WebInspect Swagger API Scanning

Supported Products

Using the WISwag.exe Tool

You can use the WISwag.exe tool in advanced situations for scanning a REST API, such as when you need to provide a configuration file that includes parameter values. The WISwag.exe tool is a command line tool that parses a REST API definition and converts it into a format that Fortify WebInspect understands.

Supported API Definitions and Protocols

The WISwag tool supports the following REST API definitions and protocols:

  • OpenAPI Specification versions 2.0 and 3.0 (formerly known as Swagger Specification). For more information, visit.
  • Open Data (OData) protocol (versions 2, 3, and 4). For more information, visit.

Tip: When using the WISwag tool with OData, if a POST fails to successfully create a request for an entity set, view the error in the HTTP details tab of the Web Macro Recorder to determine the requirements for the entity.

Resources
Supported API Definitions and Protocols

About Swagger

Swagger is an open-source software framework backed by a large ecosystem of tools that helps developers design, build, document, and consume RESTful web services. While most users identify Swagger by the Swagger UI tool, the Swagger toolset includes support for automated documentation, code generation, and test-case generation.

Swagger
release-rel-2020-9-2-5123 | Tue Sep 15 18:06:14 PDT 2020
5123
release/rel-2020-9-2-5123
Tue Sep 15 18:06:14 PDT 2020