We were thinking about using OpenVAS as a solution to be incorporated into one of our products. My concern is the licensing with OpenVAS which is under GNU GPL. Can we incorporate OpenVAS into our software product as a profit making adventure? We would anticipate on average around 10-20 devices to be scanned periodically. Please advise if this is something that can work.
Only the scanner component in licensed under GPLv2. Components providing a public API are under AGPLv3+. Utilities and libraries are using GPLv3+. Of course you can include them in a product as we do but please you must take that serious. Your question indicates that you are not familiar with free and open software and its licensing.
You must understand using it has serious effects on your product! You need to contact a lawyer to get an advise on this regard.