Frequently Asked Questions (FAQ)

Greenbone, GVM and OpenVAS how are they connected

When the OpenVAS project was created it only consisted of an engine for scanning vulnerabilities. Shortly after Greenbone Networks was funded to achieve professional support for vulnerability scanning. Greenbone started to lead the development, added several software components and turned OpenVAS into a vulnerability management solution still keeping the values of free software.

After several years it became obvious that using OpenVAS as the brand name for the open source project and funding nearly all development of the project wasn’t recognized from the outside. Therefore after the release of the OpenVAS 9 framework it got renamed to Greenbone Vulnerability Management (GVM) and released as Greenbone Source Edition (GSE). Since GVM 10 the term OpenVAS is only used for the scanner component as it was at the beginning of the project.

For a comprehensive background see History of OpenVAS at https://openvas.org/

GVM, GSE, GSM TRIAL, GCF, GSF, GSM, GPE, ... what are these things about

See Solution_Comparison paper

and the glossary of the gvm-tools documentation

https://gvm-tools.readthedocs.io/en/latest/glossary.html

My Report contains Report outdated / end-of-life Scan Engine

Besides only mentioning GVM Libraries (gvm-libs) in the scan result it means your whole GVM installation is outdated. All software components of our stack need to be updated not only gvm-libs. The software components you are using our not supported anymore. Issues you are currently facing with such a version are very likely already fixed in newer versions. See this table to get an overview of our software versions. This issue needs to be fixed by the provider of your installation of our software, which is most likely your distribution package maintainer.

External issue reports for Report outdated / end-of-life Scan Engine / Environment (local):

Can you help to update my GVM version on Kali, Cent OS, XYZ distribution

Greenbone doesn’t provide any packages for any Linux distribution besides our own commercial Greenbone OS. If you have installed our software from your distribution, an external package repository or even a docker image Greenbone wasn’t involved in providing this installation method to you. The software from these sources may be heavily adjusted, outdated or even completely broken. Therefore if you have issues with the software please contact the provider of the packages first. How to contact the provider really depends and varies.

We are not able to offer any help on updating packages from any external source like Kali, Cent OS, Docker Image, …!

Please help me installing GVM and please advice on recommended platform OS too

This is very similar to Can you help to update my GVM version on Kali, Cent OS, XYZ distribution. Greenbone can’t provide installation docs for the many available Linux distributions available. Setups, configurations, build systems, packaging tools, available software, best practices, … diverge to much to offer official packages, scripts or anything else. We offer installation documentation for our components and this forum for discussing setup problems. Therefore Greenbone also doesn’t recommend any distribution nor do we prefer one distribution over the other. Most of the time we are even not aware which distribution ships which version of our software.

If you want to build from source you can try following https://sadsloth.net/post/install-gvm-20_08-src-on-debian/ for GVM 20.08 on Debian (should work for Ubuntu or Kali too). This guide is not maintained by Greenbone nor is it official in any kind but the community reported that it works well.

Which release contains which component? GOS version vs. GSE version?

It is often confusing to find out which software component of the Greenbone Source Edition belongs to which GVM release. Additionally the Greenbone OS used in the GSM Trial Virtual Machine had a different versioning scheme then GVM. We are aware of this and therefore with the 20.08 release we changed our versioning scheme to Calendar Versioning. With this change all software components (besides gvm-tools and python-gvm), GVM and GOS are using the same version.

GVM GOS gvmd GMP GSA gvm-libs scanner status release
GVM 20.08 20.08 gvmd 20.08 GMP 20.08 20.08 gvm-libs 20.08 openvas 20.08 stable 2020-08-12
GVM 11 6 gvmd 9 GMP 9 9 gvm-libs 11 openvas 7 end-of-life (since 31.12.2020) 2019-10-14
GVM 10 5 gvmd 8 GMP 8 8 gvm-libs 10 openvas-scanner 6 end-of-life (since 31.12.2020) 2019-04-05
OpenVAS 9 4 openvas-manager 7 OMP 7 7 openvas-libraries 9 openvas-scaner 5.1 community eol 2017-03-07

My self compiled version of GVM isn't working as expected. Can you help me?

All questions in this forum are answered on voluntary basis. Therefore please don’t expect immediate responses. This is a forum for individuals to exchange experiences and problems about a Free Software project and not to get instance advises from the developers to fix your current issue.

If you are using a self-compiled version of our GVM stack (our Greenbone Source Edition) or from an external third party like a distribution please always check if you can reproduce the same behavior with our GSM Trial VM. If we are able to reproduce your issue it will be much easier to fix.

Can I mix components from different releases?

Short answer no. You must never mix versions of our components from different releases. Often people try to use version e.g. the scanner from the master branch in combination with a release version of the other components like gvmd to check if their failing scan works with a newer version. While it may work for some components in most circumstances it is very likely to break for gvmd, ospd, ospd-openvas and openvas. These components interact with each other a lot and rely on public and private interfaces that change with every release. Internal incompatible changes even might happen in bugfix releases. Therefore never mix components from different releases. Always use the latest releases or the same release branches. In the release announcements of this forum we always update the linked released versions which should be used and are known to work flawlessly.

I am looking for an overview about OpenVAS

The thing you are looking for is named Greenbone Vulnerability Management (GVM) now. openvas is only the name of the scanner application nowadays. GVM consists of several software components and openvas is only one of them. All components are free software and can be found at GitHub.

For an overview of the components and their connections please take a look at the Architecture of the GVM 20.08 release.

6 Likes
Upgrading GVM/OpenVAS 9 to either 10 or 11
OpenVAS URL update version
Full GVM-11 Build Guide for CentOS 8
Need assistance with upgrading (gvm-libs) version: 9.0.3 to (gvm-libs) version:(gvm-libs) version: 10.0.1 on Windows Server
Getting as end of life scan engine
GMP Service is down , Help
Openvas9 or GVM
Lib kb_redis-CRITICAL ** error on running openvas-setup in ubuntu 18.04 LTS
Kali2020 can't use `openvas-setup` command
Job for gvmd.service failed
Having issues finding libgvm_base
Error during scan
Upgrading GVM/OpenVAS 9 to either 10 or 11
GSE Versions vs GOS Versions
Help for Noobie Install openvas Kali
GVM 11 vs OpenVAS v20.8.1
How to migrate Greenbone Vulnerability Management from 11 to 20.08
OpenVAS Installation (Free/Paid)
Cve 2020-17008
Skipping NVT '1.3.6.1.4.1.25623.1.0.150081'
ERROR /usr/bin/greenbone-nvt-sync: 517: cannot create /var/lib/openvas/feed-update.lock: Permission denied when i run gvm-setup
Skipping NVT '1.3.6.1.4.1.25623.1.0.150081'
Unable NVT to get update in Openvas
Can I run the Greenbone OS Administration on non appliances?
Greenbone open sourse eddition 20.08 (free without the trial period) where to download the iso file
Why is this community worse than Microsoft's Community?
Summarize and Discuss about all three options to setup GVM
I can not install openvas
Best way to install/scale OpenVAS?
Best way to install/scale OpenVAS?
Upgrade OpenVAS Community Edition- CentOS7
Openvas on Ubuntu 18
Upgrade of GVM 9 to 11
Cannot access the web interface although everything is up and running in Ubuntu 20.04.1 LTS
Report outdated / end-of-life Scan Engine / Environment on FreeBSD
Openvas integration
No scan list, no port lists after build of 20.08?
Omp "failed to acquire socket"
Upgrade open VAS 7.0.3 to 9.0.3 which install on Ubuntu 18.04
Openvas9 or GVM
Is OpenVAS blocked to Cuba?
Questions about Greenbone Security Feed
Microsoft Bulletins Does Not Run