Highlighted
emills
New Member.
3718 views

Webinspect Command Line Automated Testing

I am trying to migrate from using the WebInspect GUI to command line driven automated testing. Is the WebInspect command line operation a feature set that will be supported and enhanced for future WebInspect releases?   If so, are there additional resources available to direct me in this process. Additionally, i have run repetitive scans on an application and have been getting drastically inconsistent results. For example, I ran a test twice and had the first test display 5 Low vulnerabilities while the second test resulted in 295 Low vulnerabilities. If the tests are identical, why would this occur? Are there any tools which you recommend for me to use to identfy the causes of these differences?

Labels (3)
0 Likes
1 Reply
Micro Focus Expert
Micro Focus Expert

Re: Webinspect Command Line Automated Testing

The CLI option has been in WebInspect since almost the first version in 2000, so I expect it to be maintained and retained indefinitely.

In parallel, recent releases of WebInspect have added a Swagger-based, RESTful API that might offer you an alternative to your CLI automation.  Both should offer the same testing, but have different sub-features provided.  For example, the new Incremental Scan and Scan Merge features are currently only available in the CLI.  The API offers secure ways to share the endpoint over the network rather than needing to create your own Remote Command Execution tricks to run the CLI remotely.  Check the WebInspect Help guide for how to enable the API, and then review its documentation and samples (mostly using the curl tool)  at http://localhost:8083/webinspect/api

 

Scans run in the CLI or API should be the same as from the UI.  Open your scans in the UI and review their Scan LOgs to see if one of those troubled scans filaded login or otherwise did not have an opportunity to scan the same as the other "identical" scan.  The scan Compare feature in the toolbar area may offer some insights as well.  Other output that could help your review coudl be the Crawled URLs export/report, Trend report, or Scan Difference report.


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.