Integrating with Selenium WebDriver

You can integrate Fortify WebInspect with Selenium Webdriver, also known as Selenium 2.0, to do the following:

• Conduct a scan using the WI.exe command-line tool

• Create a workflow macro using the Fortify WebInspect REST API

Known Limitations

The following are known limitations for integrating Fortify WebInspect with Selenium Webdriver:

• Fortify WebInspect supports Selenium WebDriver only.

• Fortify WebInspect does not support Selenium WebDriver with remote server configuration, such as the RemoteWebDriver class.

• A Selenium WebDriver macro can be used as a workflow macro only. It cannot be a login or startup macro.

• You can initiate a scan using a Selenium WebDriver macro from the command line interface (CLI) or the API only. While you cannot initiate a scan from the user interface, you can rescan and import/export a Selenium WebDriver macro.

• Support for Fortify WebInspect Enterprise is limited. You can use a macro file that was created from the CLI or API, but only if you have completed setup of the Selenium WebDriver environment on the sensor machine.

Process Overview

The process for integrating Fortify WebInspect with Selenium WebDriver is described in the following table.

Stage	Description
1.	Fortify WebInspect must be able to capture traffic from a web browser using the Fortify WebInspect proxy. Do one of the following to enable proxy capture: Add the proxy to your Selenium scripts directly in the code or using a placeholder in the command line interface as described in Adding the Proxy to Selenium Scripts. Use the Fortify WebInspect geckodriver.exe for capturing traffic when using Firefox as described in Using the Fortify WebInspect geckodriver.exe.
2.	Install the Selenium WebDriver environment on the machine running Fortify WebInspect as described in Installing the Selenium WebDriver Environment.
3.	Ensure that you can start up the Selenium Webdriver scripts from the command line and define your Allowed Hosts as described in Testing from the Command Line.
4.	Optionally, upload all scripts and their dependencies to the Selenium API or manually copy them to the machine running Fortify WebInspect as described in Uploading Files to Fortify WebInspect.
5.	Use the command from Stage 3 to run a scan using WI.exe or create a macro using the WebInspect REST API as described in Using the Selenium Command.
6.	Fix any errors that occur. When conducting a scan with WI.exe or creating a macro in the API, the macro is validated. Errors and warnings are returned for each Selenium command. This feature is enabled by default. To disable it: In WI.exe, use the argument -selenium_no_validation parameter. For more information, see Using wi.exe. In the API, set the VerifyMacro parameter to false. For more information, see the Fortify WebInspect REST API Swagger UI. To troubleshoot issues, view the Scan logs for errors and the StateRequestor logs for warnings. Tip: Generally, logs are written to the following directory paths: If an API scan runs as the SYSTEM USER, which is the default user, then logs are written to: C:\ProgramData\HP\HP WebInspect\Schedule\logs\<scan_guid>\ScanLog C:\ProgramData\HP\HP WebInspect\Schedule\logs\<scan_guid>\StateRequestor All CLI and UI scans, and if an API scan runs as the current user, then logs are written to: C:\Users\<user.name>\AppData\Local\HP\HP WebInspect\Logs\<scan_guid>\ScanLog C:\Users\<user.name>\AppData\Local\HP\HP WebInspect\Logs\<scan_guid>\StateRequestor