Add explanation about offered tests of OpenVAS

Heiko Kiesel · Heiko Kiesel · commit ee9e2b2a882f · 2023-09-14T13:25:39.000+02:00
Signed-off-by: Heiko Kiesel &lt;heiko.kiesel@iteratec.com&gt;
diff --git a/documentation/docs/architecture/09_architecture_decisions/adr_0019.md b/documentation/docs/architecture/09_architecture_decisions/adr_0019.md
@@ -20,6 +20,8 @@ In the past, there were multiple requests for an OpenVAS integration (e.g., [#16
 
 The scanner uses the NASL Attack Scripting Language to implement vulnerability tests. These tests are fetched periodically from the free Greenbone Community Feed or the paid Greenbone Enterprise Feed. These feeds combine Network Vulnerability Tests, CVEs, CPEs, CERT-Bund-Advisories, and DFN-CERT-Advisories.
 
+The offered vulnerability tests offer another type of scans compared to secureCodeBox. They seem to be more focussed on particular CVE's, outdated service versions and advisories. Moreover, some vulnerabilities, for example SSH weaknesses, are already covered in our offered scanneres, e.g., ssh_scan and ssh-audit. The question arises as to whether the tests offered by OpenVAS are already covered by secureCodeBox.
+
 The scanners and their corresponding parsers in secureCodeBox are implemented with Docker containers. We either dockerized them ourselves or used provided ones. Greenbone also provides a dockerized version of their OpenVAS scanner in a [Docker Compose file].
 
 Technically, one can communicate to parts of OpenVAS with two protocols. The Open Scanner Protocol is provided by `ospd-openvas`. With that, it is possible to start scans, get Vulnerability Tests information and receive scan results. The Greenbone Management Protocol allows to communicate with the core OpenVAS Greenbone Security Assistant. With it, one can create, read, update and delete scans and vulnerability information. These two protocols are available in the official [python-gvm] package.
