{"id":18244390,"url":"https://github.com/dataplat/dbasecurityscan","last_synced_at":"2025-04-04T13:31:26.199Z","repository":{"id":43294435,"uuid":"251563658","full_name":"dataplat/dbasecurityscan","owner":"dataplat","description":"Baseline, check and correct your SQL Database Security","archived":false,"fork":false,"pushed_at":"2022-03-09T13:20:17.000Z","size":217,"stargazers_count":11,"open_issues_count":0,"forks_count":3,"subscribers_count":4,"default_branch":"development","last_synced_at":"2025-03-20T13:42:02.927Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dataplat.png","metadata":{"files":{"readme":"Readme.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-03-31T09:57:03.000Z","updated_at":"2024-10-16T00:17:17.000Z","dependencies_parsed_at":"2022-09-08T05:01:52.085Z","dependency_job_id":null,"html_url":"https://github.com/dataplat/dbasecurityscan","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dataplat%2Fdbasecurityscan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dataplat%2Fdbasecurityscan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dataplat%2Fdbasecurityscan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dataplat%2Fdbasecurityscan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dataplat","download_url":"https://codeload.github.com/dataplat/dbasecurityscan/tar.gz/refs/heads/development","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247185009,"owners_count":20897875,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-05T09:16:31.179Z","updated_at":"2025-04-04T13:31:25.937Z","avatar_url":"https://github.com/dataplat.png","language":"PowerShell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# dbaSecurityScan\n\n## Module Status\n\n| Win + WinPS | Win + PS7 | Linux + PS7 |\n|---|---|---|\n| ![Windows + Ps7](https://github.com/sqlcollaborative/dbasecurityscan/workflows/CI/badge.svg) | ![WindowsPS](https://github.com/sqlcollaborative/dbasecurityscan/workflows/WindowsPS/badge.svg) | ![LinuxPS](https://github.com/sqlcollaborative/dbasecurityscan/workflows/LinuxPS/badge.svg)\n\n## Introduction\n\ndbaSecurityScan is a PowerShell module designed to allow you to source control and test you database's security model\n\n## Platform\n\nWe aim to be cross platform, PowerShell Core and PowerShell Windows friendly, and support SQL Server 2005+.\n\n## Status\n\nAt the moment this module should be considered in alpha development, things are likely to change rapidly. While trying to avoid any breaking changes we can't guarantee they won't creep in over time\n\nPester v4 is a hard requirement. It the module can't find it at load time it will throw an error. We will support Pester v5 at some point\n\n## Stuff that works 01/11/2020\nCan create and test configs for Object, Schema, Role and User based security\nCan fix Schema, Object, Role and User permission errors\nPolicies added\n\n## Tests vs Policies\nWe have 2 ways of tracking configuration:\n\n- Policies; these are checks with a single answer (true, false, 2) evaluated once for the whole database. For example, 'No User Permissions allowed' is true or false\n- Tests; these can have many answers per database. For example, 'Get all Role permissions for db1' could have many different return sets\n\n\n## Dev Guidelines\n\n- Module should support xplat, PS Core and Windows PowerShell\n- Other than generic Sql Scripts, and other SQL Server data should be fetched using dbatools\n  - So if extra data is needed, please add functionality to dbatools or tag the query as needing work\n- Test for presence and absence, don't assume one means both\n- Tests are good, any new commands should have tests.\n\n## Examples\n\nThis example uses the roles database from the testing folder. This demo assumes you're running at the module root folder\n\n```\n--Setup a few environment variable\n$sqlUser='sqluser'\n$sqlPasswd= ConvertTo-SecureString 'P@ssw0rdl!ng' -AsPlainText -Force\n$sqlCred=New-Object System.Management.Automation.PSCredential ($sqlUser, $sqlPasswd)\n$sqlInstance='localhost:1433'\n$appsplat=@{\n  SqlInstance =$sqlInstance\n  SqlCredential = $sqlCred\n}\n\n$srv = Connect-DbaInstance @appsplat\n$c = Get-Content './Tests/scenarios/roles1/roles1.sql' -Raw\n$srv.Databases['master'].ExecuteNonQuery($c)\n\n--create a new config\n$config = New-DssConfig @appsplat -Database roles1\n\n--remove config file\nRemove-Item ./dss.json -Force\n\n--write out the config to a file\n$config | ConvertTo-Json -Depth 5 | Out-File ./dss.json\n\n--take a look at the config file in vs code\ncode ./dssNotts.json\n\n--Add an extra permission to the role\nInvoke-DbaQuery @appsplat -Database roles1 -Query \"grant execute on sp_test to removerole\"\n\n--run a compare against the config.\n$results = Invoke-DssTest @appsplat -Database roles1 -Config $config\n\n--errors were returned so try a dryrun to see how they could be fixed\n$dryRun = Reset-DssSecurity @appsplat -Database roles1 -TestResults $results -OutputOnly\n\n--If happy with the dry run, tell the command to fix the issues\n$realRun = Reset-DssSecurity @appsplat -Database roles1 -TestResults $results\n\n--Run a final test to check that everything is in line again\n$final = Invoke-DssTest @appsplat -Database roles1 -Config $config\n```\n\n## ToDo\n\n- Expand items included in config\n- Expand public functions\n- Improve build testing\n- Add direct testing on top of meta data testing\n- Command to add/remove permissions from configs\n- Some form of graphical representation of the security model (Graph/PowerBI?)\n- Documentation\n- Write a proper developer wiki\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdataplat%2Fdbasecurityscan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdataplat%2Fdbasecurityscan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdataplat%2Fdbasecurityscan/lists"}