What about using the “Track uses of disallowed dependencies”?
You can create a pattern to detect if your project is using the vulnerable dependency in your pom.xml.
I know it is just for Java projects using Maven and I know it may not detect all the transitive dependencies but it may help.
What do you think? Does it make sense?
Thanks and best regards.