InsightVM scanning for Vulnerabilities with Open Source Dependencies/Components


I’m fairly new to InsightVM, so please bear with me. Our internal developers are utilizing an extension called Mend Bolt (integrated with our Azure DevOps Services) that I don’t know much about. Just reading about it, it’s used to scan vulnerable and outdated open-source components in software/libraries.

The developers approached me in asking if whether or not InsightVM has the capability to do a deep scan of their applications/and or environment. To provide more context, they are seeing vulnerabilities in Vite,. Node, and Axios. Unfortunately, the problem I’m having is I’m not seeing any traces of these vulnerabilities they’re mentioning in IVM.

Does InsightVM have the capability to perform these types of deep scans, as this vendor tool Mend Bolt does. Any feedback and pointing in the right direction would be much appreciated.