Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


About the QVM Engine for OpenVAS NVTs


The open source project OpenVAS provides about 50,000 individual Network Vulnerability Tests (NVTs) through their Community Feed. These NVTs are individual tests that can assess a vulnerability. The QVM Engine for OpenVAS NVTs provides the ability to run these tests as part of a QVM Scan.


The QVM Engine for OpenVAS NVTs installs a new scan policy called Full Scan Plus, separate from your existing scan policies. Because it contains more vulnerability tests, extra time is required to run the scans. Previously configured scans use the Opencast Nets in addition to the capabilities of JSA Vulnerability Manager.

The Full Scan Plus policy includes thousands of additional vulnerability tests provided by the OpenVAS project.

NVTs are updated nightly through existing automatic updates. No extra configuration is required.


The QVM Engine for OpenVAS NVTs requires JSA 7.3.1, Patch 3 or later with a JSA Vulnerability Manager license.

Installation requires Console access and automatic updates. See Adding the Full Scan Plus Scan Policy to JSA Vulnerability Manager.

Frequently asked questions

Does the QVM Engine for OpenVAS NVTs allow importing vulnerabilities into JSA Vulnerability Manager from a stand-alone OpenVAS deployment?

No. This plugin enables QVM to run OpenVAS Network Vulnerability Tests as part of QVM scans, but it is not designed to provide integration with a separately provided instance of OpenVAS.

Does the Full Scan Plus policy run only OpenVAS NVTs?

No. The Full Scan Plus Policy uses a combination of QVM scanning tests with the NVTs for maximum coverage.