I’m trying to install openvas but still ends up with empty CVE and CPE datatabes (NVT, CERT and DFN are fine).
I was trying container way (Greenbone Community Containers - Greenbone Community Documentation) and Kali OS ( Kali Linux Install Guide - Greenbone Community Documentation ).
In both way I ended up with error in gvmd log:
abort_scap_update: Updating SCAP data aborted
and empty CPE and CVE menu.
Any idea how to fit it?
Greetings, I have the same issue. In my case, I am implementing GVM using the docker-compose setup from the official documentation. I have even run the greenbone-feed-sync command and nothing changes — it executes correctly, but the CVE and CPE databases remain empty.
I manually connected to the SCAP schema in the database container and ran a SELECT on the scap.cves table, and it is empty even though the feed sync reports that everything completed successfully.
Hi, this is most likely caused by insufficient free disk space or memory. The initial loading of the SCAP data requires a lot of disk space and may consume several GB of memory. Please check your memory and available disk space for docker volumes (with a standard setup the volumes are in /var/lib/docker).
You should not be required to do that at all. The standard setup should be provide all required data. Did you check the logs?
Host 32Gb or RAM and more than 50Gb free disk space so it’s rather not that issue.
Could you check the gvmd log for additional information? There should be info and warning messages about what’s going on before aborting the update.
Not sure about Docker but the Kali packages might need some updates by the Kali package team to include the PR below which seems to have been required to support some recent changes in the CPE data of the NVD API:
There is only one error in log file:
abort_scap_update: Updating SCAP data aborted
Still valid. Maybe you can paste the whole log.
openvas:~/greenbone-community-container$ docker compose exec -u 1001 gvmd gvmd --rebuild-scap
md main:MESSAGE:2025-11-21 22h18.41 utc:9618: Greenbone Vulnerability Manager version 26.9.0 (DB revision 262)
md manage: INFO:2025-11-21 22h18.41 utc:9618: Rebuilding SCAP data
md manage:WARNING:2025-11-21 22h19.04 utc:9618: update_scap: Full rebuild requested, resetting SCAP db
md manage: INFO:2025-11-21 22h19.05 utc:9618: update_scap: Updating data from feed
md manage: INFO:2025-11-21 22h19.05 utc:9618: Updating CPEs
md manage: INFO:2025-11-21 22h19.05 utc:9618: Updating /var/lib/gvm/scap-data/nvd-cpes.json.gz
md manage:WARNING:2025-11-21 22h20.24 utc:9618: handle_json_cpe_item: 'deprecatedBy' array is empty
md manage: INFO:2025-11-21 22h20.27 utc:9618: Updating Max CVSS for DFN-CERT
md manage: INFO:2025-11-21 22h20.32 utc:9618: Updating DFN-CERT CVSS max succeeded.
md manage: INFO:2025-11-21 22h20.32 utc:9618: Updating Max CVSS for CERT-Bund
md manage: INFO:2025-11-21 22h20.35 utc:9618: Updating CERT-Bund CVSS max succeeded.
md manage: INFO:2025-11-21 22h20.35 utc:9618: abort_scap_update: Updating SCAP data aborted
See No SCAP (CVE and CPE) data on fresh install - #7 by cfi
Should be fixed in a newer version of the gvmd container image.
When should I expect these new version of container?
It’s already included in Release gvmd 26.10.0 · greenbone/gvmd · GitHub and therefore provided by the current gvmd:stable/gvmd:latest image.
It’s working indeed. I’ve made a fresh install from containers and now it’s working.
i have this issue on kali also. Anyone able to get this working?
Kali needs to apply the change from No SCAP (CVE and CPE) data on fresh install - #7 by cfi. That means they need to update gvmd to version >= 26.10.0. I don’t have a clue which version they provide currently.
Hello,
please get in touch with the Kali package team via https://bugs.kali.org and ask for an update of the relevant software components like outlined previously.