Does the “Full and Fast” Scan in OpenVAS Include compliance audit?

Hello ,
My task needs compliance audit , but I’m not sure the “Full and Fast” Scan in openvas include compliance audit .
I’ve looked through the official documentation and other online resources but haven’t found a definitive answer. I’d appreciate any insights or clarifications from the community on this matter.
Thank you in advance for your assistance!

No there are separate Tasks for Compiance Audits. Full & Fast is designed to find vulnerabilities as fast and as complete as possible.

Please check what feed you are using the GCF does have only a few compliance policies included like: German Policy IT-Grundschutz .

I find that nvts has “Compliance” and “Policy” family . can they be used for compliance audit ? I can’t find compliance audit task in openvas 7.

:scream: how on earth did you even get that installed? That’s a version from the stone age!

1 Like

Ah I guess you mean openvas-scanner 7 but that’s still medieval times. Please upgrade to a current version.

1 Like

I use a docker container for openvas, and in the container , I run “omp -u admin - w admin --xml=‘<get_version/>’”.
Then it return : <get_version_response status_text=“OK” status=“200”>7.0</get_version_response>

and in the GSA , I can’t find compliance audit and policy. But in the NVTS, I found “Compliance” and “Policy” family , Full and fast may include the “Compliance” and “Policy” family. I’m not sure that they can be used for compliance audit.

This seems to be from OpenVAS 9 releases which are also completely outdated and already end of life since many years:

FAQ: Which release contains which component?

It is not guaranteed that the current feed is even compatible with this aged version.

Please drop these outdated containers (it might worth to contact the publisher to mark them as deprecated) and use one of the current supported install methods listed here:

1 Like

Thank you very much.
But I still have the question that “Compliance” and “Policy” nvts family . whether can be used for compliance audit with the GVM22.4 .
In another word, I need to know that whether gvm can ckeck compliance with the scanner config which include “Compliance” and “Policy” nvts family.

This has been already answered previously:

While the “Compliance” and “Policy” families are showing up on a scan config like “Full and Fast” (this has historical reasons) a compliance check / scan needs to be configured / used separately as documented here:

1 Like