WebInspect Rest API - Stopping a scan

I am trying to consume the webinspect rest api using c#.net application. I can successfully start a scan. But when I try to stop a scan (using  PUT request and specifying "action=stop"), I keep getting error message, "An error has occured".


My questions are:

1. Is there any pre requisites (like a valid StartURL for e.g. ) that a scan must fulfil so that it can be successfully stopped?

2. Is there any debug information that the api logs that I can look to debug it?


Any help is appreciated.





  • tarveen;


    I will assume you already reviewed the Help file in WebInspect regarding the API commands and sample, as well as the live web page that exists when you have the API operational.



    • There are no prerequisites to Stop a scan, only to get one running successfully.  The Targeted Host (from the Starting URL) must be in the Allowed IP Range of the WebInspect license (Activation Token).  If the first URL listed results in a 404 response, the scan halts immediately, assuming you targeted the wrong site.


    • How does your command compare with the samples shown in the Help guide?


    • Have you tried checking the scan's status prior to issuing the Stop command?


    • When starting the scan, are you depending on the Default Scan Settings of that remote WebInspect machine, or are you specifying a pre-defined scan setting file (optimal)?



    • The WebInspect API log data is written to the Windows Application Logs, per the Help guide.  I would also inspect the WebInspect (UI) logs, either directly in the text files or using the Log Viewer tool found inside WebInspect.

    WebInspect Logs:  C:\Users\%CURRENTUSER%\AppData\Local\HP\HP WebInspect\Logs\00000000-0000-0000-0000-000000000000\


    Log Level

    Choose the level of log information you want to collect.

    Note: You can view the API log files using the Windows Event Viewer. The log files are located under Applications and Services Logs > WebInspect API.



    • You might want to ask Fortify Support (support.fortify.com) to review your command script, or repost this and dialogue with other customers at the customer-only forums of protect724.hp.com.




    Samples from the Help guide on using the API via bash/curl:


    #get status of a specific scan (returns one of Running/NotRunning/Complete/Interrupted)
    curl $API_ENDPOINT/<scan_id>?action=getcurrentstatus


    #stop a running scan
    curl -X PUT -d "" $API_ENDPOINT/<scan_id>?action=stop



    Command Descriptions from the Help guide:

    GET /webinspect/scanner/<scanId>

      action WaitForStatusChange will block until the status of the scan changes.

      action GetCurrentStatus will immediately return the current scan status.


    PUT /webinspect/scanner/<scanId>

      action: The action to take on a particular scan.

      Currently supported actions:

          Stop: Stops currently running scan.

          Continue: Continues a previiously paused or interrupted scan.

  • Thanks for the response. 


    I checked the help guide and my request matches with that shown in the guide.


    And yes, I did checked the scan status before stopping it. The response I got is that the scan is currently running.


    Also, I tried with both the default and predefined settings file. WIth both of them, I get the same error.


    I enabled the debug log on the webinspect api and I see this error.



    Critical] Value cannot be null.
    Parameter name: s
    at System.Convert.FromBase64String(String s)
    at HP.WebInspect.RemoteControl.Scanner.ScanTools.CreateCrawlSession(IScan scan, ExternalSession externalSession)
    at HP.WebInspect.RemoteControl.Scanner.ScannerController.<>c__DisplayClass1d.<AddSessionToScan>b__1c()



    Any ideas what am I missing here?