Webinspect Command Line Automated Testing
I am trying to migrate from using the WebInspect GUI to command line driven automated testing. Is the WebInspect command line operation a feature set that will be supported and enhanced for future WebInspect releases? If so, are there additional resources available to direct me in this process. Additionally, i have run repetitive scans on an application and have been getting drastically inconsistent results. For example, I ran a test twice and had the first test display 5 Low vulnerabilities while the second test resulted in 295 Low vulnerabilities. If the tests are identical, why would this occur? Are there any tools which you recommend for me to use to identfy the causes of these differences?
The CLI option has been in WebInspect since almost the first version in 2000, so I expect it to be maintained and retained indefinitely.
In parallel, recent releases of WebInspect have added a Swagger-based, RESTful API that might offer you an alternative to your CLI automation. Both should offer the same testing, but have different sub-features provided. For example, the new Incremental Scan and Scan Merge features are currently only available in the CLI. The API offers secure ways to share the endpoint over the network rather than needing to create your own Remote Command Execution tricks to run the CLI remotely. Check the WebInspect Help guide for how to enable the API, and then review its documentation and samples (mostly using the curl tool) at http://localhost:8083/webinspect/api
Scans run in the CLI or API should be the same as from the UI. Open your scans in the UI and review their Scan LOgs to see if one of those troubled scans filaded login or otherwise did not have an opportunity to scan the same as the other "identical" scan. The scan Compare feature in the toolbar area may offer some insights as well. Other output that could help your review coudl be the Crawled URLs export/report, Trend report, or Scan Difference report.
-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify