Cybersecurity
DevOps Cloud
IT Operations Cloud
On Tuesday, November 12, as part of a company wide initiative to bring all corporate websites under the OpenText brand, the Community will be down briefly around 11am Eastern / 8am Pacific as we transition to a new domain name. The community will be offline while we make the change and when it comes back online it will be located at community.opentext.com and the old domain will redirect to this new location. Thank you for your patience as we make this important change.
Starting with our WebInspect 23.1.0 release, client-side library analysis has been enhanced. The hacker-level insights check has been enhanced to include information from the National Vulnerability Database (NVD) and Debricked health metrics when configured with your Debricked access token.
If you do not have an existing Debricked account, you can signup for a free Debricked account on their website. After signing up, configure WebInspect, according to the documentation, to use the Debricked access token. Once these steps are complete and a scan has been completed, you will see results similar to the following:
By configuring WebInspect with your Debricked access token, you will get results from Debricked's Open Source Health metrics for components where that information is available. A Debricked configuration also extends the local NVD and includes the newest CVEs. You can find further information regarding Debricke's health metrics here - https://portal.debricked.com/project-health-45/what-is-a-health-metric-183
Even if you do not integrate WebInspect with Debricked, we will still provide information from the NVD. This is evidenced by the other findings listed under Known NVD records. You can learn more about the National Vulnerability Database (NVD) at https://nvd.nist.gov/.
If there are no records for a CVE inside the local NVD, then data about the CVE and its description will be obtained from the Debricked database.