skills
Health Pass
- License — License: MIT
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Community trust — 11 GitHub stars
Code Pass
- Code scan — Scanned 9 files during light audit, no dangerous patterns found
Permissions Pass
- Permissions — No dangerous permissions requested
No AI report is available for this listing yet.
AI agent skills for OpenText Fortify — SAST/DAST/SCA scanning, vulnerability triage, CI/CD integration, and FCLI workflows. Works with Claude Code, Codex, Gemini CLI, GitHub Copilot, and more.
OpenText Fortify Skills
AI agent skills that teach Claude, GitHub Copilot and other AI agents how to use OpenText Fortify effectively — covering SAST/DAST/SCA scanning, vulnerability triage, audit workflows, CI/CD integration, FCLI commands and more.
Skills
| Skill | Description |
|---|---|
| fortify-fod | Fortify on Demand (SaaS) — applications, releases, scans, issues, OSS analysis, portfolio reporting |
| fortify-ssc | Software Security Center (on-premise) — manage application versions, artifacts, scan jobs, issue triage |
| fortify-remediate | Fix SAST and DAST vulnerabilities detected by Fortify; Aviator AI remediation |
| fortify-dependency-upgrade | Remediate SCA / open source findings (vulnerable dependencies, CVEs) by upgrading versions and fixing resulting breakage |
| fortify-change-review | Detect common, high impact security issues in code as it is being generated |
| fortify-create-app | Create new Fortify applications in FoD or SSC — guided onboarding with validation and defaults |
| fortify-cicd-integration | Add Fortify scanning to CI/CD pipelines — GitHub Actions, GitLab CI, Azure DevOps, Jenkins |
| fcli-common | Fortify CLI (fcli) — installation, authentication, output formats, SpEL queries, custom actions |
Agents
Agents are multi-skill orchestrators that handle end-to-end workflows.
| Agent | Description |
|---|---|
| fortify-onboarding | Onboard new applications into Fortify (FoD or SSC) — creates the app, configures settings, and optionally sets up CI/CD scanning pipelines. Handles single repos, bulk lists, or entire GitHub/GitLab/Azure DevOps organizations |
Prerequisites
- fcli installed and on your PATH — install instructions
- An active Fortify on Demand (FoD) or Software Security Center (SSC) account
- An AI assistant that supports Agent Skills (Claude Code, GitHub Copilot, Cursor, Gemini CLI, etc.)
Installation
Claude Code
Add the marketplace from GitHub, then install the plugin:
claude plugin marketplace add fortify/skills
claude plugin install fortify-skills@fortify
The plugin registers all nine skills and the onboarding agent automatically.
GitHub Copilot
Recommended: install the Fortify Code Security VS Code extension. It bundles all Fortify skills, can automatically install fcli, and adds full IDE integration (scanning, vulnerability review, Aviator AI remediation, and an optional fcli MCP server):
- Open VS Code and search for Fortify Code Security in the Extensions panel, or install directly:
ext install fortifyvsts.fortify-code-security - The extension registers all skills automatically and sets up GitHub Copilot Agent Mode integration.
Alternative: manual install. Copy the skills to your Copilot skills directory:
<user>/.copilot/skills/
This gives you the skills without the IDE features (scanning UI, vulnerability browser, Aviator inline fixes, MCP server).
OpenAI Codex
This repository includes a marketplace catalog at .agents/plugins/marketplace.json. When the repo is your current workspace, Codex discovers it automatically as a repo-scoped marketplace. Open the plugin directory, select OpenText Fortify, and install fortify-skills.
To make the plugin available across all workspaces, add an entry to your personal marketplace at ~/.agents/plugins/marketplace.json (create the file if it doesn't exist), replacing <path> with the absolute path to this directory:
{
"name": "fortify",
"interface": { "displayName": "OpenText Fortify" },
"plugins": [
{
"name": "fortify-skills",
"source": { "source": "local", "path": "<path>" },
"policy": { "installation": "AVAILABLE", "authentication": "ON_INSTALL" },
"category": "Security"
}
]
}
Then restart Codex. The plugin registers all nine skills automatically.
Gemini CLI
Install directly from the GitHub repository:
gemini extensions install https://github.com/fortify/skills
The extension bundles all nine skills. Gemini CLI auto-discovers them and activates whichever skill is relevant to your task.
To test locally before publishing:
gemini extensions link /path/to/public
Other AI assistants
Any assistant that supports the Agent Skills standard can load skills from this directory. Point your assistant's skill path to the skills/ subdirectory.
Usage
Once installed, the skills activate automatically when relevant. Examples of prompts that trigger each skill:
| Prompt | Skill / Agent activated |
|---|---|
| "Onboard this repo to Fortify" | fortify-onboarding (agent) |
| "Create a new application in FoD for our payments team" | fortify-create-app |
| "Show me all critical issues in the payment-service release" | fortify-fod |
| "Upload my FPR and check policy compliance" | fortify-ssc |
| "Fix the SQL Injection findings in UserService.java" | fortify-remediate |
| "Remediate the open source / SCA findings by upgrading the vulnerable dependencies" | fortify-dependency-upgrade |
| "Add a new endpoint that returns account details" | fortify-change-review |
| "Add Fortify scanning to my GitHub Actions workflows" | fortify-cicd-integration |
| "Create a custom fcli action to export FoD critical issues as CSV" | fortify-fod + fcli-common |
Resources
License
MIT
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found