---
title: "Can I use an external vulnerability scanner and report those results to Ketryx?"
description: "Yes. If you would like to use a vulnerability scanner (outside of the built-in one), report these findings to Ketryx, and subsequently manage those vulnerabilities in Ketryx, you can do so."
category: "Frequently Asked Questions"
section: "Supply Chain Management Software Dependencies"
keywords: ["vulnerability scanner", "external vulnerability", "report", "vulnerabilities", "results", "cdx", "files", "manage"]
source_url: "https://support.ketryx.com/hc/en-us/articles/37030761075853-Can-I-use-an-external-vulnerability-scanner-and-report-those-results-to-Ketryx"
last_reviewed: 2026-06-11
---

# Can I use an external vulnerability scanner and report those results to Ketryx?

Yes. If you would like to use a vulnerability scanner (outside of the built-in one), report these findings to Ketryx, and subsequently manage those vulnerabilities in Ketryx, you can do so.

Simply use your preferred tool to identify vulnerabilities, add those vulnerabilities to your SPDX or CDX files, and report those files to Ketryx [via the Build API](https://docs.ketryx.com/api/build-api#uploading-an-spdx-file). You will then be able to manage those vulnerabilities via the SBOM and Vulnerabilities module in Ketryx. When you create the cdx file for upload, we recommend using [this site](https://cyclonedx.org/docs/1.4/json/) to make sure the correct components are in the file.

## Related articles

- [How does Ketryx manage vulnerabilities as opposed to product and patient related risks?](how-does-ketryx-manage-vulnerabilities-as-opposed-to-product-and-patient.md)
- [Can Ketryx scan for dependencies outside of the built-in dependency scanner languages?](can-ketryx-scan-for-dependencies-outside-of-the-built-in-dependency-scanner.md)
- [Does Ketryx support C# dependency scanning?](does-ketryx-support-c-dependency-scanning.md)
- [What is the difference between the release vulnerability report and the \"on-demand\" vulnerability report data grid option on the Vulnerabilities page?](what-is-the-difference-between-the-release-vulnerability-report-and-the-on.md)
- [Does Ketryx integrate with multiple vulnerability scanners beyond what is native in Ketryx?](does-ketryx-integrate-with-multiple-vulnerability-scanners-beyond-what-is.md)
