New Greenbone pricing from March 1, 2026: simpler licensing and richer OpenVAS Enterprise versions

Effective March 1, 2026, Greenbone is implementing a new asset-based licensing model. This is a significant change for companies seeking process-based vulnerability management with predictable costs and easy scalability. In this article, we explain exactly what's changing, what the benefits are, and why OpenVAS Enterprise differs significantly from OpenVAS Community in everyday use.

What changes from March 1, 2026?

The new licensing model ties the cost directly to what is actually scanned. The basis for billing is the number of assets scanned in a given period.

• Per-asset, per-year licensing – you pay for the number of systems you actually scan. It's worth noting that 90 days after the last scan, the "asset" is removed from the asset database and the license can be reused to scan another asset.
• The rate is degressive – as scale increases, the average cost per asset decreases.
• Virtual appliances can be scaled by architecture (VM resources), not by licensing constraints. Virtual appliances are free.

Why is this change beneficial to the organization?

In practice, the new pricing and per-asset approach simplify vulnerability management planning and implementation:

• Easier budgeting: Cost increases proportionally to the attack surface scanned, not the „device model.”.
• Faster purchasing decisions: licensing thresholds are clear and pricing starts with inventory counting.
• Better scalability over time: you can start with a PoC on a selected scope and then seamlessly expand the number of assets.
• Consistency with process: Vulnerability management is a cyclical activity, not a one-time project.

OpenVAS Enterprise: What do you get "in production"?

OpenVAS Enterprise is designed for continuous vulnerability management in organizations where test quality, operational stability, reporting, and vendor support are key.

• OPENVAS Enterprise Feed – a commercial feed of vulnerability tests and additional enterprise content.
• Daily feed updates and quick response to new vulnerabilities (zero-day).
• Extensive reporting and the ability to standardize reports for IT and the Management Board.
• Compliance features – useful for audits and requirements verification.
• Integrations and automation (e.g. via API) – easier inclusion of results in ticketing processes.
• Manufacturer support in the enterprise model (SLA within the existing packages).

OpenVAS Community vs OpenVAS Enterprise: What differences are immediately visible?

The Community edition can be a good starting point for familiarizing yourself with the tool, but in a corporate environment, the need to upgrade to the Enterprise edition usually arises quickly. Below, you can see the differences in vulnerability scans between the Community and Enterprise editions.

What are typical experiences with the OpenVAS Community?

• Limitations in coverage and "depth" of testing compared to Enterprise content.
• More manual work on the team side (maintenance, prioritization, report customization).
• Lack of manufacturer support and predictable problem escalation path.

What does the Enterprise version change?

The OpenVAS Enterprise version offers advanced functionalities to support administrators in system security and reporting.

• Broader and more up-to-date test content (Enterprise Feed) and better update predictability.
• Tracking changes in the IT system.
• „Production” features and elements: reporting, compliance, integrations, scaling and support.
• Easier transition from „scan” to process: detect → assess → prioritize → fix → verify.

What is the difference between OPENVAS SCAN and OPENVAS SECURITY INTELLIGENCE?

The table below shows the functional differences between the Greenbone OpenVAS versions.

What are the prices for OPENVAS SCAN and OPENVAS SECURITY INTELLIGENCE (annual license, EUR per net asset)?

Below we present the price thresholds for OPENVAS SCAN in the per asset per year model (manufacturer's price list, catalog values in EUR).

How to calculate the cost (example 4,000 assets)?

For 4,000 assets, the price is calculated on a threshold basis (degressively) – some assets fall into subsequent thresholds, and the total cost is EUR 58,615 per year for OPENVAS SCAN.

When does it make sense to use hardware appliances and what are the list costs?

OPENVAS SCAN can be deployed as a virtual appliance or as a hardware appliance. Hardware makes sense when you want a dedicated platform, ease of maintenance, or pre-defined parameters for a specific environment.

The RMA package is a hardware maintenance service (including device replacement in the event of a failure) and – according to the manufacturer’s rules – should be ordered immediately for the selected license period.

Migration: what about existing contracts?

The rules for switching to the new model are simple:

• Switching to the new model is mandatory from March 1, 2026 for new purchases.
• Existing contracts continue until the end under the current terms.
• Migration occurs at the end of the contract, when the subscription is extended, or when new features are launched.
• Paid subscriptions are billed pro rata (unused portion is credited).

Conversation, trial, PoC or how to get started with UpGreat?

The best results are achieved by quickly starting with a limited scope and then transitioning to a vulnerability management process. A typical, secure implementation scenario looks like this:

• Short online meeting (30–45 minutes): number of assets, network segments, requirements and expected reports.
• Trial or PoC: scanning of a selected area (e.g. 1-2 network segments) and verification of the quality of the results and priorities.
• Full implementation: cyclical scans, integrations, prioritization rules and reporting for IT and management.

If you would like to learn more and discuss how to choose the right license option and implementation architecture for your organization, please contact us – make an appointment, call us, write an email to the address biuro@upgreat.com.pl or fill out the form.After the conversation, we will prepare a Proof of Concept (PoC) proposal and a target implementation plan.

We invite!