Hello, The following issues would improve the handling on readonly filesystems: 1.) /usr/local/etc/periodic/security/410.pkg-audit & /usr/local/etc/periodic/security/405.pkg-base-audit Add an option to to specify "-f File" so that the vulnxml file can be located outside of /var/db/pkg. 2.) /usr/local/sbin/pkg check -qsa tries to open the sqliteDB Files in RW mode. From my understanding this is not necessary for the check operations. Kind Regards, Manon