If you are only looking to inventory a specific JSON file, the documentation below should walk you through the process of setting this up:
I hope this helps. Please let me know if you have any further questions.
Another - potentially better - way to do this, is to write your own custom vulnerability.
Custom vulnerabilities can "do anything" you can / care to script, so you can "pick up" a JSON file & report on whether it's fine / misbehaving or what not too, and just use patch reporting for it.
Here's a guide on it -- How To: Create a Custom Vulnerability Definition in Patch and Compliance Manager .
Using SCAN EXTENSIONS is a bit of a case of "drinking from the firehose" if all you want is a glass of water - it'll scan for & pick up & report on *EVERY* file with that extension.
That's going to be an awful lot of clutter.