docker.recipes

OpenVAS / Greenbone

advanced

Full-featured vulnerability scanner.

Overview

Greenbone Community Edition is the open-source version of the enterprise vulnerability management platform, built on the OpenVAS framework. Originally developed as the Open Vulnerability Assessment System, OpenVAS has evolved into a comprehensive vulnerability scanning solution that provides network vulnerability testing, compliance checking, and security assessment capabilities. The platform combines multiple scanning engines, vulnerability feeds, and reporting tools to deliver enterprise-grade security assessment functionality. This containerized deployment packages the entire Greenbone Community stack including the OpenVAS scanner daemon, Greenbone Vulnerability Manager (GVM), the GSA web interface, and PostgreSQL database into a single unified container. The architecture handles vulnerability feed synchronization, scan orchestration, credential management, and report generation through an integrated web-based management interface. The container automatically manages feed updates from the Greenbone Community Feed, ensuring current vulnerability definitions and security checks. Security professionals, penetration testers, and IT administrators who need comprehensive vulnerability assessment capabilities will find this deployment valuable for both one-time assessments and continuous security monitoring. The containerized approach eliminates the complexity of manually installing and configuring the multiple Greenbone components while maintaining full scanning functionality. Organizations conducting compliance assessments, security audits, or implementing DevSecOps practices can leverage this setup to integrate vulnerability scanning into their security workflows.

Key Features

  • Network vulnerability scanning with authenticated and unauthenticated assessment modes
  • Greenbone Community Feed integration with automatic vulnerability signature updates
  • Web-based Greenbone Security Assistant (GSA) interface for scan management and reporting
  • Built-in PostgreSQL database for storing scan results, configurations, and vulnerability data
  • Support for credential-based scanning across Windows, Linux, and network device targets
  • Compliance scanning capabilities including PCI DSS, NIST, and ISO 27001 frameworks
  • Flexible scan scheduling with recurring vulnerability assessments and delta reporting
  • Multi-format report generation including PDF, XML, CSV, and HTML outputs

Common Use Cases

  • 1Regular vulnerability assessments for internal network infrastructure and servers
  • 2Compliance scanning for PCI DSS, HIPAA, and other regulatory requirements
  • 3Penetration testing preparation to identify potential attack vectors before security audits
  • 4DevSecOps integration for vulnerability scanning in CI/CD pipelines and staging environments
  • 5Asset discovery and security posture assessment for newly acquired IT infrastructure
  • 6Continuous monitoring of cloud and hybrid environments for emerging vulnerabilities
  • 7Security baseline validation after system updates, patches, or configuration changes

Prerequisites

  • Minimum 4GB RAM and 2 CPU cores for small networks, 8GB+ recommended for larger environments
  • Available port 9392 for web interface access with HTTPS support required
  • Sufficient disk space for vulnerability feeds and scan data (minimum 20GB recommended)
  • Network connectivity to target systems for vulnerability scanning operations
  • Understanding of vulnerability management concepts and network security fundamentals
  • Time allocation for initial feed synchronization which can take 30-60 minutes on first startup

For development & testing. Review security settings, change default credentials, and test thoroughly before production use. See Terms

docker-compose.yml

docker-compose.yml
1services: 
2  greenbone: 
3    image: greenbone/community-container:stable
4    container_name: greenbone
5    restart: unless-stopped
6    volumes: 
7      - greenbone_data:/var/lib/openvas
8      - greenbone_gvm:/var/lib/gvm
9    ports: 
10      - "9392:9392"
11
12volumes: 
13  greenbone_data: 
14  greenbone_gvm:

.env Template

.env
1# Initial setup takes significant time for feed sync

Usage Notes

  1. 1Docs: https://greenbone.github.io/docs/latest/
  2. 2Web UI at https://localhost:9392 (self-signed cert)
  3. 3Default credentials: admin/admin - change immediately
  4. 4Initial feed sync takes 30-60 minutes - check logs for progress
  5. 5Create scan targets and tasks from web UI
  6. 6Schedule recurring scans for continuous vulnerability monitoring

Quick Start

terminal
1# 1. Create the compose file
2cat > docker-compose.yml << 'EOF'
3services:
4  greenbone:
5    image: greenbone/community-container:stable
6    container_name: greenbone
7    restart: unless-stopped
8    volumes:
9      - greenbone_data:/var/lib/openvas
10      - greenbone_gvm:/var/lib/gvm
11    ports:
12      - "9392:9392"
13
14volumes:
15  greenbone_data:
16  greenbone_gvm:
17EOF
18
19# 2. Create the .env file
20cat > .env << 'EOF'
21# Initial setup takes significant time for feed sync
22EOF
23
24# 3. Start the services
25docker compose up -d
26
27# 4. View logs
28docker compose logs -f

One-Liner

Run this command to download and set up the recipe in one step:

terminal
1curl -fsSL https://docker.recipes/api/recipes/openvas/run | bash

Troubleshooting

  • Feed sync stuck or taking too long: Check container logs and restart if necessary, ensure adequate disk space and network connectivity to Greenbone feeds
  • Web interface shows certificate warnings: The container uses self-signed certificates by default, add security exception or configure custom certificates
  • Scans failing with authentication errors: Verify target system credentials are correct and have appropriate permissions for the scan type being performed
  • High memory usage during large scans: Increase Docker memory limits and consider breaking large networks into smaller scan targets
  • Database connection errors on startup: Allow more time for PostgreSQL initialization and check container logs for database startup completion
  • Scanner not detecting services: Ensure target systems allow connections from the scanner IP and firewall rules permit scanning traffic

Community Notes

Loading...
Loading notes...

Download Recipe Kit

Get all files in a ready-to-deploy package

Includes docker-compose.yml, .env template, README, and license

Components

greenbone

Tags

#openvas#greenbone#vulnerability#scanner

Category

Security & Networking

Related Recipes

Ad Space