doc: Add details on language specific checking (Fixes #1551) (#1561)

Author: anthonyharrison

.github/actions/spelling/allow.txt

@@ -357,6 +357,7 @@ Vorbis
 VPkg
 webkitgtk
 website
+whl
 wiki
 wikipedia
 willmcgugan

README.md

@@ -15,7 +15,7 @@ The CVE Binary Tool is a free, open source tool to help you find known vulnerabi
 The tool has two main modes of operation:
 
 1. A binary scanner which helps you determine which packages may have been included as part of a piece of software.  There are around 100 checkers which focus on common, vulnerable open source components such as openssl, libpng, libxml2 and expat.
-2. Tools for scanning known component lists in various formats, including .csv, several linux distribution package lists, and several Software Bill of Materials (SBOM) formats.
+2. Tools for scanning known component lists in various formats, including .csv, several linux distribution package lists, language specific package scanners and several Software Bill of Materials (SBOM) formats.
 
 It is intended to be used as part of your continuous integration system to enable regular vulnerability scanning and give you early warning of known issues in your supply chain.
 
@@ -24,7 +24,7 @@ For more details, see our [documentation](https://cve-bin-tool.readthedocs.io/en
 - [CVE Binary Tool quick start / README](#cve-binary-tool-quick-start--readme)
   - [Installing CVE Binary Tool](#installing-cve-binary-tool)
   - [Most popular usage options](#most-popular-usage-options)
-  - [Using the tool offline](#using-the-tool-offline)
+    - [Using the tool offline](#using-the-tool-offline)
     - [Finding known vulnerabilities using the binary scanner](#finding-known-vulnerabilities-using-the-binary-scanner)
     - [Finding known vulnerabilities in a list of components](#finding-known-vulnerabilities-in-a-list-of-components)
     - [Scanning an SBOM file for known vulnerabilities](#scanning-an-sbom-file-for-known-vulnerabilities)
@@ -33,6 +33,7 @@ For more details, see our [documentation](https://cve-bin-tool.readthedocs.io/en
   - [Configuration](#configuration)
   - [Using CVE Binary Tool in GitHub Actions](#using-cve-binary-tool-in-github-actions)
   - [Binary checker list](#binary-checker-list)
+  - [Language Specific checkers](#language-specific-checkers)
   - [Limitations](#limitations)
   - [Requirements](#requirements)
   - [Feedback & Contributions](#feedback--contributions)
@@ -63,6 +64,8 @@ To run the binary scanner on a directory or file:
 cve-bin-tool <directory/file>
 ```
 
+Note that this option will also use any [language specific checkers](#language-specific-checkers) to find known vulnerabilities in components.  
+
 ### Finding known vulnerabilities in a list of components
 
 To scan a comma-delimited (CSV) or JSON file which lists dependencies and versions:
@@ -215,6 +218,25 @@ All the checkers can be found in the checkers directory, as can the
 Support for new checkers can be requested via
 [GitHub issues](https://github.com/intel/cve-bin-tool/issues).
 
+## Language Specific checkers
+
+A number of checkers are available for finding vulnerable components in specific language packages.
+
+### Java
+
+The scanner examines the `pom.xml` file within a Java package archive to identify Java components. The package names and versions within the archive are used to search the database for vulnerabilities.
+
+JAR, WAR and EAR archives are supported.
+
+### Python
+
+The scanner examines the `PKG-INFO` and `METADATA` files for an installed Python package to extract the component name and version which
+are used to search the database for vulnerabilities.
+
+The tool supports the scanning of the contents of any Wheel package files (indicated with a file extension of .whl) and egg package files (indicated with a file extension of .egg).
+
+The `--package-list` option can be used with a Python dependencies file `requirements.txt` to find the vulnerabilities in the list of components.
+
 ## Limitations
 
 This scanner does not attempt to exploit issues or examine the code in greater