Azure Synapse SQL Pool vulnerability assessment disabled
Description
This policy detects whether a Synapse SQL Pool in an Azure environment has a vulnerability assessment enabled. Vulnerability assessments are essential for maintaining a strong security posture. They help mitigate potential security risks by detecting vulnerabilities and providing recommendations for addressing them. Without vulnerability assessments, your Synapse SQL Pool could be exposed to security threats, potentially leading to data breaches, loss, or other cyberattacks.
Monitoring and maintaining the security of your database services is crucial for protecting sensitive data and complying with regulatory standards. Vulnerability assessments play a vital role in achieving this by proactively identifying and mitigating potential risks.
Code Example
resource "azurerm_synapse_sql_pool_vulnerability_assessment" "example" {
+ sql_pool_security_alert_policy_id = azurerm_synapse_sql_pool_security_alert_policy.example.id
...
recurring_scans {
+ enabled = true
...
}
}Remediation
Terraform
- Resource: azurerm_synapse_sql_pool
- Arguments: azurerm_synapse_sql_pool_security_alert_policy, recurring_scans.*.enabled
Ensure that all `azurerm_synapse_sql_pool` resources have an associated `azurerm_synapse_sql_pool_security_alert_policy` block with recurring security scans (`recurring_scans.property`) enabled.
In this example, an `azurerm_synapse_sql_pool_vulnerability_assessment` resource is configured to enable automatic vulnerability scanning for your Synapse SQL Pool. This ensures your pool is regularly checked for potential security weaknesses.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0809 |
| Severity | INFO |
| IaC Type | arm |
| Frameworks | Terraform, |
| Checkov ID | CKV2_AZURE_52 |