azure_sql_database_server_vulnerability

Use the azure_sql_database_server_vulnerability_assessment InSpec audit resource to test the properties and configuration of an Azure SQL Database server vulnerability assessment.

Syntax

resource_group and server_name are required parameters.

describe azure_sql_database_server_vulnerability_assessment(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
  it { should exist }
end

Parameters

resource_group (required): Azure resource group where the targeted resource resides.
server_name (required): The name of the server on which the database resides.

Properties

id: The ID of the resource.
name: The name of the resource. The name of the vulnerability assessment is default.
type: The type of the resource.
properties.recurringScans.isEnabled: Recurring scans state.
properties.recurringScans.emailSubscriptionAdmins: Specifies that the schedule scan notification will be is sent to the subscription administrators.
properties.recurringScans.emails: Specifies an array of e-mail addresses to which the scan notification is sent.

For properties applicable to all resources, such as type, name, id, and properties, refer to azure_generic_resource.

See the Azure documentation for other available properties. Any attribute in the response may be accessed with the key names separated by dots (.). For example, properties.<attribute>.

Examples

Test if a SQL database server vulnerability assessment has recurring scans enabled

describe azure_sql_database_server_vulnerability_assessment(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
  its('properties.recurringScans.isEnabled') { should eq false }
end

Verify the type of the resource.

describe azure_sql_database_server_vulnerability_assessment(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
  its('type') { should eq 'Microsoft.Sql/servers/vulnerabilityAssessments' }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.

exist

The control passes if the filter returns a result. Use should_not if a resource should not exist.

describe azure_sql_database_server_vulnerability_assessment(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
  it { should exist }
end

describe azure_sql_database_server_vulnerability_assessment(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
  it { should_not exist }
end

Azure Permissions

Your Service Principal must be set up with at least a contributor role on the subscription you wish to test.

azure_sql_database_server_vulnerability_assessment Resource