WebInspect Automation
Sample Python script for automating dynamic scanning with WebInspect and pushing results to SSC
- Checks for running scans and queues if an existing scan is running
- Takes payload.txt file from DefaultFilePath to start scan. The payload.txt file is a JSON definition that defines the scan
- Starts scan saving scan ID for generating results
- Watches for scan to complete
- Pulls scan as txt, .scan, and .fpr
- Uploads FPR to SSC
Requirements
- WebInspect 18.2+
- Python 3.7
- SSC 18.2+
- Fortifyclient utility 18.2+
Sample Command
WebInspectAutomation.py BaseUrl http://WebInspectMachine:8083/webinspect/ DefaultFilePath "C:\DefaultFilePath" SSCUrl http://SSCServer:8080/ssc SSCAuthToken AuthTokenFromSSC ApplicationVersionID SSCAppVersionID ScanMode Payload
To Do
- Port to Java
- Incremental scanning support with merge
- URL scan mode
- Scan settings mode