Support uploading VEX files

[aristotelos]

Is your feature request related to a problem? Please describe.

It would be helpful if this plugin would also support uploading VEX files along with the SBOM, so that vulnerability analysis can be stored in source control as well and cloning of previous projects is not necessary anymore (which the plugin does not support, see #66).

Describe the solution you'd like

Allow to specify a VEX artifact in the Jenkins job configuration, just like the SBOM artifact is specified.

[sephiroth-j]

To cite from https://cyclonedx.org/capabilities/vex/#bom-with-embedded-vex

CycloneDX also supports embedding VEX information inside a BOM
...
Automated security tools may opt to create a single BOM with embedded vulnerability or VEX data for convenience and portability

Have you tried that?

[aristotelos]

No, haven't tried that, good point...

[jakub-bochenski]

Well D-T doesn't support embedding VEX DependencyTrack/dependency-track#1872