As a follow up to #110 let's add a tutorial along these lines:

• Receive an SBOM, Load in a Product
• Enrich SBOM with scanning and vulnerabilities
• Manage vulnerabilities impact, to set some vulnerability as not impacting
• Export an SBOM and VEX