You could just have ansible install the bigfix agent, and you could have bigfix baselines containing patches already deployed to all computers, or all computers that ansible builds, then bigfix would take over automatically from there and installing the agent is the only part ansible would need to do.
The more advanced option would be for ansible to install the bigfix agent, wait until the bigfix agent has finished it’s initial work, then ansible could deploy a custom baseline to only that system that contains all of the patches that the single system needs. This would be much more difficult to do easily and would take some work with the REST API.
The biggest issue with this approach is that Ansible can’t just install the BigFix agent and then immediately deploy a patching baseline to the machine with only the patches that machine needs because the BigFIx agent will take a little while to determine which patches it needs, which depends on the settings used to deploy the BigFix agent. You can deploy the BigFix agent with settings to speed up the initial provisioning process, but it would still take at least 10 minutes to as much as an hour or so depending on settings and network.
I should note that if you deploy a baseline to a system or all systems and it contains patches the system does not need, they will not be installed.
There is an API reference here: https://developer.bigfix.com/get-started/api.html
I would recommend using the REST API in most cases. It is what I use the most.