sp_Blitz tells you what's broken. It doesn't tell the board what to do.
Run sp_Blitz and you get a prioritised wall of warnings — every one of them fair. But a wall of warnings isn't a plan, a priority isn't an owner, and "Priority 50" means nothing to a CFO. SQLTriage takes that same output and turns it into a board-ready action plan: one score, every finding graded, owned and mapped to a standard, with the next step spelled out.
Written by Adrian Sullivan — founder of sqldba, twenty years on SQL Server.
sp_Blitz is built for a DBA at 2am. Not for a board at 2pm.
sp_Blitz — the heart of Brent Ozar's First Responder Kit — is the best free first-pass in SQL Server, and we run it ourselves. Point it at an instance and it hands back a priority-ranked list: a number, a finding, the detail, a link to read more. For the person with their hands on the server, it's gold.
Put that same list in a board pack and it dies. Nobody in the room knows whether "Priority 50: Max Server Memory not set" is a five-minute fix or the reason the month-end run falls over. They can't tell what it costs, whose job it is, or whether it was dealt with last quarter. So it gets read as technical, filed under "the DBA's problem" — and the risk stays exactly where it was. The tool did its job. The conversation never happened.
Five things a board needs that a scan doesn't give.
A single score
Not 200 warnings — one number. Are we Bronze or are we Platinum? A board can hold one number in its head and act on it.
The risk in plain terms
Not "Priority 50". Can we trade on Monday? Would this pass the audit? What happens if it goes wrong tonight — said in the language the room already speaks.
An owner
Every finding needs a name against it. "The DBA", "the platform team", "auto-fix with approval". A risk nobody owns is a risk nobody fixes.
A next step
Not a problem — a move. Restore-test this week. Disable that account. Downgrade that edition. Something a person can do on Monday morning.
A date, and a re-check
When will it be done, and how do we prove it is? The second report is the one that matters: same estate, scored again, the line moved.
Same findings. A plan instead of a list.
SQLTriage doesn't throw away sp_Blitz's work — it finishes it. Five moves take a raw scan to a report a board can sign off. (New to the tool? See the full sp_Blitz vs SQLTriage comparison.)
Import the sp_Blitz output
Keep the work you have already done. SQLTriage reads sp_Blitz output directly — every finding it raised comes across, nothing thrown away.
Run 500+ checks alongside it
Backups and recoverability, security and access, patching, configuration, licensing. sp_Blitz is the first responder; this is the full examination on top of it.
Grade it Bronze to Platinum
A single 0–100 governance score across the categories that matter — the number a board can act on, instead of a list it will file and forget.
Map each finding to a framework
Every finding cross-referenced to the control it satisfies — CIS, NIST 800-53, SOC 2, ISO 27001, PCI-DSS, HIPAA and more. "A risk" becomes "a named gap against a standard you are measured on".
Write it up for two audiences
A DBA handoff with the fix and the T-SQL, and a board-ready governance view with the score, the risk and the owner. One assessment, two reports — nobody reads the wrong one.
What the DBA reads, and what the board reads.
Getting a "yes" for the fix is a negotiation. So negotiate.
Every board has heard "the system needs work" before, and learned to discount it. So before you ask for budget, do the accusation audit — name their objections out loud before they can: you're probably thinking this is IT crying wolf again; that every estate has a list like this; that it's never as bad as the scan makes out. A graded report answers all three before they're spoken — because the score is comparable, the risks are mapped to standards they're already measured against, and the worst three are separated from the noise.
Then let the report answer the calibrated questions a good board actually asks — how bad is it really, what's the one thing that would hurt us most, and what does fixing it cost against what not fixing it costs? That's why the board view leads with a score and a ranked top-three, not 200 findings. You're not trying to dazzle the room; you're trying to get it to say "that's right" to the three that matter.
And close on the question people find it safe to answer — the "no"-oriented one. Is it unreasonable to want proof your backups restore before the auditor asks for it? Are you against knowing the number before you commit to the spend? Boards rarely move to chase a better score. They move to avoid a loss — and a Bronze report, dated and owned, is what makes the loss concrete enough to act on.
sp_Blitz, SQLTriage and the report.
Is SQLTriage an sp_Blitz replacement?
No — it builds on it. SQLTriage imports sp_Blitz output directly and credits it. sp_Blitz and the First Responder Kit (Brent Ozar), Erik Darling’s scripts, Ola Hallengren’s maintenance solution and dbatools are the foundation, not the competition. SQLTriage is the layer that turns those findings into a graded, owned, board-ready plan.
Do I still need to run sp_Blitz?
You can — SQLTriage reads its output, so the work you have already done counts. Or let SQLTriage run the equivalent checks itself (500+ of them). Either way the findings land in the same graded report.
What is actually in the board-ready report?
A single Bronze→Platinum score (0–100), the top findings ranked by real risk, each mapped to a compliance framework with an owner and a next step, and a remediation plan. Alongside it, a DBA handoff with the actual fixes and the T-SQL.
Will any of this touch production?
No. SQLTriage is read-only by default. It reads configuration and the sp_Blitz output and changes nothing on your servers — unless you explicitly approve a gated, reversible fix, with rollback if a check fails.
Is it really free?
Yes. SQLTriage Community Edition is free and open source, all checks unlocked, on GitHub. The board-ready report is the output, not a paywall. The findings are yours whether we ever work together or not.
How is the score worked out?
A weighted 0–100 governance score across the categories that decide whether an estate is safe, banded Bronze, Silver, Gold and Platinum. The sample report shows one estate at Silver 63 and, six months into a fix programme, the same estate at Platinum 93.
Is now a bad time to find out where you stand?
Run SQLTriage on one instance — free, read-only, no production impact. You'll get the same plan a board can act on: a score, the risks that matter, and what to do about each one. The findings are yours whether we ever work together or not.