Integration of new vulnerabilities to Dependency Track

[mikemicky4321]

Hello Team,
Firstly thanks for creating such an amazing tool. We have internal Tool for Software Composition Analysis and we would like to also use Dependency Track. We would like to import the vulnerabilities from our internal tool to Dependency Track. According to my knowledge there are two ways. Actually one just realized.

1. Creating vulnerabilities using REST API.

• Exporting the vulnerabilities from internal tool --> write a python script --> Add manually all the CVE's at Dependency Track

2. Importing VEX format CVE's

• like internal tool ---> json to VEX format converter (python script already written) -->Import VEX --> New vulnerabilities for the same SBOM components.

• Regarding first method, Do you have any resources or scripts available?

• I have few questions for the second method, It is actually more easy to perform second method. According to the documentation, I need to submit new vulnerabilities only the components which already present at Dependency Track right? or I cannot even add any new vulnerabilities using this functionality?