How can I run SQL Server Vulnerability Assessment from a SQL Job?

Question

I want to run SQL Server Vulnerability Assessment from a SQL Server Agent Job. Currently, I am attempting a job with a PowerShell script and am running a command like the one below.

Invoke-SqlVulnerabilityAssessmentScan -ServerInstance $(ESCAPE_DQUOTE(SRVR)) -Database AdventureWorks

I have confirmed that Invoke-SqlVulnerabilityAssessmentScan is available on the SQL Server (I can run it from the PowerShell command prompt there), but when I run my job, I receive an error stating that

The term 'Invoke-SqlVulnerabilityAssessmentScan' is not recognized as the name of a cmdlet

After looking at this Microsoft article, I am wondering if SQL Agent only has a subset of PowerShell cmdlets that it can access.

How can I run the vulnerability assessment scan from a SQL Job?

score 5 · Answer 1 · answered Aug 20 '19 at 15:20

5

You are getting that error because the module is not imported.

You have to use

import-module -name sqlserver  # or path to the module

see : Running PowerShell in a SQL Agent Job

answered Aug 20 '19 at 15:20

Kin Shah

62,545
6
124
245

score 5 · Accepted Answer · answered Aug 20 '19 at 17:39

The articles referenced in @Kin Shah's answer helped me to come to a final solution. I had to switch from the "PowerShell" SQL Job Type to the "Operating system (CmdExec)" Type. I moved my PowerShell command into a script and referenced that using command text like the following in a SQL Job.

powershell.exe d:\data\dev\VulnerabilityScanTest.ps1

The command inside the script ended up looking like this:

Invoke-SqlVulnerabilityAssessmentScan -ServerInstance "myserver\myinstance" -Database AdventureWorks

How can I run SQL Server Vulnerability Assessment from a SQL Job?

2 Answers2