diff --git a/default.prf b/default.prf
index 0695ec474..9e7975611 100644
--- a/default.prf
+++ b/default.prf
@@ -51,6 +51,9 @@ pause-between-tests=0
 # Enable quick mode (no waiting for keypresses, same as --quick option)
 quick=no
 
+# Refresh software repositories to help detecting vulnerable packages
+refresh-repositories=yes
+
 # Show inline tips about the tool
 show-tool-tips=yes
 
diff --git a/include/consts b/include/consts
index 8dda85404..ef8ebd986 100644
--- a/include/consts
+++ b/include/consts
@@ -165,6 +165,7 @@ unset LANG
     PROFILEVALUE=""
     PSBINARY="ps"
     REDIS_RUNNING=0
+    REFRESH_REPOSITORIES=1
     REMOTE_LOGGING_ENABLED=0
     RESOLV_DOMAINNAME=""
     RKHUNTERBINARY=""
diff --git a/include/profiles b/include/profiles
index b191ff2d0..81c56a50c 100644
--- a/include/profiles
+++ b/include/profiles
@@ -207,6 +207,15 @@
                     AddSetting "quick" "${SETTING_QUICK_MODE}" "Quick mode (non-interactive)"
                 ;;
 
+                # Refresh software repositories
+                refresh-repositories)
+                    SETTING_REFRESH_REPOSITORIES=1 # default is yes
+                    FIND=$(echo "${VALUE}" | egrep "^(0|false|no)$") && REFRESH_REPOSITORIES=0
+                    if [ ! -z "${FIND}" ]; then SETTING_REFRESH_REPOSITORIES=0; fi
+                    Debug "Refreshing repositories set to ${SETTING_REFRESH_REPOSITORIES}"
+                    AddSetting "refresh-repositories" "${SETTING_REFRESH_REPOSITORIES}" "Refresh repositories (for vulnerable package detection)"
+                ;;
+
                 # Inline tips about tool (default enabled)
                 show_tool_tips | show-tool-tips)
                     SETTING_SHOW_TOOL_TIPS=1 # default is yes
diff --git a/include/tests_ports_packages b/include/tests_ports_packages
index e42343673..fa986c218 100644
--- a/include/tests_ports_packages
+++ b/include/tests_ports_packages
@@ -989,9 +989,13 @@
         # Multiple ways to do this.  Some require extra packages to be installed,
         # others require potential firewall ports to be open, outbound.  This is the
         # "most friendly" way.
-        LogText "Action: updating portage with emerge-webrsync"
-        /usr/bin/emerge-webrsync --quiet 2> /dev/null
-        LogText "Result: emerge-webrsync finished"
+        if [ ${REFRESH_REPOSITORIES} -eq 1 ]; then
+            LogText "Action: updating portage with emerge-webrsync"
+            /usr/bin/emerge-webrsync --quiet 2> /dev/null
+            LogText "Result: emerge-webrsync finished"
+        else
+            LogText "Result: using a possibly outdated repository, as updating is disabled"
+        fi
         LogText "Test: checking if /usr/bin/glsa-check exists"
         if [ -x /usr/bin/glsa-check ]; then
             PACKAGE_AUDIT_TOOL_FOUND=1