Update readme usage section (#171)

These are some small changes to the usage section of the README, based on conversations with @olivekl.
The goal was to clarify the different options available to the user.

Author: hayleycd

README.md

@@ -83,46 +83,43 @@ All releases on the same Major version will be guaranteed to have backward compa
 
 ## Usage
 
-OSV-Scanner collects a list of dependencies and versions that are used in your project, before matching this list against the OSV database via the [OSV.dev API](https://osv.dev#use-the-api). To build the list of dependencies, you can point OSV-Scanner at your project directory, or manually pass in the path to individual manifest files.
+OSV-Scanner parses lockfiles, SBOMs, and git directories to determine your project's open source dependencies. These dependencies are matched against the OSV database via the [OSV.dev API](https://osv.dev#use-the-api) and known vulnerabilities are returned to you in the output. 
 
-### Scan a directory
+### General use case: scanning a directory
 
-Walks through a list of directories to find:
+```console
+osv-scanner -r /path/to/your/dir
+```
 
-- Lockfiles
-- SBOMs
-- git directories for the latest commit hash
+The preceding command will find lockfiles, SBOMs, and git directories in your target directory and use them to determine the dependencies to check against the OSV database for any known vulnerabilities.
 
-which is used to build the list of dependencies to be matched against OSV vulnerabilities.
+The recursive flag `-r` or `--recursive` will tell the scanner to search all subdirectories in addition to the specified directory. It can find additional lockfiles, dependencies, and vulnerabilities. If your project has deeply nested subdirectories, a recursive search may take a long time. 
 
-Can be configured to recursively walk through subdirectories with the `--recursive` / `-r` flag.
+Git directories are searched for the latest commit hash. Searching for git commit hash is intended to work with projects that use git submodules or a similar mechanism where dependencies are checked out as real git repositories. 
 
-Searching for git commit hash is intended to work with projects that use
-git submodules or a similar mechanism where dependencies are checked out
-as real git repositories.
+### Specify SBOM
 
-#### Example
+If you want to check for known vulnerabilities only in dependencies in your SBOM, you can use the following command:
 
 ```console
-osv-scanner -r /path/to/your/dir
+osv-scanner --sbom=/path/to/your/sbom.json
 ```
 
-### Input an SBOM
-
 [SPDX] and [CycloneDX] SBOMs using [Package URLs] are supported. The format is
 auto-detected based on the input file contents.
 
 [SPDX]: https://spdx.dev/
 [CycloneDX]: https://cyclonedx.org/
 [Package URLs]: https://github.com/package-url/purl-spec
 
-#### Example
+### Specify Lockfile(s)
+If you want to check for known vulnerabilities in specific lockfiles, you can use the following command:
 
 ```console
-osv-scanner --sbom=/path/to/your/sbom.json
+osv-scanner --lockfile=/path/to/your/package-lock.json --lockfile=/path/to/another/Cargo.lock
 ```
 
-### Input a lockfile
+It is possible to specify more than one lockfile at a time. 
 
 A wide range of lockfiles are supported by utilizing this [lockfile package](https://github.com/google/osv-scanner/tree/main/pkg/lockfile). This is the current list of supported lockfiles:
 
@@ -145,12 +142,6 @@ A wide range of lockfiles are supported by utilizing this [lockfile package](htt
 - `yarn.lock`
 - `/lib/apk/db/installed` (Alpine)
 
-#### Example
-
-```console
-$ osv-scanner --lockfile=/path/to/your/package-lock.json --lockfile=/path/to/another/Cargo.lock
-```
-
 ### Scanning a Debian based docker image packages (preview)
 
 This tool will scrape the list of installed packages in a Debian image and query for vulnerabilities on them.