How to automate Web inspect Scans
Does any one know how to automate webinspect scans.I want to run a job using webinspect workflow macros.
when the job is started it should start the scan,show the running status,and generate a pdf report.
I can run this using CLI.But when i used the same command in jenkins using windows batch command it is throwing me an error like below.Its not even starting the scan.
This tool is not licensed for use by WebInspect.
We are using concurrent license for webinspect 17.20V application.
Any help regarding this is much much appreciated.
I believe your issue comes down to the Jenkins account being used to run the scan. For the user specified in Jenkins, are they able to open and use the WebInspect GUI? If not, then they are not activated by the Activation Token. Assuming you have the Named User model of the WebInspect license, that license is only activated for the Current Windows User (someone other than the Jenkins process user account?), plus some combination of the MAC IDs and DiskIDs of the machine. Likewise, other Windows users on the same machine are not automatically licensed/activated to user WebInspect. A remote call by Jenkins must authenticate to that Windows system as that activated user in order to effectively use WebInspect in this way, as a remote CLI.
Perhaps better suited for Jenkins would be to use the WebInspect API. When you call a CLI executable across a network, that can upset your security and network administrators. The API also offers ways to record Workflow Macros remotely (via the Web Proxy) prior to using them in your scan command. The API is a Swagger-based RESTful application, with samples (using cURL) and options to run the endpoints manually within your browser for testing.
-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
Thanks for your reply,
We are using the same user account for jenkins and Webinspect application. Both are installed in the same server.but even though it is showing me the same error.I tried to run the scan using webinspect API but using API service(cURL) i can only able to start the scan and it generates a scanId.but am unable to include the running status and genrating a pdf report in one script.
How to include all these steps into one script.Am using python script to start the scan using cURL commands.
Can you provide any reference how to do it using CLI beacuse using CLI we can do it in one single statement like below
wi.exe -u "http://zero.webappsecurity.com/bank/account-summary.html" -ps 1 -s "C:\Programdata\HP\HP WebInspect\Settings\Default.xml" -macro "E:\Program Files\Samples\WebMacros\ZeroAppworkflow.webmacro" -am "E:\Program Files\Samples\WebMacros\zero_login.webmacro" -ep "C:\Users\n****\AppData\Local\HP\HP WebInspect\Exports\ZeroAppCMdScan1.fpr" -r "Vulnerability" -y "Standard" -f "C:\Users\n****\AppData\Local\HP\HP WebInspect\Exports\ZeroAppVuln.pdf" -gp
This Fortify Unplugged session might be useful for an introduction to WebInspect Automation: https://www.youtube.com/watch?v=uUrLPsFEfck
WebInspect automation workflows use build automation tools to manage the dynamic scanning ecosystem, including QA testing and cloud deployments. This session reviews automation resources, including a few different approaches customers have used for automation.