Application Settings: Database

To access this feature, click Edit > Application Settings and then select Database.

Tip: If Fortify WebInspect is connected to Fortify WebInspect Enterprise as a sensor, you can override the SQL database settings. For more information, see Application Settings: Override SQL Database Settings.

Connection Settings for Scan/Report Storage

Select the database that will store Fortify WebInspect scan and report data. The choices are:

Use SQL Server Express (for SQL Server Express Edition). Data for each scan will be stored in a separate database.
Use SQL Server (for SQL Server Standard Edition). Data for multiple scans will be stored in a single database. You can configure multiple database settings and assign a "profile name" to each collection of settings, allowing you to switch easily from one configuration to another.

SQL Server Database Privileges

The account specified for the database connection must also be a database owner (DBO) for the named database. However, the account does not require sysadmin (SA) privileges for the database server. If the database administrator (DBA) did not generate the database for the specified user, then the account must also have the permission to create a database and to manipulate the security permissions. The DBA can rescind these permissions after Fortify WebInspect sets up the database, but the account must remain a DBO for that database.

Configuring SQL Server Standard Edition

To configure a profile for SQL Server Standard Edition:

Click Configure (to the right of the drop-down list).

The Manage Database Settings dialog box appears.
Click Add.

The Add Database dialog box appears.
Enter a name for this database profile.
Select a server from the Server Name list.

Important! If SQL Server Browser is not enabled, the database server may not appear in the list. In this case, you must manually enter the connection information. The connection string is formatted as follows:

SERVER\INSTANCE,PORT

Note that the port definition is added with a comma instead of a colon or semicolon.
In the Log on to the server group, specify the type of authentication used for the selected server:
- Use Windows Authentication - Log on by submitting the user's Windows account name and password.
- Use SQL Server Authentication - Use SQL Server authentication, which relies on the internal user list maintained by the SQL Server computer. Enter the user name and password.
Enter or select a specific database, or click New to create a database.
Click OK to close the Add Database dialog box.
Click OK to close the Manage Database Settings dialog box.

Connection Settings for Scan Viewing

When displaying a list of scans (using either the Manage Scans view or the Report Generator wizard), Fortify WebInspect can access scan data stored in SQL Server Standard Edition and/or SQL Server Express Edition. You can select either or both options.

Show Scans Stored in SQL Server Express: Select this option if you want to access scan data stored in a local SQL Server Express Edition.
Show Scans Stored in SQL Server Standard: Select this option if you want to access data in SQL Server Standard Edition. See Configuring SQL Server Standard Edition for instructions.

Creating Scan Data for Site Explorer

During a scan, Fortify WebInspect creates a SQL Express database (.mdf) file or adds the scan to an existing SQL Server database (.mdf) file. However, Site Explorer uses a variation of the traffic session file (.tsf) format. You can configure Fortify WebInspect to create a .tsf file during a scan.

Note: The .tsf file created for Site Explorer does not include vulnerabilities and other details that are available in the standard scan files.

To have Fortify WebInspect create a traffic file that can be displayed in Site Explorer, select the Create Scan Data for Site Explorer check box.

When enabled, Fortify WebInspect creates a file in the format <ScanID>.tsf in the scandata folder in the user's Fortify WebInspect directory, such as:

c:\users\<username>\appdata\local\hp\hp webinspect\scandata

If you select this check box while a scan is running, it will have no effect on the current scan. Only scans started after this check box is selected will generate a .tsf file for Site Explorer.

See Also

Application Settings: Directories

Application Settings: General

Application Settings: License

Application Settings: Logging

Application Settings: Micro Focus ALM

Application Settings: Override SQL Database Settings

Application Settings: Proxy

Application Settings: Reports

Application Settings: Run as a Sensor

Application Settings: Server Profiler

Application Settings: Smart Update

Application Settings: Step Mode

Application Settings: Support Channel

Application Settings: Telemetry

Application Settings: Two-Factor Authentication