Audit a DuckDB instance exposed via an HTTP query endpoint (e.g. a MotherDuck-compatible or self-hosted SQL-over-HTTP proxy) — not a local file. Checks attached-database read-only posture, external access / unsigned extension settings, and loaded extension inventory through read-only SQL introspection.
Checks this connector runs once it's connected. This is the full list — we don't claim coverage beyond what's implemented.
Field labels only — we never show secret values here. Credentials are encrypted at rest and used only to run the checks above.
Required
Optional
DuckDB evidence feeds into controls for any framework you run that requires this check type — the same synced evidence can satisfy more than one framework's requirements instead of being collected per audit.
Tell us what you use and what it needs to prove. We'll follow up about adding a connector.
Get a guided demo, or start by scanning any domain for free.