Add more examples #154
Description
Dear Nicklas,
First of all, awesome work. I would appreciate a few more examples, e.g. how to use the --bom option. I scanned the keycloak/keycloak:nightly docker image, and only Linux directories were found. No cryptographic assets were detected in the keycloak component. IBM QSE found 198 cryptographic assets in the keycloak source code. I know that CBOMkit-theia is no source code scanner. But does that mean that the application component in a docker image is not scanned at all? Thanks for any feedback and guidance!
Kind regards,
Xenia