{"id":15430525,"url":"https://github.com/lenisha/sqlaudit-runner","last_synced_at":"2025-11-09T07:30:34.382Z","repository":{"id":40892391,"uuid":"235855222","full_name":"lenisha/sqlaudit-runner","owner":"lenisha","description":"Run Audit as Cron Job","archived":false,"fork":false,"pushed_at":"2022-12-08T09:34:34.000Z","size":251,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-10-18T06:16:05.930Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lenisha.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":"AuditRecord.cs","citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-01-23T18:06:46.000Z","updated_at":"2020-01-24T01:21:03.000Z","dependencies_parsed_at":"2023-01-25T09:30:11.141Z","dependency_job_id":null,"html_url":"https://github.com/lenisha/sqlaudit-runner","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lenisha%2Fsqlaudit-runner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lenisha%2Fsqlaudit-runner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lenisha%2Fsqlaudit-runner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lenisha%2Fsqlaudit-runner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lenisha","download_url":"https://codeload.github.com/lenisha/sqlaudit-runner/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239571542,"owners_count":19661164,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-01T18:16:48.532Z","updated_at":"2025-11-09T07:30:34.341Z","avatar_url":"https://github.com/lenisha.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"## Detect and Audit SQL DB non encrypted PII data\n\nSQL Auditor is application that queries Azure SQL server which has Threat Protection enabled,to find any columns with PII (Marked as Confidential, Confidential-GDPR etc) but not encrypted using Always Encrypted.\n\nThese exceptions are then reported to Log Analytics for further reporting.\n\n## Run locally\n\nTo run locally , set `appsettings.json` configuration\n```\n{\n \"ConnectionStrings\": {\n \"DBToAudit\": \"Server=tcp:\u003cSERVER\u003e.database.windows.net,1433;Database=dataflow;User ID=\u003cUSER\u003e;Password=\u003cPASSWORD\u003e;Encrypt=true;Connection Timeout=30;\"\n },\n\n \"LAWorkspaceId\": \"\u003cLog Analytics Workspace ID\u003e\",\n \"LAKey\": \"\u003cLog Analytics Primary or secondary key\u003e\"\n}\n```\n\nAnd run\n```\n\u003e dotnet run \n\nSqlAuditor Loaded.\nConnecting to Database dataflow:\n=========================================\ninfo: sqlaudit_runner.SqlAuditor[0]\n Found Not Encrypted sensitive data Columns 26\ninfo: sqlaudit_runner.SqlAuditor[0]\n Sending found records to LogAnalytics Id: xxxxx-xxxxx\ninfo: sqlaudit_runner.SqlAuditor[0]\n Sent found records to LogAnalytics HTTP Status: OK\n```\n\n## Run as Kubernetes CronJob\nTo run this job periodically use Kubernetes CronJob `k8sjob.yaml` definition\n\n- First create ConfigMap with settings to mapped to container, e.g\n\n```sh\nkubectl create configmap sqlauditor-settings --from-file appsettings.Development.json\n```\n\n- Create Job\n```sh\nkubectl apply -f k8sjob.yaml\n```\n\nJob definition\n\n```yaml\napiVersion: batch/v1beta1\nkind: CronJob\nmetadata:\n name: sqlauditor\nspec:\n schedule: \"* */1 * * *\"\n jobTemplate:\n spec:\n completions: 1 #at least one success\n backoffLimit: 3 #retries\n template:\n spec:\n containers:\n - name: sqlauditor\n image: lenisha/sqlauditor\n volumeMounts:\n - name: config\n mountPath: /app/appsettings.json\n subPath: appsettings.Development.json\n restartPolicy: OnFailure\n securityContext:\n runAsUser: 1000\n runAsGroup: 3000\n ## kubectl create configmap sqlauditor-settings --from-file appsettings.Development.json\n volumes:\n - name: config \n configMap:\n name: sqlauditor-settings \n```\n\nwhen running, see job defined and completed runs\n```\n kubectl get cronjobs\nNAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE\nsqlauditor * */1 * * * False 0 26s 6m31s\n\nk get pods\nNAME READY STATUS RESTARTS AGE\nsqlauditor-1579827960-g284n 0/1 Completed 0 62s\nsqlauditor-1579828020-wkhhv 0/1 ContainerCreating 0 2s\n```\n\n## Log Analytics\n\nView custom Logs in the Workspace, LogType = `EncryptionExceptions_CL`\n\n![docs](./docs/LogAnalytics.png)\n\n## Sentinel","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flenisha%2Fsqlaudit-runner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flenisha%2Fsqlaudit-runner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flenisha%2Fsqlaudit-runner/lists"}