OpenVAS
OpenVAS
OpenVAS is a tool for identifying security vulnerabilities in networked systems. It includes a regularly updated feed of Network Vulnerability Tests (NVTs) to detect potential security issues.
OpenVAS is a tool for identifying security vulnerabilities in networked systems. It includes a regularly updated feed of Network Vulnerability Tests (NVTs) to detect potential security issues.
Cost considerations
Functionality
Compatibility
User experience
Customer support
Why these ratings?
Cyberse perspective
Solution details
Product features
Risk scoring
Vulnerability scoring
Subcategory
Attack Surface Management
Pricing
Free trial available
Key features
Open-source or third-party tools
Services support
In-house services
Managed services
Deployment
On-premises
Integrations
Network security
Target industry
Technology
Public sector
Industrials
Healthcare
Retail
Manufacturing
Financial services
Cloud ecosystem partners
NULL
Scanning coverage
Network scanning
Host scanning
We use the following criteria to evaluate this product:
Cost considerations
OpenVAS is open-source, so there are no license fees and users can run unlimited scans, paying only for an optional commercial feed or support. Competing vulnerability scanners usually bill per asset or per scan, so overall spend rises faster as environments grow. The low entry cost and predictable optional fees give most security teams a favorable cost-to-value balance.
Cost considerations
OpenVAS is open-source, so there are no license fees and users can run unlimited scans, paying only for an optional commercial feed or support. Competing vulnerability scanners usually bill per asset or per scan, so overall spend rises faster as environments grow. The low entry cost and predictable optional fees give most security teams a favorable cost-to-value balance.
Functionality
OpenVAS performs scheduled credentialed scans and scores findings with CVSS, giving a clear snapshot of on-premise vulnerabilities. Native coverage for cloud or container assets is limited and there is no built-in ticketing or risk-based prioritization, so remediation tracking relies on external tools.
Functionality
OpenVAS performs scheduled credentialed scans and scores findings with CVSS, giving a clear snapshot of on-premise vulnerabilities. Native coverage for cloud or container assets is limited and there is no built-in ticketing or risk-based prioritization, so remediation tracking relies on external tools.
Compatibility
OpenVAS is a network-centric scanner with no agents and no out-of-the-box hooks for AWS, Azure, or common SIEMs. Teams usually rely on CSV/XML exports or custom API scripts to push findings into CMDB or ticketing tools. This extra work puts its integration reach below that of full-feature commercial suites.
Compatibility
OpenVAS is a network-centric scanner with no agents and no out-of-the-box hooks for AWS, Azure, or common SIEMs. Teams usually rely on CSV/XML exports or custom API scripts to push findings into CMDB or ticketing tools. This extra work puts its integration reach below that of full-feature commercial suites.
User experience
The web console is serviceable but dated, so new users need some orientation to locate key risk views. Generating clear reports often requires exporting and tweaking data outside the console. Navigation is slower than in most commercial scanners, yet routine tasks become manageable after modest training.
User experience
The web console is serviceable but dated, so new users need some orientation to locate key risk views. Generating clear reports often requires exporting and tweaking data outside the console. Navigation is slower than in most commercial scanners, yet routine tasks become manageable after modest training.
Customer support
OpenVAS mainly offers community forums and volunteer help with no guaranteed response times, and formal assistance is only available through a separate Greenbone subscription, so business users get limited official guidance even though the free vulnerability feed is updated daily.
Customer support
OpenVAS mainly offers community forums and volunteer help with no guaranteed response times, and formal assistance is only available through a separate Greenbone subscription, so business users get limited official guidance even though the free vulnerability feed is updated daily.