Home / Developers
Developer Hub

Build with Fortly

SDK, CLI (10 commands), REST API (50+ endpoints), MCP Server (20 AI tools), VS Code Extension, GitHub Action — everything you need to automate security in your workflow.

Quickstart API Reference
50+
REST API endpoints
SDK
JS/TS — 0 dependencies
20
MCP tools (6 offline)
10
CLI commands
v2.0
VS Code Extension
CI/CD
GitHub Action + Bitbucket

Developer Hub

Integrate Fortly security scanning into your applications

JS/TS SDK

@fortly/sdk

Zero-dependency SDK with auto-retry, polling, TypeScript types. 7 resource modules: scans, secrets, remediation, compliance, sca, sbom.

$ npm install @fortly/sdk
SDK Docs

CLI v2.0

fortly-cli

10 commands: scan, secrets, init, doctor, fix, sbom, diff, report, config, completions. Git hook support and CI mode.

$ npm install -g fortly-cli
Install CLI

MCP Server

20 tools

20 AI tools for Claude Desktop, Cursor, and Windsurf. Scan code, detect secrets, check dependencies, analyze IaC — all from your AI assistant.

$ npx @fortly/mcp-server
Setup MCP

VS Code Extension

v2.0

Real-time secrets detection, CodeLens annotations, local SAST scanner (24 rules), AI quick fixes, onboarding wizard.

$ ext install fortly.fortly-security
Install Extension

REST API

50+ endpoints

Full CRUD API with OpenAPI 3.1 spec. Scans, remediation, compliance, billing, organizations, audit logs.

API Reference

GitHub Action

CI/CD

Scan PRs automatically with SARIF output. Blocks merges on critical findings. Works with GitHub Security tab.

Setup CI/CD

Getting Started in 5 Minutes

Scan, detect secrets, generate SBOM, and fix vulnerabilities with a few lines.

import { FortlyClient } from '@fortly/sdk';
const fortly = new FortlyClient({ apiKey: process.env.FORTLY_API_KEY });
// Scan a URL and wait for results
const scan = await fortly.scans.create({ url: "https://myapp.com" });
const result = await fortly.scans.wait(scan.scanId);
console.log(`Score: ${result.score}/100 — ${result.vulnerabilities.length} issues`);
// Check secrets in code
const secrets = await fortly.secrets.scan({ code: fs.readFileSync("config.js", "utf-8") });
// Generate SBOM
const sbom = await fortly.sbom.generate({ format: "cyclonedx", dependencies: [...] });
// Compliance gap analysis
const gaps = await fortly.compliance.gapAnalysis("org_123", "ley-1581-co");

MCP Server — 20 AI Security Tools

Use Fortly from Claude Desktop, Cursor, or any MCP client. 6 tools work offline.

Available Tools

fortly_scan_code
SAST analysis (45 rules)OFFLINE
fortly_check_secrets
Detect 16 secret patternsOFFLINE
fortly_scan_iac
Terraform/Docker/K8s rulesOFFLINE
fortly_generate_sbom
CycloneDX/SPDX outputOFFLINE
fortly_check_dependency
CVE check via OSV.devOFFLINE
fortly_explain_cve
Plain-language CVE infoOFFLINE
fortly_scan
DAST URL scanning
fortly_get_remediation
AI fix preview

Setup (choose one)

Option A — Remote (no install needed)

// claude_desktop_config.json
{
  "mcpServers": {
    "fortly": {
      "url": "https://fortly-security.com/mcp",
      "headers": {
        "Authorization": "Bearer ft_sk_..."
      }
    }
  }
}

Option B — Local (via npx)

// claude_desktop_config.json
{
  "mcpServers": {
    "fortly": {
      "command": "npx",
      "args": ["-y", "@fortly/mcp-server"],
      "env": { "FORTLY_API_KEY": "ft_sk_..." }
    }
  }
}