• gvm-containers ** Introduction This is the Git repo of the tools to deploy Greenbone Vulnerability Management with containers. It is based on the [[https://community.greenbone.net/c/gse][Greenbone Source Edition (GSE)]] open source project.

** Docker The source code of [[https://hub.docker.com/u/admirito][admirito]]'s unofficial docker images for Greenbone Vulnerability Management 22--which is based on [[https://launchpad.net/~mrazavi/+archive/ubuntu/gvm][admirito's GVM PPA]]--is hosted on this repo. It contains the source for the following docker images:

• [[https://hub.docker.com/r/admirito/gvmd][gvmd]]: Greenbone Vulnerability Manager
• [[https://hub.docker.com/r/admirito/openvas-scanner][openvas-scanner]]: OpenVAS remote network security scanner
• [[https://hub.docker.com/r/admirito/gsad][gsad]]: Greenbone Security Assistant
• [[https://hub.docker.com/r/admirito/gvm-postgres][gvm-postgres]]: PostgreSQL 14 Database with postgresql-14-gvm extension to be used by gvmd

To setup the GVM system with =docker-compose=, first clone the repo and issue =docker-compose up= commands to download and synchronize the data feeds required by the GVM:

+NAME: synchronize data feeds

+BEGIN_SRC shell

git clone https://github.com/admirito/gvm-containers.git

cd gvm-containers

docker-compose -f nvt-sync.yml up docker-compose -f cert-sync.yml up docker-compose -f scap-sync.yml up docker-compose -f gvmd-data-sync.yml up

+END_SRC

Then, you can run GVM services with a simple =docker-compose up= command. The initialization process can take a few minutes for the first time:

+NAME: run GVM with docker-compose

+BEGIN_SRC shell

in the gvm-containers directory

docker-compose up

docker images of a specific version can also be specified with

an environment variable (for more information take a look at the

.env file):

GVM_VERSION=22 docker-compose up

+END_SRC

The Greenbone Security Assistant =gsad= port is exposed on the host's port 8080. So you can access it from [[http://localhost:8080]].

** Helm Chart A helm chart for deploying the docker images on kubernetes is also available. To install GVM on a kubernetes cluster, first create a namespace and then install the helm chart:

+NAME: install on the kubernetes cluster

+BEGIN_SRC shell

kubectl create namespace gvm

helm install gvm \ https://github.com/admirito/gvm-containers/releases/download/chart-1.3.0/gvm-1.3.0.tgz \ --namespace gvm --set gvmd-db.postgresqlPassword="mypassword"

+END_SRC

By default a cron job with a =@daily= schedule will be created to update the GVM feeds. You can also enable a helm post installation hook to perform the feeds synchronization before the installation is complete by adding ~--timeout 90m --set syncFeedsAfterInstall=true~ arguments to the =helm install= command. Of course, this will slow down the installation process considerably, although you can view the feeds sync post installation progress by =kubectl logs= command:

+NAME: install on the kubernetes cluster

+BEGIN_SRC shell

NS=gvm

kubectl logs -n $NS -f $(kubectl get pod -n $NS -l job-name=gvm-feeds-sync -o custom-columns=:metadata.name --no-headers)

+END_SRC

Please note that =feed.community.greenbone.net= servers will only allow only one feed sync per time so you should avoid running multiple feed sync jobs, otherwise the source ip will be temporarily blocked. So if you are enabling =syncFeedsAfterInstall= you have to make sure the cron job will not be scheduled during the post installation process.

For more information and see other options please read the [[./chart/README.org][chart/README.org]].