Automating WebInspect Reports

Each time WebInspect successfully completes a scan I'd like it to auto-generate an Executive Summary report and send it to an email distribution list. Has anyone done this via a script or other method?  


  • In WebInspect, the normal UI scans do not offer any such automated Report afterwards.  Even WebInspect Enterprise 10.50 lacked this, only offering an Export option for post-scan activity.

    I was going to say you could use the WebInspect CLI or WebInspect API for this, but there have been some changes with the recent upgrade from WebInspect 10.50 to 16.10.  Regardless of these options and workarounds (see below), you would still end up with a report file dropped to some share that you then need to automate fetching and e-mailing.  Only WebInspect Enterprise offers the ability to notify users when a scan completes, among other options.  Both the CLI and API offer Export options to XML, but that does not meet your need for an Executive Report PDF.

    The Command Line Execution in WebInspect 16.10 is still largely the same as earlier releases. Its section in the Help file (F1 button, CHM file) will detail how you can use its available {-r} option to generate a Report of your choosing once the CLI scan completes.  However, this requires that you run your scans via the CLI to gain this option.

    The WebInspect API in version 10.50 offered Report options via the following PUT options below.  I cannot locate any such Report option in the API for Monday's WebInspect 16.10 release , so I will inquire with Support and perhaps file it as a defect or enhancement request to be returned.  I am not permitted to attach that older 10.50 WebInspect.CHM file to this forum posting.  The API documentation within WebInspect's Help (CHM) was trimmed down in 16.10, but you can now review it via a local service URL once you enable/activate that API:  http://localhost:8083/webinspect/api


    PUT /webinspect/scanner/<scanId>

    scanId: The ID of the scan represented as a GUID.

    The API expects an array of json objects with the following format:


    summary: string (report information)

    execution: string (report information)

    fix: string (report information)

    referenceInfo: string (report information)


             (I also note that the option for the Implication report field is missing from these earlier options.)

  • I think there might be some confusion here as far as what functionality the API offers (and used to offer). 

    The API has never included options for generating any kind of PDF or Excel report.  The particular endpoint referenced allows you to add sessions to an existing scan and the mention of "report information" in those json objects was just a reference to the ultimate content of a report were you to generate one (via the GUI).

    It was probably somewhat misleading hence the removal of that terminology in the new help topic for the same endpoint which you can find at http://localhost:8083/webinspect/API?apiId=PUT-scanner-scanId