SentriKat vs. OpenVAS / Greenbone
OpenVAS is the classic free network scanner. It does one thing well — credentialed and unauth network probes — but it leaves your team building the rest: compliance reports, ticketing, SIEM export, prioritization, container scanning. SentriKat ships those as a single product.
Feature-by-feature comparison
| Feature | SK SentriKat | OV OpenVAS / Greenbone |
|---|---|---|
| Licensing | Free (Early Access) / €59–€999/mo | OpenVAS Community free / Greenbone Enterprise from €2,450/yr |
| Vulnerability Focus | CISA KEV-first, multi-source enrichment | Generic NVT feed, all CVEs weighted equally |
| Scan Method | Agent-based inventory — no credentialed scans | Network scans (authenticated or unauth) |
| Container Scanning | Built-in (Trivy engine) for Docker & Podman | Not included |
| SCA (lockfile scanning) | 11+ lockfiles across 7 ecosystems | Not included |
| Vendor Backport Detection | 4 feeds daily, three-tier confidence | No native backport awareness |
| NIS2 / DORA / BOD 22-01 Reports | Signed PDF + JSON, HMAC integrity | Manual report building |
| ENISA EUVD Integration | Native EU database integration | Not integrated |
| Issue Tracker / Ticketing | Jira, YouTrack, GitHub, GitLab out of the box | Manual export, no native integrations |
| SIEM Forwarding | Syslog in CEF / JSON / RFC 5424 | Not included |
| SSO (SAML + LDAP) | SAML 2.0 + LDAP/AD included | LDAP only in paid edition |
| Deployment | Cloud (EU) or 100% on-premises | On-premises only |
| Time-to-value | Agents deploy in minutes | Days of scan tuning and feed setup |
| Unauthenticated Network Probes | Not the main scan method | Strong — classical OpenVAS sweet spot |
| NVT coverage breadth | Focused on exploited + vendor-tracked CVEs | 100,000+ Network Vulnerability Tests |
Who should choose which?
Choose SentriKat if you need:
- ✓ Signed NIS2 / DORA / BOD 22-01 reports out of the box
- ✓ Vulnerability data pulled from agents, not flaky network sweeps
- ✓ Container scanning, SCA, and SBOM generation included
- ✓ Jira, GitHub, GitLab, YouTrack, Slack, Teams, and SIEM hooks without writing glue code
- ✓ A vendor contract and SLA — not just a community forum
Stay on OpenVAS if you need:
- ✓ Unauthenticated network probes against legacy or network-appliance targets
- ✓ A zero-budget research or home-lab environment
- ✓ In-house engineering capacity to build the reporting, ticketing, and SIEM layers yourself
- ✓ An existing Greenbone Enterprise appliance footprint
SentriKat vs OpenVAS: different tools for different jobs
OpenVAS — now distributed as Greenbone Community Edition — is an excellent network vulnerability scanner. Its Network Vulnerability Tests (NVTs) probe open ports, misconfigurations, and known service-level weaknesses from the network side. Pair it with authenticated scans and you get a credible starting point for infrastructure vulnerability discovery.
But free is rarely free. Teams that deploy OpenVAS quickly discover that they also need to build: compliance reporting (NIS2, DORA, BOD 22-01), ticket automation, SIEM forwarding, container scanning, dependency scanning, SSO, alerting, escalation policies, dashboards for executives. Every one of those is hand-wired plumbing.
SentriKat takes a different approach. Agents report exact software inventory — versions, lockfiles, container images — which SentriKat cross-checks against CISA KEV, ENISA EUVD, NVD, and vendor advisories. You get prioritized, actionable findings from day one, plus the reporting and integration surface that OpenVAS users typically build themselves.
For EU security teams bound by NIS2 Article 21 or DORA, SentriKat ships signed compliance reports in JSON and PDF with HMAC-SHA256 integrity — auditor-ready. OpenVAS produces scan reports, not compliance evidence packages.
Many organizations keep OpenVAS for what it does best — network probing of DMZ and edge devices — and adopt SentriKat for endpoint, container, dependency, and compliance coverage. The two fit together cleanly.
Spend less time tuning scans.
Free during Early Access. See exploited CVEs mapped to your inventory in under an hour — with compliance, ticketing, and SIEM already wired up.