Skip to main content

azure_sql_database_server_vulnerability_assessment resource

Use the azure_sql_database_server_vulnerability_assessment InSpec audit resource to test the properties and configuration of an Azure SQL Database server vulnerability assessment.

Syntax

resource_group and server_name are required parameters.

describe azure_sql_database_server_vulnerability_assessment(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
  it { should exist }
end

Parameters

resource_group (required)
Azure resource group where the targeted resource resides.
server_name (required)
The name of the server on which the database resides.

Properties

id
The ID of the resource.
name
The name of the resource. The name of the vulnerability assessment is default.
type
The type of the resource.
properties.recurringScans.isEnabled
Recurring scans state.
properties.recurringScans.emailSubscriptionAdmins
Specifies that the schedule scan notification will be is sent to the subscription administrators.
properties.recurringScans.emails
Specifies an array of e-mail addresses to which the scan notification is sent.

For properties applicable to all resources, such as type, name, id, and properties, refer to azure_generic_resource.

See the Azure documentation for other available properties. You can access any attribute in the response with the key names separated by dots (.). For example, properties.<attribute>.

Examples

Test if a SQL database server vulnerability assessment has recurring scans enabled:

describe azure_sql_database_server_vulnerability_assessment(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
  its('properties.recurringScans.isEnabled') { should eq false }
end

Verify the type of the resource:

describe azure_sql_database_server_vulnerability_assessment(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
  its('type') { should eq 'Microsoft.Sql/servers/vulnerabilityAssessments' }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.

exist

The control passes if the filter returns a result. Use should_not if a resource should not exist.

describe azure_sql_database_server_vulnerability_assessment(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
  it { should exist }
end

describe azure_sql_database_server_vulnerability_assessment(resource_group: 'RESOURCE_GROUP', server_name: 'SERVER_NAME') do
  it { should_not exist }
end

Azure permissions

Your Service Principal must be set up with at least a contributor role on the subscription you wish to test.

Thank you for your feedback!

×