Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
hema.k@hpe.com1 Valued Contributor.
Valued Contributor.

Way to get scan ID and retrieve its status with WebInspect API


I am using WebInspect v17.20. Via API (/scanner/scans), when I initate a scan using a Rest API client, i get a response only after scan completion. Is this the expected behavior? 

Is there a way to get the scan ID and scan data size of the scan (using the SQL config which has a scan data size restriction of 10GB)? If so, how?


Labels (1)
1 Reply
Micro Focus Expert
Micro Focus Expert

Re: Way to get scan ID and retrieve its status with WebInspect API

Lucky you, 17.20 hasn't been released yet.  LOL


The API operates headless, so there is no UI or feedback.  You could investigate the API call for Scanner_GetScanStatus if you needed to check on it.  That will give you its running state, but there does not appear to be an API call to check the Size of the scan's database file.

See:  http://localhost:8083/webinspect/swagger/ui/index#!/Scanner/Scanner_GetScanStatus


#get the current status of a scan curl http://localhost:8083/webinspect/scanner/scans/{scanId}?action=GetCurrentStatus

#wait until the scan status changes to a non-running state (Complete or Interrupted). curl http://localhost:8083/webinspect/scanner/scans/{scanId}?action=WaitForStatusChange



Of course you woudl need to know your scan's ScanID, so investigate Scanner_GetScans.

See  http://localhost:8083/webinspect/swagger/ui/index#!/Scanner/Scanner_GetScans


#get all scans

curl http://localhost:8083/webinspect/scanner/scans

#get scans with "test" in the name"test"

curl http://localhost:8083/webinspect/scanner/scans?Name=test

#get scans that are "Complete"

curl http://localhost:8083/webinspect/scanner/scans?Status=Complete

#get scans that are "Complete" that started after January 14, 2015 at 3pm

curl http://localhost:8083/webinspect/scanner/scans?Status=Complete&StartsAfter=2015-01-14T15:00:00



When using SQL Express as the WebInspect scan repository (most common), you can have a permissions issue in trying to index the scan files via the API.  The same thing happens when using the BURP Extension..  To correct this, you will need to alter the WebInspect API service so that it uses the same Local Administrator account for its "Log On As" feature as the user who has activated WebInspect.


You can now also Pause and Resume scans from the API!  See  http://localhost:8083/webinspect/swagger/ui/index#!/Scanner/Scanner_PauseOrResumeScan

-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.