General Question for OpenVas

Hey All,

I want to start CI/CD methodology where I run OpenVAS scan on my products automatically. I have some really basic questions I wanted to know in advance:

  1. Is it possible to run a scan specifically on .zip/.tgz file? my last scan results showed me many vulnerabilities on the default OS packages which are not relevant for me. I would like to get vulnerability report for the additional packages which were installed with my SW… is it possible?

  2. what is the best practice to run a scan via Jenkins job? is there any CLI support for OpenVAS ?

Appreciate any advise!