Can OnenVAS scan within docker overlay host files?

When Nessus scans a host using credentials it has the ability to search through all files on the host and search within some files. Of interest is how it can scan within Docker overlay files. E.g. the files like:

  • /var/lib/docker/overlay2/4de822975f5d5440a4f3df2f32a4c7b78f3b3e0fa41415e91f11400c5195f6a3/merged
  • /var/lib/docker/overlay2/4de822975f5d5440a4f3df2f32a4c7b78f3b3e0fa41415e91f11400c5195f6a3/merged
  • /var/lib/docker/overlay2/4de822975f5d5440a4f3df2f32a4c7b78f3b3e0fa41415e91f11400c5195f6a3/work

And when Nessus finds and scans those files it’s able to identify the components within the associated docker images. I scanned a host that had running images with OpenVAS and it had root credentials, but sadly it seemed openVAS was not able to do this.

Greenbone Security Assistant: Version 21.4.3

There is currently no functionality / support included in GVM to scan docker images / overlays.

To be specific, it’s not an actual feature for Docker itself, rather that Nessus simply scans any archive files on a target host and scans within them. The Docker overlay files are just archive files as well. Can GVM scan within archive files on a target when it has working credentials?

No, there is currently no support to scan archive files during authenticated scans.