nudge-auto-updater is a rule-based updater for Nudge JSON files that sources lists of CVEs from SOFA, and enriches them with information from the National Vulnerability Database (via VulnCheck).
Armed with this information, and your configured rules, it can determine whether a new macOS update has been released that should be applied. If so, it can decide enforcement deadlines, provide output as to what rules it followed to reach that decision, and then update your Nudge JSON config file accordingly. Optionally, you can have nudge-auto-updater bring your existing Nudge JSON configuration in-line with your specified rules, even if the enforced version is already up-to-date.
To get started with nudge-auto-updater, you should read the "Getting Started" page in the wiki.
Information about configuring nudge-auto-updater can be found in the configuration documentation. Examples are also provided.
If you want to leverage the VulnCheck functionality, then you will need to provide your own VulnCheck API key. You can supply this key to the script by means of an environment variable, or a command-line argument.