Absent Member.
Absent Member.

WebInspect Scan- No Consistency in the Scan Result


In our current sprint we are using web inspect (10.20.66 version) to scan web application. And by using basic scan we performed couple of scans. when we observed the scan report there is no consistency(crawl and audit count) across the reports. Can someone help us to find why it is showing different results for each individual scan.

Though in all the scans the application build, scenario/recorded macro, scan settings and scan policy are same, we are  getting different scan results. We captured the scan comparisons(A&B) please find the attached doc for more info.



Labels (1)
1 Reply
Micro Focus Expert
Micro Focus Expert


Those difference are very large and there is something wrong with the scan coverage.  On a day-to-day basis, it is expected that "identical" dynamic scans will have small differences, based on the order of the Crawled sessions, alterations to the inputs, changes to the application, et al, but your scans show a 95% difference in coverage.  That is not expected and I would take it to Fortify Support for a direct review of your settings, the environment, and the scans themselves.

A simple way to verify the scan settings would be to save the Current Scan Settings from both scans (to XML) and then compare the two text files with something such as Notepad++ or DiffMerge.  Our staff can review these settings visually and identify key items, but such direct text comparisons of the settings can help high-light specific details quickly.

I noted that some of the target/scan names referenced what appeared to be different servers such as "Agent3" and "Agent4".  Are these different servers that are assumed to be identical is all ways?  Is there a traffic Load Balancer in the mix?

-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.