Migrate DB WebInspect from SQL Express to SQL Server

Hi Team,

we have a WebInspect 18.10 version using SQL Express DB (with Ram 16GB & HDD 512GB), now we want to migrate the DB from SQL Express to SQL Server because the limitation of Scan DB when using SQL Express. my question is: are we must do a reinstall / fresh install the WebInspect to using a new DB (SQL Server) we want to?? or, is there another way we can try to just replace the Existing DB with new DB we want??

Please your Advice.






  • Verified Answer


    First, I would keep SQL Express installed, and simply change your Database settings to connect to your SQL Server.  This action is found under the Edit menu > Application Settings > Database panel.  And doing this edit will cause all New Scans to be written that SQL Server rather than SQL Express.

    Next, I would edit your Scan Viewing settings so that you can access scans stored in SQL Server and also the historical SQL Express scans.  This action can be found in two places, on that same Applications Settings panel, or by using Connections button found at the top of the Manage Scans feature, located on the Start Page tab.  This permits you to still access your SQL Express stored scans.

    At this point, you have not "migrated" any scans.  To migrate them fully, you will need to Export each SQL Express scan from WebInspect as a *.SCAN file, and then Import it back.  This is required because SQL Express stores scans as MDF/LDF files, and so a direct database-to-database migration tool does not exist.  This assumes that you have edited your Database Connection so that new scans are being written to SQL Server and not SQL Express.  As you perform these actions, delete the older scans from SQL Express until they are all moved.  Be aware that the ScanID will be changed in the new storage area, meaning that the Scan Log of the Imported scans will show a ScannId that corresponds to the old SQL Express system, and yet those scans will actually have their own new ScanID's as assigned by the SQL Server.  You can see these in the ScanID column of the Manage Scan feature.


    BTW, I would NOT co-install SQL Server (Standard or Enterprise Edition) with WebInspect, but instead would use a SQL Server located on the network.  This will save a lot in WebInspect scan performance.  You simply need to have a DBO account to that database for WebInspect to connect, it does not require DBA credentials.



    Finally, I have to ask why you think SQL Express has any "limitation of Scan DB".  It affords 10GB of storage per scan, and it performs very well for a locol application.  10GB is a giant amount, when many scans are well under 200MB in size.  I would only expect to hit that 10GB limit if I was scanning a truly massive application, such as an enterprise-wide CRM with multiple hosts, AJAX, loads of static and dynamic content. et al.  Sadly, most instances I have found of hitting this limit are scan misconfiguration, and switching to larger storage with SQL Server avoids the root cause.  Most scans should complete in less than one day.  If they run even overnight, then there are quite likely ways to edit the scan configuration that will make the Crawl much more efficient and yet WebInspect can still Audit all the inputs needed.