// free tiers
Free vulnerability scanner matrix: real caps, not marketing
What you can actually do in each free tier. Asset ceilings, scan-type caps, compliance reporting limits, time limits.
author: Oliver Wakefield-Smith · verified 2026-06-26
// direct-answer
What is the best free vulnerability scanner in 2026?
Nessus Essentials (16 IPs, no compliance), Snyk Free (monthly test caps across OSS / Code / Container / IaC), OpenVAS / Greenbone Community (fully free self-hosted), Trivy (Apache 2.0 for containers and IaC), HostedScan Free (5 targets). All five are production-grade within their caps.
| Scanner | Free-tier ceiling | Compliance reporting? | Time-limited? |
|---|---|---|---|
| Nessus Essentials | 16 IPs | No | Perpetual |
| Snyk Free | Monthly test caps per product | Limited | Perpetual |
| OpenVAS / Greenbone Community | No cap (self-hosted) | Yes (DIY) | Perpetual |
| Trivy | No cap (Apache 2.0) | Limited | Perpetual |
| HostedScan Free | 5 targets | Limited | Perpetual |
| ManageEngine VMP Free | 25 workstations / 5 servers | Limited | Perpetual |
| Qualys Community Edition | 16 assets | Limited | Perpetual |
| OWASP ZAP | No cap (Apache 2.0) | Limited | Perpetual |
| Nuclei | No cap (MIT) | No (template output only) | Perpetual |
// faq
FAQ
- Can a free tier produce PCI ASV evidence?Only if you are using OpenVAS or Qualys Community Edition output as part of a manually-attested package. None of the commercial free tiers ship ASV-attested reports.
- Which free tier is best for a 1-engineer shop?Nessus Essentials (16 IPs) plus Trivy for any container work. Add Snyk Free if you have a public repo.
- Which free tier scales furthest?OpenVAS Community Edition has no cap; the limit is admin hours, not licence.
- Can I replace a paid scanner with a free one?Within the cap, yes. Above the cap, no commercial free tier covers it.
- Do free tiers receive feed updates?Yes. Nessus Essentials, OpenVAS, and Trivy all update daily.