Azure SQL Server ADS Vulnerability Assessment (VA) Periodic recurring scans is disabled

Description

Enable Vulnerability Assessment (VA) Periodic recurring scans for critical SQL servers and corresponding SQL databases. VA setting 'Periodic recurring scans' schedules periodic (weekly) vulnerability scanning for the SQL server and corresponding Databases. Periodic and regular vulnerability scanning provides risk visibility based on updated known vulnerability signatures and best practices.

Code Example

{
 "
resource "azurerm_resource_group" "okExample" {
  name     = "okExample-resources"
  location = "West Europe"
}


resource "azurerm_sql_server" "okExample" {
  name                         = "mysqlserver"
  resource_group_name          = azurerm_resource_group.okExample.name
  location                     = azurerm_resource_group.okExample.location
  version                      = "12.0"
  administrator_login          = "4dm1n157r470r"
  administrator_login_password = "4-v3ry-53cr37-p455w0rd"
}


resource "azurerm_storage_account" "okExample" {
  name                     = "accteststorageaccount"
  resource_group_name      = azurerm_resource_group.okExample.name
  location                 = azurerm_resource_group.okExample.location
  account_tier             = "Standard"
  account_replication_type = "GRS"
}


resource "azurerm_storage_container" "okExample" {
  name                  = "accteststoragecontainer"
  storage_account_name  = azurerm_storage_account.okExample.name
  container_access_type = "private"
}


resource "azurerm_mssql_server_security_alert_policy" "okExample" {
  resource_group_name = azurerm_resource_group.okExample.name
  server_name         = azurerm_sql_server.okExample.name
  state               = "Enabled"
}


resource "azurerm_mssql_server_vulnerability_assessment" "okExample" {
  server_security_alert_policy_id = azurerm_mssql_server_security_alert_policy.okExample.id
  storage_container_path          = "${azurerm_storage_account.okExample.primary_blob_endpoint}${azurerm_storage_container.okExample.name}/"
  storage_account_access_key      = azurerm_storage_account.okExample.primary_access_key

  recurring_scans {
    enabled                   = true
    email_subscription_admins = true
    emails = [
      "[email protected]",
      "[email protected]"
    ]
  }

}
",
}

Remediation

Terraform

Resource: azurerm_resource_group, azurerm_sql_server, azurerm_storage_account, azurerm_storage_container, azurerm_mssql_server_security_alert_policy, azurerm_mssql_server_vulnerability_assessment

Rule Details

Field	Value
ID	IAC-0761
Severity	LOW
IaC Type	Terraform
Frameworks	Terraform, TerraformPlan
Checkov ID	CKV2_AZURE_3

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Azure SQL Server ADS Vulnerability Assessment (VA) Periodic recurring scans is disabled

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Azure SQL Server ADS Vulnerability Assessment (VA) Periodic recurring scans is disabled ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Azure SQL Server ADS Vulnerability Assessment (VA) Periodic recurring scans is disabled

Description

Code Example

Remediation

Rule Details

References