
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
1.) Are there any licensing restricitons that would prevent me from scanning multiple web applications simultaneously?
Say for example we were going through an internal app refresh and I had to perform 100+ Webinspect assessments on various internal applications.
2.) If the answer to number one is no, what are the hardware limitations? What are the recommendations for number of simultaneous scans that can occur at any one point in time based on hardware specs?
Thanks.
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
WebInspect (desktop) is limited to 2 scans running at one time for the local user. I believe that Scheduled Scans operate behind-the-scenes using the CLI, so you could probably get 3 scans running at one time with that.
The "problem" with the question on performance limits is that WebInspect is not a slow nor quiet tool. It operates as fast as the selected target can respond, within the constraints of the Requestors scan settings of course. In doing so, WebInspect will use 100% CPU across all cores and 100% RAM, although it runs at a lowered Priority and will give up RAM and CPU cycles to other apps you start. And don't neglect your general Windows admin tricks such as free drive space, deframentation, SSD drives, NIC speeds, and Paging File management.
If you happen to have access to multiple WebInspect licenses, I would separate them to different physical or VM machines. No one is more unhappy than a team of 5 users simultaneously using a single "beefy" machine to run 2 scans each and wondering why their personal performance appears so sub-standard. LOL.
Besides the various ways to adjust the scan settings to teeter between "Faster" or "More Thorough" but "Not Both", the system specs for WebInspect 10.40 recommend a 64-bit Windows OS with at least one quad-core CPU (2.5+ GHz) and 8GB RAM (2+ GB/core). I would go for 12+GB RAM and more than 1 CPU.
Since you may not want to sit through every scan, you will want to investigate ways to automate your work load. Look into the WebInspect CLI options, Scheduled Scans vs. Enterprise Scans, and/or the WebInspect API. Enterprise Scans are simply lined up series of Sheduled Scans, permitting them to run back-to-back. Scheduled Scans alone do not work so well for series because you have to know what time to set off the following Scheduled Scan. The CLI is detailed in the Help guide, as is the API, and both can permit you to set up a sort of Poor Man's WebInspect Enterprise.
Then your last ditch effort could always be our Fortify On Demand (FoD) SaaS service. For even a short-time need, our staff can run your scans for you from HP networks. Their vetted scan results can be downloaded and stored alongside your own on-site scans, as if you did all the work yourself.
Separate from this, WebInspect Enterprise permits one scan at a time, per attached Sensor machine. So more Sensors means more simultaneous scans possible across the network.
-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
WebInspect (desktop) is limited to 2 scans running at one time for the local user. I believe that Scheduled Scans operate behind-the-scenes using the CLI, so you could probably get 3 scans running at one time with that.
The "problem" with the question on performance limits is that WebInspect is not a slow nor quiet tool. It operates as fast as the selected target can respond, within the constraints of the Requestors scan settings of course. In doing so, WebInspect will use 100% CPU across all cores and 100% RAM, although it runs at a lowered Priority and will give up RAM and CPU cycles to other apps you start. And don't neglect your general Windows admin tricks such as free drive space, deframentation, SSD drives, NIC speeds, and Paging File management.
If you happen to have access to multiple WebInspect licenses, I would separate them to different physical or VM machines. No one is more unhappy than a team of 5 users simultaneously using a single "beefy" machine to run 2 scans each and wondering why their personal performance appears so sub-standard. LOL.
Besides the various ways to adjust the scan settings to teeter between "Faster" or "More Thorough" but "Not Both", the system specs for WebInspect 10.40 recommend a 64-bit Windows OS with at least one quad-core CPU (2.5+ GHz) and 8GB RAM (2+ GB/core). I would go for 12+GB RAM and more than 1 CPU.
Since you may not want to sit through every scan, you will want to investigate ways to automate your work load. Look into the WebInspect CLI options, Scheduled Scans vs. Enterprise Scans, and/or the WebInspect API. Enterprise Scans are simply lined up series of Sheduled Scans, permitting them to run back-to-back. Scheduled Scans alone do not work so well for series because you have to know what time to set off the following Scheduled Scan. The CLI is detailed in the Help guide, as is the API, and both can permit you to set up a sort of Poor Man's WebInspect Enterprise.
Then your last ditch effort could always be our Fortify On Demand (FoD) SaaS service. For even a short-time need, our staff can run your scans for you from HP networks. Their vetted scan results can be downloaded and stored alongside your own on-site scans, as if you did all the work yourself.
Separate from this, WebInspect Enterprise permits one scan at a time, per attached Sensor machine. So more Sensors means more simultaneous scans possible across the network.
-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Thanks Hans, great information as always!