Self-hosted MCP server that gives AI agents structured access to OpenVAS vulnerability scanning without sending data externally.
Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.
Install from
M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.
process.env. You'll be asked to provide them before it can run.GVM_PORTLOG_LEVELMCP_TRANSPORT— stdio stdio, sse, or streamable-httpMCP_PORTGVM_SCAN_POLL_TIMEOUTGVM_REPORT_MAX_RESULTSGVM_SOCKET_PATH— /run/gvmd/gvmd.sock Unix socket path (default connection)GVM_HOST— MCP_API_KEYS="supersecrettoken:my-agent" =192.168.1.10 GVM_PASSWORD=secret docker compose upGVM_TLS— Plain TCP connections (GVM_HOST set, unset) send GVM credentials unencrypted. Use GVM_TLS=1 or a Unix socket for anything beyond local dev.GVM_TLS_CAFILEGVM_TLS_NO_VERIFYGVM_USERNAMEGVM_PASSWORD— "env": { "": "secret" } // ← edit this to your GVM passwordMCP_HOSTMCP_API_KEYS— "supersecrettoken:my-agent" GVM_PASSWORD=secret docker compose upMCP_POLICY_FILEMCP_ALLOW_UNAUTHENTICATED— MCP_API_KEYS is a comma-separated list of token:name pairs sent as a Bearer token by the MCP client. Multiple clients: "tok1:agent1,tok2:agent2". Pass =1 instead to skip auth on a trusted network.[](https://m8ven.ai/mcp/cybersecauto-labs-openvas-mcp-ynqjx2)