GREENBONE GOS 25.0.4 – THE NEW GENERATION OF OPENVAS SCAN

New Greenbone OpenVAS functionalities – container vulnerabilities and agent scanning.

 

In April 2026, Greenbone released Greenbone OS 25.0.4 for the OPENVAS SCAN platform. Release 25.x is important not only as another system update, but also as part of a broader shift in Greenbone's portfolio: from classic vulnerability scanning toward more comprehensive management of vulnerabilities, resources, and new types of environments, such as containers and agent-based systems.

 

What is OPENVAS SCAN?

 

OPENVAS SCAN is a dedicated appliance solution for vulnerability scanning and management, available in various configurations. Greenbone offers both virtual appliances and hardware appliances, including models designed for companies of all sizes and distributed environments.

In practice, OPENVAS SCAN enables:

  • performing vulnerability scans of systems, services and network devices,
  • conducting simple and authenticated scans using local security controls,
  • managing scanning tasks and schedules,
  • generating reports and analyzing results,
  • management of resources and information about vulnerabilities, including the ability to create tickets related to vulnerabilities in order to mitigate them.
  • work in distributed architectures, including the master-sensor model.

 

Why is GOS 25 a significant change?

 

The official Greenbone documentation indicates that GOS 25.0 is functionally different from earlier versions to such an extent that its documentation should not be used for older GOS releases. Greenbone also emphasizes that after upgrading to GOS 25.0, you must perform a feed update to take advantage of the new features, and that the first feed update after switching to GOS 25.0 may require more time and resources than usual. 

GOS 25 also brought significant product changes. Greenbone describes the addition of a new appliance model, the OPENVAS SCAN VIRTUAL, which is required to utilize the new functionalities. It's also worth noting that, as of March 1, 2026, a new licensing model is in effect, based on the number of analyzed assets, rather than the previous device performance limits. Companies with subscriptions purchased before March 1, 2026, can use them under the existing model or switch to the asset-based model.

 

Container scanning

 

One of the most important new features described in the GOS 25 documentation is container image scanning. This is a response to the changing way applications are built: production environments increasingly use containers, and traditional network scanning does not always provide a complete picture of the risks at the package layer and dependencies within the image.

READ ALSO  FROM NOW ON, N-DAY VULNERABILITY BECOME N-HOUR VULNERABILITY - ANTHROPIC REPORT "MEASURING LLMs' IMPACT ON N-DAY EXPLOITS""

According to the documentation, OPENVAS SCAN can create container image scan jobs that cover a single image, multiple images, or an entire registry. During a scan, images are loaded from one or more registries, the packages used are identified, and then vulnerabilities are checked. The results are then reported in a scan report.

It's also worth noting some limitations. The documentation indicates that container image scanning is available for select appliance models and doesn't support all system distributions in images, such as Alpine Linux.

For organizations using DevOps, CI/CD, or container image registries, this is an important development. It allows vulnerability management to be moved closer to the application development and maintenance process.

 

Agent Scanning

 

The second major new feature is agent-based scanning. It's important to be specific: the GOS 25.0.4 documentation describes this feature, but also marks it as a technical preview. Before use, it must be enabled by the Greenbone Professional Services team.

Agent-based scanning eliminates the need to configure credentials on the appliance to perform authenticated scans. Additionally, it enables analysis of systems to which the actual scanning appliance doesn't have a direct network route. Agents connect to the agent controller on port 8443, which should be considered when configuring firewalls and proxies. 

The documentation lists support for the following target systems:

  • Debian, Ubuntu, Red Hat Enterprise Linux, Rocky Linux, Fedora and openSUSE,
  • Microsoft Windows 10/11,
  • Microsoft Windows Server 2016 and later.

The Agent Controller is the appliance itself. The documentation describes the Agent Controller configuration, agent installation on the target system, creating agent groups, creating agent tasks, and running them.

This is a significant shift in Greenbone's operational philosophy. Historically, Greenbone OpenVAS has been associated primarily with network scanning and authenticated scanning. Agent-based features pave the way for better support for mobile, distributed, and network-inaccessible resources. Currently, due to its technical preview status, this feature should be considered a development direction and design option, not a mature equivalent of the long-standing agents known from Tenable or Qualys.h platforms.

READ ALSO  RUBLON - CENTRALLY MANAGED MULTI-FACTOR AUTHENTICATION (MFA) FOR YOUR ENTIRE IT INFRASTRUCTURE

 

What's improved in GOS 25.0.4?

 

The GOS 25.0.4 release is a stabilization release. Greenbone said it includes a total of two improvements, two bug fixes, and two security patches.

The official Roadmap and Lifecycle page for this version lists, among others:

  • updating the gvm-tools package to version 25.4.9 and the python-gvm library to version 26.11.1,
  • Updated built-in appliance documentation to the April 2, 2026 version.,
  • Fixed a bug that caused special characters to be displayed incorrectly in notifications and web interface dialog titles.,
  • Fixed a bug in comparing RPM package versions in the vulnerability scan area.

For administrators, this latest fix is particularly important. In RPM-based environments like RHEL, Rocky Linux, or Fedora, correct package version comparisons directly impact the quality of authenticated scan results and package analysis.

 

Distributed architecture and master-sensor

 

OPENVAS SCAN continues to expand on Greenbone's classic strength: working in distributed environments. Selected models can control other devices as sensors or act as remote scanners controlled by other devices. This includes models for larger and mid-sized organizations and selected virtual appliances. 

This model is particularly relevant for organizations with multiple locations, network segmentation, security zones, OT environments, or on-premise requirements.

 

For whom are GOS 25.0.4 and OPENVAS SCAN particularly interesting?

 

The new version of the platform is particularly interesting for organizations that want to manage vulnerabilities locally and maintain control over their data. This applies primarily to:

  • public sector,
  • organizations covered by NIS2 requirements,
  • industry and OT environments,
  • companies with isolated or air-gap environments,
  • IT and security teams looking for a European alternative to vulnerability management solutions.

 

Summary

 

GOS 25.0.4 isn't a revolution in itself, but it's an important step in stabilizing the next generation of OPENVAS SCAN. The broader context of version 25 is most significant: a new product model, readiness for per-asset licensing, container scanning, and the arrival of agent features in technical preview mode.

Greenbone is consistently evolving OPENVAS SCAN from a classic vulnerability scanner into a more comprehensive vulnerability management and exposure analysis platform. Many organizations will appreciate the fact that it remains firmly rooted in an on-premises model, with the ability to operate in distributed and customer-controlled environments.

READ ALSO  SENECA'S CLIFF, THE LIMITS OF DEVELOPMENT, POLISH AI AND POLISH DIGITAL SOVEREIGNTY

 

What's next?

 

If you want to check which vulnerabilities exist in your infrastructure and how to plan their mitigation, UpGreat can help with auditing, vulnerability scanning, and implementing a vulnerability management process based on OpenVAS Enterprise.

Please contact us – make an appointment, call us, write an email to the address biuro@upgreat.com.pl or fill out the form.After the conversation, we will prepare a proposal for you.

We invite!

 

Source materials

 

  1. Greenbone Community Forum, “Greenbone OS 25.0.4 released”, 27/04/2026: https://forum.greenbone.net/t/greenbone-os-25-0-4-released/22267
  2. Greenbone, “Roadmap and Lifecycle”, GOS section 25.0.4: https://www.greenbone.net/en/roadmap-lifecycle/
  3. Greenbone Documentation, “OPENVAS SCAN – Overview”, GOS 25.0.4: https://docs.greenbone.net/GSM-Manual/gos-25.0/en/appliance-overview.html
  4. Greenbone Documentation, “OPENVAS SCAN with GOS 25.0 – User Manual”, notes on version differences and feed updates: https://docs.greenbone.net/GSM-Manual/gos-25.0/en/
  5. Greenbone Documentation, “Upgrading OPENVAS SCAN to the Latest Major Version”, section 5.5: https://docs.greenbone.net/GSM-Manual/gos-25.0/en/upgrading-gos.html
  6. Greenbone Documentation, “Configuring a Simple Container Image Scan Manually”, section 9.3: https://docs.greenbone.net/GSM-Manual/gos-25.0/en/scanning.html#configuring-a-simple-container-image-scan-manually
  7. Greenbone Documentation, “Configuring an Agent-Based Scan”, section 9.5: https://docs.greenbone.net/GSM-Manual/gos-25.0/en/scanning.html#configuring-an-agent-based-scan
  8. Greenbone Documentation, “Setting up an Agent Controller / Agent”, section 9.5.1–9.5.2: https://docs.greenbone.net/GSM-Manual/gos-25.0/en/scanning.html#setting-up-an-agent-controller