What would you like to be added:

Currently Grype supports scanning a single PURL or a file of PURLs. Grype also supports scanning a single CPE, but lacks support for scanning a list of CPEs.

Why is this needed:

Although Grype is primarily a scanner for SBOMs, sometimes it is useful to scan a CPE or PURL directly, e.g. when it comes from other sources such as asset management systems or configuration management systems. In these cases we already have PURLs / CPEs ready and it would be great to have a way to scan many PURLs / CPEs directly instead of crafting a minimal SBOM with the PURLs / CPEs. This use case is already supported for a list of PURLs and I think it makes sense to support it on the side of CPEs too.

Additional context:

We can either cpe:./file.txt and interpret it as a CPE first and if it fails try to resolve it as a file. Or we can choose another prefix, such as cpes:./file.txt. I am interested in this feature, the implementation seems quite straightforward too, so I believe I can participate. Would you accept a contribution of this feature?