OpenVAS
Vulnerability scanner software
DevSecOps software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if OpenVAS and its alternatives fit your requirements.
€2,524.00 per year
Free TrialFree version
Small
Medium
Large
- Public sector and nonprofit organizations
- Energy and utilities
- Agriculture, fishing, and forestry
What is OpenVAS
OpenVAS is an open-source vulnerability scanning engine used to identify known security issues across networked hosts and services. Security teams and IT administrators use it for routine vulnerability assessments, asset scanning, and compliance-oriented checks in on-premises and lab environments. It is commonly deployed as part of the Greenbone Vulnerability Management (GVM) stack, which includes a manager, scanner, and web UI components. The project emphasizes extensibility through a large feed of network vulnerability tests (NVTs) and supports authenticated and unauthenticated scanning workflows.
Open-source scanning engine
OpenVAS is available as open source and can be self-hosted, which supports use cases where organizations need local control over scanners and data. It fits environments that prefer transparent components and the ability to inspect or modify behavior. This can be useful for internal security teams building custom assessment workflows.
Broad network vulnerability coverage
The scanner uses a large set of network vulnerability tests to detect known issues across common services and operating systems. It supports both unauthenticated discovery and authenticated checks (when credentials are provided), which can improve finding accuracy for certain classes of vulnerabilities. It is suited to periodic infrastructure scanning and baseline hygiene programs.
Integrates within GVM stack
OpenVAS is typically operated with the GVM components (e.g., manager and web interface), enabling scheduling, reporting, and results management. This provides a complete workflow for running scans, tracking findings, and exporting reports. It can be integrated into internal processes via APIs and automation around scan execution and result retrieval.
Operational complexity to maintain
Running OpenVAS in production generally requires managing multiple components (scanner, manager, feeds, database, and UI) and keeping them compatible. Feed updates and version alignment can introduce maintenance overhead compared with fully managed platforms. Organizations often need dedicated operational ownership to keep scanning reliable.
Limited DevSecOps-native features
OpenVAS primarily targets network and host vulnerability assessment rather than developer-centric workflows. It does not natively provide the same depth of CI/CD integrations, policy-as-code controls, or developer remediation workflows commonly expected in DevSecOps toolchains. Teams may need additional tooling to cover code, dependencies, containers, and cloud posture in a unified pipeline.
Tuning required for accuracy
Like many network scanners, OpenVAS can produce false positives or noisy results depending on environment configuration and scan profiles. Achieving consistent signal often requires credential management, safe-check settings, and careful scheduling to avoid performance impact. Mature programs typically invest time in baselining, exception handling, and validation processes.
Plan & Pricing
| Plan | Price | Key features & notes |
|---|---|---|
| OPENVAS FREE | Completely free (permanent) | Community edition (Greenbone Community Edition). Uses OPENVAS COMMUNITY FEED, limited enterprise features, no commercial support by default; intended for testing and evaluation. |
| OPENVAS BASIC | €2,524.00 per year (annual license) | Entry-level paid offering for small companies; annual subscription; described as an appliance/license with basic enterprise features; 14-day free trial available. |
| OPENVAS SCAN | Price on request / Contact sales | Enterprise-grade appliance/virtual/cloud solutions with full features, enterprise feed and support; pricing is customized and requires contacting Greenbone/sales. |
Seller details
Greenbone Networks GmbH
Osnabrück, Germany
2006
Private
https://www.openvas.org/
https://x.com/OpenVAS
https://www.linkedin.com/company/greenbone-networks
