Webinspect integration in CI/CD pipeline
As per my knowledge Webinspect can run only two concurrent scans at a time.
In this case how to make this integration more scalable when multiple scan requests coming from multiple project's CI/CD pipeline.
In this scenario it sounds like WebInspect Enterprise would be a better fit. With just WebInspect and one license it will be a challenge with scheduling when to send scans.
Ethan is correct that WebInspect Enterprise (and its API) is optimal for managing and scheduling multiple scans. If you are staying with the WebInspect (desktop) API, then you would need to build your own "scheduling" into your CI scripts. There are API endpoints for Scan Status and other information that your script could use to hold off on subsequent scan requests. The following POSTman/Python collection of suggested WebInspect API scripts could provide you a baseline to build your WI API scripts.
Furthermore, you might be able to save most scan times by utilizing Workflow-driven scans for most CI work, and then periodically operate a complete-site scan. The Proxy endpoints and WISwag (for REST API targets) endpoints in the WI API can provide you further methods to replicate your functional testing scripts as your WebInspect security tests.
If Login Macros are to be used for authentication, you may want to review the Parameterized Login feature within the Login Macro Recorder. These could permit you to re-use your macros and change the usernames/passwords/hosts dynamically when you call the scans (see API option for Overrides).
-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify