This is the Git repo of the tools to deploy Greenbone Vulnerability Management with containers. It is based on the Greenbone Source Edition (GSE) open source project.
The source code of admirito’s unofficial docker images for Greenbone Vulnerability Management 22–which is based on admirito’s GVM PPA–is hosted on this repo. It contains the source for the following docker images:
- gvmd: Greenbone Vulnerability Manager
- openvas-scanner: OpenVAS remote network security scanner
- gsad: Greenbone Security Assistant
- gvm-postgres: PostgreSQL 14 Database with postgresql-14-gvm extension to be used by gvmd
To setup the GVM system with docker-compose
, first clone the repo and
issue docker-compose up
commands to download and synchronize the data
feeds required by the GVM:
git clone https://github.com/admirito/gvm-containers.git
cd gvm-containers
docker-compose -f nvt-sync.yml up
docker-compose -f cert-sync.yml up
docker-compose -f scap-sync.yml up
docker-compose -f gvmd-data-sync.yml up
Then, you can run GVM services with a simple docker-compose up
command. The initialization process can take a few minutes for the
first time:
# in the gvm-containers directory
docker-compose up
## docker images of a specific version can also be specified with
## an environment variable (for more information take a look at the
## .env file):
# GVM_VERSION=22 docker-compose up
The Greenbone Security Assistant gsad
port is exposed on the
host’s port 8080. So you can access it from http://localhost:8080.
A helm chart for deploying the docker images on kubernetes is also available. To install GVM on a kubernetes cluster, first create a namespace and then install the helm chart:
kubectl create namespace gvm
helm install gvm \
https://github.com/admirito/gvm-containers/releases/download/chart-1.3.0/gvm-1.3.0.tgz \
--namespace gvm --set gvmd-db.postgresqlPassword="mypassword"
By default a cron job with a @daily
schedule will be created to
update the GVM feeds. You can also enable a helm post installation
hook to perform the feeds synchronization before the installation is
complete by adding --timeout 90m --set syncFeedsAfterInstall=true
arguments to the helm install
command. Of course, this will slow
down the installation process considerably, although you can view the
feeds sync post installation progress by kubectl logs
command:
NS=gvm
kubectl logs -n $NS -f $(kubectl get pod -n $NS -l job-name=gvm-feeds-sync -o custom-columns=:metadata.name --no-headers)
Please note that feed.community.greenbone.net
servers will only
allow only one feed sync per time so you should avoid running multiple
feed sync jobs, otherwise the source ip will be temporarily
blocked. So if you are enabling syncFeedsAfterInstall
you have to
make sure the cron job will not be scheduled during the post
installation process.
For more information and see other options please read the chart/README.org.