Reg: Octopus DB Vulnerability Remediation from Azure

Hello Team,

We are using self hosted Octopus Deploy which is in 2019.9.10LTS version. Recently we have migrated the Octopus DB to Azure SQL (PaaS), previously it used to be in one of our SQL VMs. On Azure Vulnerability Assessment, the below item came in the assessment report.

Sensitive data in your Octopus DB should be classified - 5 columns -> Username, EmailAddress, Username, ConcurrencyTag, AccountType -> are recommended by azure to be classified as confidential

Rule: VA1288 - Sensitive data columns should be classified

RULE DESCRIPTION: This rule discovers and characterizes potentially sensitive data in the database. The result is a collection of sensitive database columns, which should be reviewed and classified using SQL Data Discovery & Classification. This allows database columns to be persistently labeled according to their sensitivity, which enables tracking (auditing) the use of classified data and creating reports. If your sensitive database columns are unprotected, you should also consider applying one of SQL Database’s built-in security capabilities to restrict access to and protect your sensitive data.

IMPACT: The data residing in your database can have varying levels of business and privacy sensitivity. It is important to be aware of the location of your most sensitive data elements, so that their access can be monitored and tracked. SQL Data Discovery & Classification enables you to assign a distinct classification label to each database column and persist this information as column metadata within the database. This classification metadata can then be used for tracking and monitoring objectives. In addition, access to sensitive data should be more tightly controlled. Built-in SQL security capabilities like Always Encrypted, Dynamic Data Masking, and Row-Level Security can be used to control access and protect data.

Please let us know are we good to implement this?


Hi karthik623521,

Thanks for posting. Enabling the confidential classification for those columns shouldn’t affect how Octopus interacts with your Azure SQL db. However, we typically recommend making a clone or backup prior to making changes to your db as a precaution.

If you run into any issues after applying the recommendation, let me know and we’ll work through it. :slight_smile:


Sure Donny! If we ran into any issues, we will let you!

Have a great day!

Sounds good!

We’re here if you need us! :slight_smile: