This script 'run.py' will take in a json file with CPE of components (like 'task-sbom.json' in the repository).
Then it will query the CPE API: https://nvd.nist.gov/developers/products and the CVE API: https://nvd.nist.gov/developers/vulnerabilities for any any entries.
Last it will process the result and send to a results.txt file.
To run, the requests python module will need to be installed which a requirements.txt file has been included.