...
From the returned data ThreadFix extracts severity, status, datecreated, location, and issuetype dependency values of each finding from all new, open, and reopened issues for the specified application.
Because the results set does not provide a scan date, ThreadFix will report the date the scan was imported as the scan date.
ThreadFix does paginate this request.
Users need to have the Vulnerability_Analysis permission to import scans, as seen below:
...
Parsing Vulnerabilities
The JSON returned by Dependency Track vulnerabilities endpoint maps directly to these ThreadFix Finding Mappings:
...