I want to start CI/CD methodology where I run OpenVAS scan on my products automatically. I have some really basic questions I wanted to know in advance:
Is it possible to run a scan specifically on .zip/.tgz file? my last scan results showed me many vulnerabilities on the default OS packages which are not relevant for me. I would like to get vulnerability report for the additional packages which were installed with my SW… is it possible?
what is the best practice to run a scan via Jenkins job? is there any CLI support for OpenVAS ?
Appreciate any advise!