Unable to get findings with Vega

[pomil-1969]

I am using VEGA to perform penetration testing on an Angular web application. Before performing the test, I am manually scanning the application (after successfully setting up a proxy connection between my browser and VEGA) in order to collect the app urls I need to test, which among others, are REST back end calls to a secured Spring Boot application.

The back end calls require the presence of the request header 'Authorization: Bearer xxx', where xxx corresponds to a valid token, or else the server response will be '403 Unauthorized'.

After finishing the scanning, I am starting the scanning process. The application home page and the login page are being scanned as expected and I am getting some findings, but unfortunately all the other paths (which are the secured paths) are not scanned, since I do not receive any finding. I also try manually adding the required request header to every VEGA request, by configuring an Identity with "Macro" Authentication type and selecting the entry with the Authentication request header, but without any success.

Is this a bug of the application or am I missing something? Could somebody provide any insight on this?