OSP scanner that processes results from another scanner or task

Hello GVM crew,

I’m working on integrating a security solution with GVM that is going to augment discovered host details with specific metadata linked to CPEs detected by the “Product Detection” NVT family in that scan. For instance, if a plugin included in “Product Detection” family detect a camera and sets a CPE using “register_product” or “register_and_report_cpe”, then my scanner should be invoked with that CPE (or host details) of that product and report back some metadata related to the CPE. Therefore, this scanner would be accepting CPE string instead of a target hostname or IP address as it’s the case for the OSP scanners that I have seen so far. There is also the problem of running two scanners (GVM default scanner and this one) in the same scan session which I’m not sure is doable. Therefore, I’d like to know your opinion on the following scenarios:

1- Is it possible to chain multiple scanners in a single scan task from the GVM UI so that results from the first scanner could be fed into the second scanner by vgm itself instead of writing a scan “governor” script that launches scan_1 (with default gvm scanner), waits until completion of scan_1, then parses the results, get CPE from the host details of scan_1 (is there a gvm API for get CPE of discovered hosts in a given scan report?), then launch my osp scanner with those CPEs and create a second report

2- Writing a NVT plugin instead of an OSP scanner that has dependency on "product detection NVT family, so when it’s executed by gvm during the scan session it can look for specific KBs (is there a base KB or plugin function such as get_host_cpe?) and insert the additional metadata into the scan results.

Thank you in advance for your help

It is not possible to include two scanner into one report or task. You would have to write a single ospd based scanner that collects and provides the results.


Thanks very much. I presume this ospd scanner should be similar to the “internal CVE scanner” in the sense that it would be launched by the user after completion of scan_1 (a product discovery scan), then it will enumerate the discovered “host assets”, gets their CPE and performs the CPE lookup from the external metadata source. Please let me know if sounds like a correct approach to you.