How to gvm upgrade

Content on WhatAnswers is provided "as is" for informational purposes. While we strive for accuracy, we make no guarantees. Content is AI-assisted and should not be used as professional advice.

Last updated: April 4, 2026

Quick Answer: A GVM upgrade, often referring to a 'Greenbone Vulnerability Management' upgrade, involves updating the software and its vulnerability databases to ensure effective network security scanning. This process typically includes updating the Greenbone Community Edition (GCE) or Greenbone Enterprise Appliance software and ensuring the Network Vulnerability Tests (NVTs), SCAP data, and CERT-Bund data are current.

Key Facts

GVM upgrades ensure your vulnerability scanner has the latest threat intelligence.
The upgrade process usually involves updating the GVM software components and their data feeds.
Regularly updating GVM is crucial for accurate and effective vulnerability detection.
The frequency of GVM upgrades depends on the release cycle of new vulnerability data and software patches.
Key components to update include NVTs, SCAP data, and CERT-Bund data.

What is a GVM Upgrade?

A GVM upgrade, commonly associated with the Greenbone Vulnerability Management (GVM) system, is a critical process for maintaining the effectiveness of your network security posture. GVM is an open-source framework of services and tools that performs vulnerability scanning and management. Upgrading GVM ensures that the system is equipped with the latest security information, software patches, and features, enabling it to detect emerging threats and vulnerabilities accurately. Without regular upgrades, your GVM installation can become outdated, leading to missed vulnerabilities and an incomplete understanding of your network's security status.

Why are GVM Upgrades Important?

The landscape of cybersecurity is constantly evolving, with new vulnerabilities discovered daily and attackers developing new methods. GVM relies on a vast database of Network Vulnerability Tests (NVTs), SCAP data, and CERT-Bund advisories to identify these threats. When you perform a GVM upgrade, you are essentially updating this intelligence. This ensures that your scanner can recognize the latest exploits, misconfigurations, and weaknesses in your systems. An outdated scanner might fail to detect critical vulnerabilities, leaving your network exposed. Furthermore, GVM software itself receives updates that improve performance, fix bugs, and introduce new scanning capabilities or reporting features. Therefore, regular upgrades are not just recommended; they are essential for robust vulnerability management.

Components of a GVM Upgrade

A comprehensive GVM upgrade typically involves updating several key components:

Greenbone Vulnerability Management (GVM) Software: This refers to the core GVM applications, including the scanner (GVM Scanner, formerly OpenVAS Scanner), the manager (GVMd), and the web interface (GSA - Greenbone Security Assistant). Updates to these components often bring performance enhancements, bug fixes, and new functionalities.
Network Vulnerability Tests (NVTs): These are the actual detection scripts that GVM uses to identify vulnerabilities. The NVT feed is updated very frequently, often daily, as new vulnerabilities are discovered. Keeping the NVT feed current is paramount for detecting the latest threats.
SCAP Data: The Security Content Automation Protocol (SCAP) is a set of standards that automate the process of managing security and compliance. GVM uses SCAP data to check for compliance with security policies and standards.
CERT-Bund Data: CERT-Bund provides advisories and information about security vulnerabilities from the German Federal Office for Information Security. This feed complements the NVT feed with additional vulnerability information.

How to Perform a GVM Upgrade

The method for upgrading GVM can vary depending on how you initially installed it. Here are common scenarios:

For GVM Installed via Package Manager (e.g., apt, yum)

If you installed GVM using your Linux distribution's package manager (like apt on Debian/Ubuntu or yum/dnf on Fedora/CentOS/RHEL), the upgrade process is usually straightforward. You will typically update the GVM packages along with your system's regular updates.

Update Package Lists: Run the command to refresh your system's package repository information.
- For Debian/Ubuntu: sudo apt update
- For Fedora/CentOS/RHEL: sudo dnf update --refresh (or sudo yum update)
Upgrade GVM Packages: Install the available updates for GVM.
- For Debian/Ubuntu: sudo apt upgrade greenbone-vulnerability-manager (the package name might vary; check your distribution's specifics) or sudo apt dist-upgrade to upgrade all packages.
- For Fedora/CentOS/RHEL: sudo dnf upgrade (or sudo yum upgrade)
Update Feeds: After the software is updated, you must update the vulnerability data feeds. This is usually done through the GVM interface or via command-line tools like greenbone-nvt-sync, greenbone-feed-sync, or similar commands depending on your GVM version and setup. Many installations have automated feed updates configured.
Restart Services: It's often a good practice to restart the GVM services after an upgrade to ensure all changes take effect.
- Example commands (may vary): sudo systemctl restart gsad.service gvm.service ospd-openvas.service

For GVM Installed from Source or via Docker

If you compiled GVM from source or are using Docker containers, the upgrade process will be different.

From Source: You will typically need to download the latest source code, recompile the components, and reinstall them. This is a more complex process that requires careful attention to dependencies and configuration.
Docker: If you are using Docker, you will usually update the GVM image to the latest version and recreate your containers. Follow the specific instructions provided by the Docker image maintainer. This often involves pulling the new image (`docker pull greenbone/community-edition`) and restarting your container setup with the updated image.

Automating GVM Upgrades and Feed Synchronization

Manual upgrades can be time-consuming and prone to errors. Many GVM installations include mechanisms for automating feed synchronization. The Greenbone Security Assistant (GSA) web interface often has options to check for and initiate feed updates. Additionally, you can use cron jobs or systemd timers to schedule the execution of feed synchronization scripts (e.g., greenbone-feed-sync) regularly. Automating these updates ensures that your GVM is always running with the latest threat intelligence, providing continuous protection.

Troubleshooting Common Upgrade Issues

While upgrades are generally smooth, issues can arise:

Feed Synchronization Failures: Check network connectivity, firewall rules, and ensure that the synchronization scripts have the necessary permissions. Sometimes, specific feeds might be temporarily unavailable.
Service Startup Problems: Verify log files (e.g., `/var/log/gvm/`) for error messages. Ensure all components are installed correctly and that there are no conflicts with other services.
Outdated Components: If you only update the feeds but not the GVM software, you might encounter compatibility issues. Ensure you follow the recommended upgrade path for both software and feeds.

Always refer to the official Greenbone documentation for the most accurate and up-to-date instructions specific to your GVM version.