az security va sql results

Command group 'az security va sql' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

View Sql Vulnerability Assessment scan results.

Commands

Name Description Type Status
az security va sql results list

List a list of scan results for a single scan record.

Core Preview
az security va sql results show

Get the scan results of a single rule in a scan record.

Core Preview

az security va sql results list

Preview

Command group 'az security va sql results' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

List a list of scan results for a single scan record.

az security va sql results list --resource-id
                                --scan-id
                                [--database-name]
                                [--max-items]
                                [--next-token]

Examples

List all scan results for a given scan id on an Azure SQL database.

az security va sql results list --resource-id /subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.Sql/servers/{server}/databases/{db} --scan-id Scan_2026-01-01T00-00-00Z

List scan results on a SQL DB hosted on an Azure virtual machine.

az security va sql results list --resource-id /subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.Compute/virtualMachines/{vm} --database-name MyDb --scan-id Scan_2026-01-01T00-00-00Z

Required Parameters

--resource-id

The fully qualified Azure Resource manager identifier of the resource.

--scan-id

The scan Id.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--database-name

The name of the database to assess. Required when the API is called on the parent resource (e.g., server level) rather than on a specific database resource, since the database name is not part of the resource URI. This is the only way to assess system databases (e.g., master), which cannot be referenced directly in the resource URI.

--max-items

Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.

Property Value
Parameter group: Pagination Arguments
--next-token

Token to specify where to start paginating. This is the token value from a previously truncated response.

Property Value
Parameter group: Pagination Arguments
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az security va sql results show

Preview

Command group 'az security va sql results' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Get the scan results of a single rule in a scan record.

az security va sql results show --resource-id
                                --rule-id --scan-result-id
                                --scan-id
                                [--database-name]

Examples

Show results for rule VA1234 from a given scan id on an Azure SQL database.

az security va sql results show --resource-id /subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.Sql/servers/{server}/databases/{db} --scan-id Scan_2026-01-01T00-00-00Z --rule-id VA1234

Show results for a single rule on an Arc-enabled SQL server.

az security va sql results show --resource-id /subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.HybridCompute/machines/{arc} --database-name MyDb --scan-id Scan_2026-01-01T00-00-00Z --rule-id VA1234

Required Parameters

--resource-id

The fully qualified Azure Resource manager identifier of the resource.

--rule-id --scan-result-id

The rule Id of the results.

--scan-id

The scan Id.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--database-name

The name of the database to assess. Required when the API is called on the parent resource (e.g., server level) rather than on a specific database resource, since the database name is not part of the resource URI. This is the only way to assess system databases (e.g., master), which cannot be referenced directly in the resource URI.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False