Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE
nareshe2011 Contributor.
Contributor.
3009 views

How to automate Web inspect Scans

Hi everyone,

Does any one know how to automate webinspect scans.I want to run a job using webinspect workflow macros.

when the job is started it should start the scan,show the running status,and generate a pdf report.

I can run this using CLI.But when i used the same command in jenkins using windows batch command it is throwing me an error like below.Its not even starting the scan.

This tool is not licensed for use by WebInspect.

 We are using concurrent license for webinspect 17.20V application.

Any help regarding this is much much appreciated.

Thank you, 

 

0 Likes
3 Replies
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: How to automate Web inspect Scans

I believe your issue comes down to the Jenkins account being used to run the scan.  For the user specified in Jenkins, are they able to open and use the WebInspect GUI?  If not, then they are not activated by the Activation Token.  Assuming you have the Named User model of the WebInspect license, that license is only activated for the Current Windows User (someone other than the Jenkins process user account?), plus some combination of the MAC IDs and DiskIDs of the machine.  Likewise, other Windows users on the same machine are not automatically licensed/activated to user WebInspect.  A remote call by Jenkins must authenticate to that Windows system as that activated user in order to effectively use WebInspect in this way, as a remote CLI.

Perhaps better suited for Jenkins would be to use the WebInspect API.  When you call a CLI executable across a network, that can upset your security and network administrators.  The API also offers ways to record Workflow Macros remotely (via the Web Proxy) prior to using them in your scan command.  The API is a Swagger-based RESTful application, with samples (using cURL) and options to run the endpoints manually within your browser for testing.


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
nareshe2011 Contributor.
Contributor.

Re: How to automate Web inspect Scans

Thanks for your reply,

We are using the same user account for jenkins and Webinspect application. Both are installed in the same server.but even though it is showing me the same error.I tried to run the scan using webinspect API but using API service(cURL) i can only able to start the scan and it generates a scanId.but am unable to include the running status and genrating a pdf report in one script.

How to include all these steps into one script.Am using python script to start the scan using cURL commands.

Can you provide any reference how to do it using CLI beacuse using CLI we can do it in one single statement like below

wi.exe -u "http://zero.webappsecurity.com/bank/account-summary.html" -ps 1 -s "C:\Programdata\HP\HP WebInspect\Settings\Default.xml" -macro "E:\Program Files\Samples\WebMacros\ZeroAppworkflow.webmacro" -am "E:\Program Files\Samples\WebMacros\zero_login.webmacro" -ep "C:\Users\n****\AppData\Local\HP\HP WebInspect\Exports\ZeroAppCMdScan1.fpr" -r "Vulnerability" -y "Standard" -f "C:\Users\n****\AppData\Local\HP\HP WebInspect\Exports\ZeroAppVuln.pdf" -gp 

 

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: How to automate Web inspect Scans

This Fortify Unplugged session might be useful for an introduction to WebInspect Automation: https://www.youtube.com/watch?v=uUrLPsFEfck

 

WebInspect automation workflows use build automation tools to manage the dynamic scanning ecosystem, including QA testing and cloud deployments. This session reviews automation resources, including a few different approaches customers have used for automation.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.