...

• From the returned data ThreadFix extracts severity, status, datecreated, location, and issuetype dependency values of each finding from all new, open, and reopened issues for the specified application.

• Because the results set does not provide a scan date, ThreadFix will report the date the scan was imported as the scan date.

• ThreadFix does paginate this request.

• Users need to have the Vulnerability_Analysis permission to import scans, as seen below:

...

Parsing Vulnerabilities

The JSON returned by Dependency Track vulnerabilities endpoint maps directly to these ThreadFix Finding Mappings:

...