az security va sql scans
Command group 'az security va sql' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
View Sql Vulnerability Assessment scan summaries.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az security va sql scans initiate-scan |
Initiates a vulnerability assessment scan. |
Core | Preview |
| az security va sql scans list |
List a list of scan records. |
Core | Preview |
| az security va sql scans scan-operation-result |
Manage Scan Operation Result. |
Core | Preview |
| az security va sql scans scan-operation-result show |
Get the result of a scan operation initiated by the InitiateScan action. |
Core | Preview |
| az security va sql scans show |
Get the scan details of a single scan record. |
Core | Preview |
az security va sql scans initiate-scan
Command group 'az security va sql scans' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Initiates a vulnerability assessment scan.
az security va sql scans initiate-scan --resource-id
[--acquire-policy-token]
[--change-reference]
[--database-name]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
Examples
Initiate a scan on an Azure SQL database.
az security va sql scans initiate-scan --resource-id /subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.Sql/servers/{server}/databases/{db}
Initiate a scan on the master database of an Azure SQL server.
az security va sql scans initiate-scan --resource-id /subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.Sql/servers/{server} --database-name master
Required Parameters
The fully qualified Azure Resource manager identifier of the resource.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Acquiring an Azure Policy token automatically for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
The related change reference ID for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
The name of the database to scan. Required when invoked at the server-level scope rather than on a specific database resource.
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az security va sql scans list
Command group 'az security va sql scans' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
List a list of scan records.
az security va sql scans list --resource-id
[--database-name]
[--max-items]
[--next-token]
Examples
List scan summaries for an Azure SQL database.
az security va sql scans list --resource-id /subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.Sql/servers/{server}/databases/{db}
List scan summaries at server level for the master database.
az security va sql scans list --resource-id /subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.Sql/servers/{server} --database-name master
Required Parameters
The fully qualified Azure Resource manager identifier of the resource.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
The name of the database to assess. Required when the API is called on the parent resource (e.g., server level) rather than on a specific database resource, since the database name is not part of the resource URI. This is the only way to assess system databases (e.g., master), which cannot be referenced directly in the resource URI.
Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.
| Property | Value |
|---|---|
| Parameter group: | Pagination Arguments |
Token to specify where to start paginating. This is the token value from a previously truncated response.
| Property | Value |
|---|---|
| Parameter group: | Pagination Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az security va sql scans show
Command group 'az security va sql scans' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Get the scan details of a single scan record.
az security va sql scans show --resource-id
--scan-id
[--database-name]
Examples
Show scan details for a given scan id on an Azure SQL database.
az security va sql scans show --resource-id /subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.Sql/servers/{server}/databases/{db} --scan-id Scan_2026-01-01T00-00-00Z
Show scan details on a SQL DB hosted on an Azure virtual machine.
az security va sql scans show --resource-id /subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.Compute/virtualMachines/{vm} --database-name MyDb --scan-id Scan_2026-01-01T00-00-00Z
Required Parameters
The fully qualified Azure Resource manager identifier of the resource.
The scan Id. Type 'latest' to get the scan record for the latest scan.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
The name of the database to assess. Required when the API is called on the parent resource (e.g., server level) rather than on a specific database resource, since the database name is not part of the resource URI. This is the only way to assess system databases (e.g., master), which cannot be referenced directly in the resource URI.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |