Table: azure_sql_managed_instance_vulnerability_assessments

This table shows data for Azure SQL Managed Instance Vulnerability Assessments.

https://learn.microsoft.com/en-us/rest/api/sql/2020-08-01-preview/managed-instance-vulnerability-assessments/list-by-instance?tabs=HTTP#managedinstancevulnerabilityassessment (opens in a new tab)

The primary key for this table is id.

Relations

This table depends on azure_sql_managed_instances.

Columns

Name	Type
_cq_id	`uuid`
_cq_parent_id	`uuid`
subscription_id	`utf8`
properties	`json`
id (PK)	`utf8`
name	`utf8`
type	`utf8`

Example Queries

These SQL queries are sampled from CloudQuery policies and are compatible with PostgreSQL.

Vulnerability assessment should be enabled on SQL Managed Instance

WITH
  protected_instances
    AS (
      SELECT
        s.id AS instance_id
      FROM
        azure_sql_managed_instances AS s
        LEFT JOIN azure_sql_managed_instance_vulnerability_assessments AS va ON
            s._cq_id = va._cq_parent_id
      WHERE
        (va.properties->'recurringScans'->>'isEnabled')::BOOL IS true
    )
SELECT
  'Vulnerability assessment should be enabled on SQL Managed Instance' AS title,
  i.subscription_id,
  i.id AS instance_id,
  CASE
  WHEN p.instance_id IS NULL THEN 'fail'
  ELSE 'pass'
  END
FROM
  azure_sql_managed_instances AS i
  LEFT JOIN protected_instances AS p ON p.instance_id = i.id;