You can use the Mendix SDK to identify components of your application, if you wish. An easier way to identify potential vulnerable components is to scan parts of a built Mendix package. So for instance, you could build the application using the Mendix Docker Buildpack and scan the image using tools such as Snyk or Trivy.
Couple of things to keep in mind:
I think you should only worry about the ones in your project userlib directory because they are out of Mendix control. And those you can easily check yourself.
Regards,
Ronald