Legacy (Non-Notus) NVT deprecation

Hi, I’ve just been reading about the new Notus scanner for reporting vulnerable software versions. My understanding is that the new feed pulls down definitions for Notus instead of the old NVTs. Are the NVTs still being updated to detect vulnerable software versions or do I need to upgrade to a newer version that includes Notus to get those updates?


currently for older versions of our software stack (< 22.4) we still provide .nasl scripts for a similar detection. But older versions than 22.4 are already end of life and it may be possible we stop providing updates for the corresponding feeds in future.


Thanks for the response. Can you give any further guidance on how long we might expect to be able to use the legacy feed? Will there be an announcement when the updates are no longer provided?

Yes or course there will be an announcement.

You will still be able to use the feed but it wont get any further updates for new vulnerabilities. Furthermore all our products and community releases using the old feeds are already end of life and you should upgrade instantly.

If you aren’t able to upgrade I am curious to read the reasons for that.

There’s no reason why we can’t upgrade, just wanted to get an idea of the timeline so we can prioritise the upgrade work. Thanks for all your help.

1 Like