From 877f1e30272e6d51f798ad8c6a56686cbc0a2241 Mon Sep 17 00:00:00 2001
From: Heiko Kiesel <heiko.kiesel@iteratec.com>
Date: Thu, 14 Sep 2023 13:21:39 +0200
Subject: [PATCH 1/2] Add architecture decision for OpenVAS

Signed-off-by: Heiko Kiesel <heiko.kiesel@iteratec.com>
---
 .../09_architecture_decisions/adr_0019.md     | 55 +++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100644 documentation/docs/architecture/09_architecture_decisions/adr_0019.md

diff --git a/documentation/docs/architecture/09_architecture_decisions/adr_0019.md b/documentation/docs/architecture/09_architecture_decisions/adr_0019.md
new file mode 100644
index 0000000000..7121de0faf
--- /dev/null
+++ b/documentation/docs/architecture/09_architecture_decisions/adr_0019.md
@@ -0,0 +1,55 @@
+---
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
+title: "ADR-0019: OpenVAS Integration"
+sidebar_label: "ADR-0019"
+---
+# ADR-0019: OpenVAS Integration
+
+| <!-- -->       | <!-- -->                                           |
+|----------------|----------------------------------------------------|
+| **Status**:    | DRAFT                                           |
+| **Date**:      | 2023-09-14                                         |
+| **Author(s)**: | Heiko Kiesel <heiko.kiesel@iteratec.com> |
+
+## Context
+
+In the past, there were multiple requests for an OpenVAS integration (e.g., [#1642]). OpenVAS is an all-in-one solution, consisting of a scanner, database, frontend dashboard, and so on. Its architecture is shown in detail on their [OpenVAS architecture] page.
+
+The scanner uses the NASL Attack Scripting Language to implement vulnerability tests. These tests are fetched periodically from the free Greenbone Community Feed or the paid Greenbone Enterprise Feed. These feeds combine Network Vulnerability Tests, CVEs, CPEs, CERT-Bund-Advisories, and DFN-CERT-Advisories.
+
+The scanners and their corresponding parsers in secureCodeBox are implemented with Docker containers. We either dockerized them ourselves or used provided ones. Greenbone also provides a dockerized version of their OpenVAS scanner in a [Docker Compose file].
+
+Technically, one can communicate to parts of OpenVAS with two protocols. The Open Scanner Protocol is provided by `ospd-openvas`. With that, it is possible to start scans, get Vulnerability Tests information and receive scan results. The Greenbone Management Protocol allows to communicate with the core OpenVAS Greenbone Security Assistant. With it, one can create, read, update and delete scans and vulnerability information. These two protocols are available in the official [python-gvm] package.
+
+Furthermore, OpenVAS offers another type of scans (vulnerability tests). They seem to be more focussed on particular CVE's, outdated service versions and advisories. Moreover, some vulnerabilities, for example SSH weaknesses, are already covered in our offered scanneres, e.g., ssh_scan and ssh-audit.
+
+
+### Problem
+
+Due to OpenVAS being an all-in-one solution, the Docker Compose file consists of 16! containers. As we only need support for the Open Scanner Protocol, we tried to isolate the `ospd-openvas` container - the core scanner component. However, it seems like that it is only possible to reave out the container serving the frontend. It is not possible to isolate the scanner. Thus, we need to include the whole OpenVAS setup. For more information see my question regarding a [Minimal OpenVAS Docker setup].
+
+In contrast, secureCodeBox integrates more than 20 independent scanning tools. Each scanning tool is available as a docker container (and the corresponding parsing container). Unlike OpenVAS, only two containers (the operator and MinIO) must be running all the time. The other containers are created and stopped on runtime.
+
+TODO: do we even need it?
+
+### Solutions
+
+TODO
+
+## Decision
+
+TODO
+
+## Consequences
+
+TODO
+
+[#1642]: https://github.com/secureCodeBox/secureCodeBox/issues/1642
+[OpenVAS architecture]: https://greenbone.github.io/docs/latest/background.html
+[Docker Compose file]: https://greenbone.github.io/docs/latest/22.4/container/index.html#docker-compose-file
+[Minimal OpenVAS Docker setup]: https://forum.greenbone.net/t/minimal-docker-setup-with-python-gvm-osp-api/15630
+[python-gvm]: https://python-gvm.readthedocs.io/en/latest/usage.html
+[Persistence Hook]: https://www.securecodebox.io/docs/hooks/defectdojo
\ No newline at end of file

From 507c21d32df5170399ad62240f4f0424f1da37de Mon Sep 17 00:00:00 2001
From: Heiko Kiesel <heiko.kiesel@iteratec.com>
Date: Thu, 14 Sep 2023 13:25:39 +0200
Subject: [PATCH 2/2] Add explanation about offered tests of OpenVAS

Signed-off-by: Heiko Kiesel <heiko.kiesel@iteratec.com>
---
 .../docs/architecture/09_architecture_decisions/adr_0019.md     | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/documentation/docs/architecture/09_architecture_decisions/adr_0019.md b/documentation/docs/architecture/09_architecture_decisions/adr_0019.md
index 7121de0faf..34189f2ca6 100644
--- a/documentation/docs/architecture/09_architecture_decisions/adr_0019.md
+++ b/documentation/docs/architecture/09_architecture_decisions/adr_0019.md
@@ -20,6 +20,8 @@ In the past, there were multiple requests for an OpenVAS integration (e.g., [#16
 
 The scanner uses the NASL Attack Scripting Language to implement vulnerability tests. These tests are fetched periodically from the free Greenbone Community Feed or the paid Greenbone Enterprise Feed. These feeds combine Network Vulnerability Tests, CVEs, CPEs, CERT-Bund-Advisories, and DFN-CERT-Advisories.
 
+The offered vulnerability tests offer another type of scans compared to secureCodeBox. They seem to be more focussed on particular CVE's, outdated service versions and advisories. Moreover, some vulnerabilities, for example SSH weaknesses, are already covered in our offered scanneres, e.g., ssh_scan and ssh-audit. The question arises as to whether the tests offered by OpenVAS are already covered by secureCodeBox.
+
 The scanners and their corresponding parsers in secureCodeBox are implemented with Docker containers. We either dockerized them ourselves or used provided ones. Greenbone also provides a dockerized version of their OpenVAS scanner in a [Docker Compose file].
 
 Technically, one can communicate to parts of OpenVAS with two protocols. The Open Scanner Protocol is provided by `ospd-openvas`. With that, it is possible to start scans, get Vulnerability Tests information and receive scan results. The Greenbone Management Protocol allows to communicate with the core OpenVAS Greenbone Security Assistant. With it, one can create, read, update and delete scans and vulnerability information. These two protocols are available in the official [python-gvm] package.