Starting with our WebInspect 23.1.0 release, client-side library analysis has been enhanced. The hacker-level insights check has been enhanced to include information from the National Vulnerability Database (NVD) and Debricked health metrics when configured with your Debricked access token.
If you do not have an existing Debricked account, you can signup for a free Debricked account on their website. After signing up, configure WebInspect, according to the documentation, to use the Debricked access token. Once these steps are complete and a scan has been completed, you will see results similar to the following:
By configuring WebInspect with your Debricked access token, you will get results from Debricked's Open Source Health metrics for components where that information is available. A Debricked configuration also extends the local NVD and includes the newest CVEs. You can find further information regarding Debricke's health metrics here - https://portal.debricked.com/project-health-45/what-is-a-health-metric-183
Even if you do not integrate WebInspect with Debricked, we will still provide information from the NVD. This is evidenced by the other findings listed under Known NVD records. You can learn more about the National Vulnerability Database (NVD) at https://nvd.nist.gov/.
If there are no records for a CVE inside the local NVD, then data about the CVE and its description will be obtained from the Debricked database.