Fortify WebInspect
Fortify WebInspect is a dynamic application security testing (DAST) tool that scans web applications and web services to identify vulnerabilities. By bringing the Fortify WebInspect findings into Brinqa, you can construct a unified view of your attack surface and strengthen your cybersecurity posture.
This document details the information you must provide for the connector to retrieve the Fortify WebInspect findings. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select Fortify WebInspect from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information:
-
Server: The connector requires that you create a data server for the machine where Fortify WebInspect is installed. Select the data server that you've created.
-
Data directory: The path to the Fortify WebInspect scan reports stored on your data server.
-
Max age: The maximum number of days that a file is retained. A value less than zero implies that the file never expires, while zero indicates that the file should not be retained.
-
Max files: The maximum number of files to retain. A value less than zero implies that there is no limit to the number of files to retain, while zero indicates that no files should be kept.
-
Include suppressed findings: Select this option if you want the connector to fetch suppressed findings, which are vulnerabilities hidden in the Fortify WebInspect scan reports.
-
Include removed findings: Select this option if you want the connector to fetch removed findings, which are vulnerabilities deleted from the Fortify WebInspect scan reports.
-
Rename or move the file after its processed: Select this option if you want the connector to rename or move the file after it has been processed.
tipIf you enable this option, after a file has been ingested, the connector renames the file by appending
.processedto the file name. This ensures that the same file won't be ingested multiple times in subsequent sync operations.
Types of data to retrieve
The Fortify WebInspect connector can retrieve the following types of data:
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Dynamic Code Finding Definition | Yes | Dynamic Code Finding Definition |
| Finding | Yes | Dynamic Code Finding |
| Site | Yes | Site |
The Fortify WebInspect connector does not currently support operation options for the types of data it retrieves.
For detailed steps on how to view the data retrieved from Fortify WebInspect in the Brinqa Platform, see How to view your data.
APIs
As the Fortify WebInspect connector is file-based, it doesn't rely on any API endpoints and thus, doesn't offer any operation options.
Changelog
The Fortify WebInspect connector has undergone the following changes:
3.0.0
- Initial Integration+ release.