version
`fcli_ssc_issue_list`	List issues	Retrieve a list of security issues/vulnerabilities
`fcli_ssc_issue_list_filters`	Discover available filtering options for issues	Look for most appropriate filter to use
`fcli_ssc_issue_list_groups`	Discover available grouping options for issues	Look for most appropriate group to use
`fcli_ssc_issue_count`	Group and count issues	Count issues grouped by severity, category, etc. Always include `--by` parameter
`fcli_ssc_mcp_job`	Wait for background jobs to complete	When `pagination.jobToken` is present in responses

此处仅列出SSC的核心MCP工具。

工具	描述	适用场景
`fcli_ssc_session_list`	列出认证会话	检查认证状态
`fcli_ssc_app_list`	列出应用	发现可用应用
`fcli_ssc_app_get`	获取指定应用的详情	检索应用的详细信息
`fcli_ssc_appversion_list`	列出应用版本	发现可用的应用版本
`fcli_ssc_appversion_get`	获取指定应用版本的详情	检索应用版本的详细信息
`fcli_ssc_issue_list`	列出问题	检索安全问题/漏洞列表
`fcli_ssc_issue_list_filters`	发现问题的可用筛选选项	查找最合适的筛选条件
`fcli_ssc_issue_list_groups`	发现问题的可用分组选项	查找最合适的分组方式
`fcli_ssc_issue_count`	分组统计问题数量	按严重程度、类别等统计问题数量。必须包含 `--by` 参数
`fcli_ssc_mcp_job`	等待后台任务完成	当响应中存在 `pagination.jobToken` 时

Parameter Formats

参数格式

Common formats and examples for key parameters:

Parameter	Format	Example
`appVersionNameOrId` or `--appversion`	`"<App>:<Version>"` - case-sensitive, colon-separated	`"MyApp:MyRelease"`
`--filter`	`"<FilterType>:<Value>"` - preferred server-side filtering; discover via `issue_list_filters` first	`"Folder:Critical"`
`--filterset`	Filter set title or ID - predefined SSC filter combinations (e.g., "Security Auditor View", "Quick View"); distinct from `--filter`	`"Security Auditor View"`
`--embed`	Comma-separated values to include additional data (see reference files for specific options)	`"details,auditHistory"`
`--by`	Group name from `issue_list_groups` - always include when using `issue_count`	`"Folder"` , `"Category"`

核心参数的通用格式及示例：

参数	格式	示例
`appVersionNameOrId` 或 `--appversion`	`"<应用>:<版本>"` - 区分大小写，冒号分隔	`"MyApp:MyRelease"`
`--filter`	`"<筛选类型>:<值>"` - 推荐使用服务器端筛选；请先通过 `issue_list_filters` 发现可用选项	`"Folder:Critical"`
`--filterset`	筛选集标题或ID - SSC预定义的筛选组合（如"Security Auditor View"、"Quick View"）；与 `--filter` 不同	`"Security Auditor View"`
`--embed`	逗号分隔的值，用于包含额外数据（具体选项请参考文档）	`"details,auditHistory"`
`--by`	来自 `issue_list_groups` 的分组名称 - 使用 `issue_count` 时必须包含	`"Folder"` , `"Category"`

Authentication

认证

All operations require authentication. Always verify session before any operation:

tool

fcli_ssc_session_list with refresh-cache=true

If
```
Expired
```
=
```
No
```
→ proceed

If expired → ask user to run locally:

fcli ssc session login --url "<URL>" -u "<user>" -p '<pass>'

When running any SSC tool, if authentication error occurs, prompt user to re-authenticate locally.

Note: Reference workflows assume authentication has been verified.

所有操作均需要认证。在执行任何操作前，请务必验证会话：

tool

fcli_ssc_session_list with refresh-cache=true

如果
```
Expired
```
=
```
No
```
→ 继续执行

如果已过期 → 请用户在本地执行：

fcli ssc session login --url "<URL>" -u "<user>" -p '<pass>'

当运行任何SSC工具时，如果出现认证错误，请提示用户在本地重新认证。

注意： 参考工作流默认已完成认证验证。

Filtering: Prefer --filter; query Optional

筛选：优先使用--filter；query为可选选项

Prefer
--filter
for server-side filtering (fastest, smallest payloads)
Optionally use
query
as a client-side post-filter when you need a simple match on returned fields
Always discover available filters with
```
issue_list_filters
```
before applying them

优先使用
--filter
进行服务器端筛选（速度最快，负载最小）
可选使用
query
作为客户端后筛选，当你需要对返回字段进行简单匹配时使用
在应用筛选前，请务必先通过
```
issue_list_filters
```
查看可用的筛选选项

Pagination

分页

If
```
pagination.hasMore
```
= true → use
```
pagination-offset
```
for next page
If
```
pagination.jobToken
```
present → background loading; wait with
```
fcli_ssc_mcp_job
```
(see Background Job Handling)
Once
```
pagination.totalRecords
```
appears → all records collected

如果
```
pagination.hasMore
```
= true → 使用
```
pagination-offset
```
获取下一页
如果存在
```
pagination.jobToken
```
→ 后台加载中；使用
```
fcli_ssc_mcp_job
```
等待（参见后台任务处理）
当出现
```
pagination.totalRecords
```
时 → 已收集所有记录

Error Recovery

错误恢复

Error	Recovery
"Session expired"	Refer to flow in `Authentication` section
"Application version not found"	Run `app_list` to discover correct names
"Unknown filter"	Run `issue_list_filters` to discover valid filters

错误信息	解决方法
"Session expired"	参考「认证」章节中的流程
"Application version not found"	运行 `app_list` 查找正确的名称
"Unknown filter"	运行 `issue_list_filters` 查看有效的筛选选项

Decision Tree: Choosing the Right Approach

决策树：选择合适的操作方式

User Intent	Action
"list/show vulnerabilities"	`issue_list` with `--filter` + `--embed details`
"how many / count / summary"	`issue_count` with `--by`
"find app / which version"	`app_list` → `appversion_list`

用户意图	操作
"列出/展示漏洞"	`issue_list` 搭配 `--filter` + `--embed details`
"数量/统计/汇总"	`issue_count` 搭配 `--by`
"查找应用/版本信息"	`app_list` → `appversion_list`

Best Practices

最佳实践

DO:

✅ Use
```
--filter
```
for filtering
✅ Prioritize server-side filtering over client-side
✅ Prioritize use MCP tool over FCLI CLI directly

Do NOT:

❌ Guess application/version names - ask the user
❌ Prompt user for credentials - ask user to run
```
fcli ssc session login
```
locally
❌ Assume filter names exist - always run
```
issue_list_filters
```
first
❌ Make multiple API calls for details - use
```
--embed
```
parameter instead

建议：

✅ 使用
```
--filter
```
进行筛选
✅ 优先使用服务器端筛选而非客户端筛选
✅ 优先使用MCP工具而非直接使用FCLI CLI

不建议：

❌ 猜测应用/版本名称 - 询问用户
❌ 向用户索要凭证 - 请用户在本地执行
```
fcli ssc session login
```
❌ 假设筛选选项存在 - 务必先运行
```
issue_list_filters
```
❌ 多次调用API获取详情 - 改用
```
--embed
```
参数

References

参考资料

Example Workflows

示例工作流

Workflow	Use When User Says...
List and find Applications Versions	"list applications", "show application versions", "what applications are available"
List, Filter and Query Issues	"list vulnerabilities", "show security issues", "filter issues by severity", "include suppressed issues"
Summarise and Count Issues	"count issues", "show summary", "breakdown by severity"
Provide Recommendations	"show recommendations", "provide remediation advice", "how to fix"
Background Job Handling	When `pagination.jobToken` appears in responses, background data loading

工作流	用户提问场景...
列出并查找应用版本	"列出应用"、"展示应用版本"、"有哪些可用的应用"
列出、筛选及查询问题	"列出漏洞"、"展示安全问题"、"按严重程度筛选问题"、"包含已忽略的问题"
汇总并统计问题	"统计问题数量"、"展示汇总信息"、"按严重程度分类"
提供修复建议	"展示修复建议"、"提供整改方案"、"如何修复"
后台任务处理	当响应中出现 `pagination.jobToken` 时，后台数据加载中

fortify-ssc

Original

Translation

Fortify Software Security Center (SSC) Skill

Fortify Software Security Center (SSC) Skill

When to Use This Skill

何时使用此Skill

Available MCP Tools

可用的MCP工具

Parameter Formats

参数格式

Authentication

认证

Filtering: Prefer --filter; query Optional

筛选：优先使用--filter；query为可选选项

Pagination

分页

Error Recovery

错误恢复

Decision Tree: Choosing the Right Approach

决策树：选择合适的操作方式

Best Practices

最佳实践

References

参考资料

Example Workflows

示例工作流

External Resources

外部资源