Yes. If you would like to use a vulnerability scanner (outside of the built-in one), report these findings to Ketryx, and subsequently manage those vulnerabilities in Ketryx, you can do so. 

Simply use your preferred tool to identify vulnerabilities, add those vulnerabilities to your SPDX or CDX files, and report those files to Ketryx via the Build API. You will then be able to manage those vulnerabilities via the SBOM and Vulnerabilities module in Ketryx. When you create the cdx file for upload, we recommend using this site to make sure the correct components are in the file.