Vulnerabilities can be queried using the command line interface providing a CPE or list of CPEs as input.
Requirements
The target host must contain FossID security volume. The host can be configured either using --host option or specifying it in the [CLI] section of the ‘fossid.conf’.
How to obtain vulnerability information for a CPE
The command line interface expects the CPE specification using the --cpe option. Several CPEs can be input comma separated.
Example
Looking vulnerabilities for the Linux Kernel version 2.6.0.
fossid-cli --config /fossid/etc/fossid.conf --cpe "cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*"
Looking vulnerabilities for the Linux Kernel version 2.6.0, 2.6.4 and 2.6.8
fossid-cli --config /fossid/etc/fossid.conf --cpe \
"cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*, cpe:2.3:o:linux:linux_kernel:2.6.4:*:*:*:*:*:*:*, cpe:2.3:o:linux:linux_kernel:2.6.8:*:*:*:*:*:*:*"