Vulnerabilities can be queried using the FossID Toolbox providing a CPE or list of CPEs as input.
Requirements
The target host must contain FossID security volume. The host can be configured either using --host option or specifying it in the [CLI] section of the ‘fossid.conf’.
How to obtain vulnerability information for a CPE
The FossID Toolbox expects the CPE specification using the cpe option. Several CPEs can be input comma separated.
Example
Looking vulnerabilities for the Linux Kernel version 2.6.0.
fossid-toolbox -c /fossid/etc/fossid.conf cpe "cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*"
Looking vulnerabilities for the Linux Kernel version 2.6.0, 2.6.4 and 2.6.8
fossid-toolbox -c /fossid/etc/fossid.conf cpe "cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*, cpe:2.3:o:linux:linux_kernel:2.6.4:*:*:*:*:*:*:*, cpe:2.3:o:linux:linux_kernel:2.6.8:*:*:*:*:*:*:*"