This is the Git repo of the tools to deploy Greenbone Vulnerability Management with containers. It is based on the Greenbone Source Edition (GSE) open source project.
The source code of admirito’s unofficial docker images for Greenbone Vulnerability Management 21–which is based on admirito’s GVM PPA–is hosted on this repo. It contains the source for the following docker images:
- gvmd: Greenbone Vulnerability Manager
- openvas-scanner: OpenVAS remote network security scanner
- gsad: Greenbone Security Assistant
- gvm-postgres: PostgreSQL 12 Database with libgvm-pg-server extension to be used by gvmd
To setup the GVM system with docker-compose, first clone the repo and
issue docker-compose up commands to download and synchronize the data
feeds required by the GVM:
git clone https://github.com/admirito/gvm-containers.git
cd gvm-containers
docker-compose -f nvt-sync.yml up
docker-compose -f cert-sync.yml up
docker-compose -f scap-sync.yml up
docker-compose -f gvmd-data-sync.yml upThen, you can run GVM services with a simple docker-compose up
command. The initialization process can take a few minutes for the
first time:
# in the gvm-containers directory
docker-compose upThe Greenbone Security Assistant gsad port is exposed on the
host’s port 8080. So you can access it from http://localhost:8080.
A helm chart for deploying the docker images on kubernetes is also available. To install GVM on a kubernetes cluster, first create a namespace and then install the helm chart:
kubectl create namespace gvm
helm install gvm \
https://github.com/admirito/gvm-containers/releases/download/chart-1.3.0/gvm-1.3.0.tgz \
--namespace gvm --set gvmd-db.postgresqlPassword="mypassword"By default a cron job with a @daily schedule will be created to
update the GVM feeds. You can also enable a helm post installation
hook to perform the feeds synchronization before the installation is
complete by adding --timeout 90m --set syncFeedsAfterInstall=true
arguments to the helm install command. Of course, this will slow
down the installation process considerably, although you can view the
feeds sync post installation progress by kubectl logs command:
NS=gvm
kubectl logs -n $NS -f $(kubectl get pod -n $NS -l job-name=gvm-feeds-sync -o custom-columns=:metadata.name --no-headers)Please note that feed.community.greenbone.net servers will only
allow only one feed sync per time so you should avoid running multiple
feed sync jobs, otherwise the source ip will be temporarily
blocked. So if you are enabling syncFeedsAfterInstall you have to
make sure the cron job will not be scheduled during the post
installation process.
For more information and see other options please read the chart/README.org.