This is the Git repo of the tools to deploy Greenbone Vulnerability Management with containers. It is based on the Greenbone Source Edition (GSE) open source project.

• see https://greenbone.github.io/docs/latest/
• see https://greenbone.github.io/docs/latest/22.4/container/index.html

Based on [admirito's GVM PPA] (https://launchpad.net/~mrazavi/+archive/ubuntu/gvm) The source docker images hosted on this repo. It contains the source for the following docker images:

• gvmd: Greenbone Vulnerability Manager
• gsad: Greenbone Security Assistant
• gvm-postgres: PostgreSQL 12 Database with libgvm-pg-server extension to be used by gvmd

Based on the ubuntu Lunar (23.04) : https://launchpad.net/ubuntu/+source/openvas-scanner

The source docker images hosted on this repo. It contains the source for the following docker

• openvas-scanner: OpenVAS remote network security scanner

To setup the GVM system with =docker-compose=, first clone the repo and issue =docker-compose up= commands to download and synchronize the data feeds required by the GVM:

• synchronize data feeds

git clone https://github.com/konvergence/gvm-containers.git

cd gvm-containers

docker-compose -f nvt-sync.yml up
docker-compose -f cert-sync.yml up
docker-compose -f scap-sync.yml up
docker-compose -f gvmd-data-sync.yml up

Then, you can run GVM services with a simple =docker-compose up= command. The initialization process can take a few minutes for the first time:

• run GVM with docker-compose

# in the gvm-containers directory
docker-compose up -d

The Greenbone Security Assistant =gsad= port is exposed on the host's port 8080. So you can access it from [[http://localhost:8080]].

A helm chart for deploying the docker images on kubernetes is also available.

WARNING: Breaking changes

• since helm chart 1.5.0+,
• dependencies gvmd-db is renamed to postresql
• dependencies openvas-redis is renamed to redis

Usage

• To install GVM on a kubernetes cluster, first create a namespace and then install the helm chart:

• install on the kubernetes cluster

kubectl create namespace gvm

read -s -p "DB_PASS:" DB_PASS

kubectl -n gvm create secret generic postgresql-secret --from-literal=postgresql-password=${DB_PASS}


helm install gvm \
    https://github.com/konvergence/gvm-containers/releases/download/chart-1.5.0/gvm-1.5.0.tgz \
    --namespace gvm --set gvmd-db.auth.existingSecret="postgresql-secret" --set gvmd-db.auth.secretKeys.userPasswordKey="postgresql-password"

By default a cron job with a =@daily= schedule will be created to update the GVM feeds. You can also enable a helm post installation hook to perform the feeds synchronization before the installation is complete by adding --timeout 90m --set syncFeedsAfterInstall=true arguments to the =helm install= command. Of course, this will slow down the installation process considerably, although you can view the feeds sync post installation progress by =kubectl logs= command:

• install on the kubernetes cluster

NS=gvm

kubectl logs -n $NS -f $(kubectl get pod -n $NS -l job-name=gvm-feeds-sync -o custom-columns=:metadata.name --no-headers)

Please note that =feed.community.greenbone.net= servers will only allow only one feed sync per time so you should avoid running multiple feed sync jobs, otherwise the source ip will be temporarily blocked. So if you are enabling =syncFeedsAfterInstall= you have to make sure the cron job will not be scheduled during the post installation process.

For more information and see other options please read the ./chart/README.md.