⚙️ Install • 📚 Docs • 💬 Discord • 🙋‍♀️ Book Demo

Different database development tasks

Multiple database systems

Unified process

Single tool

🪜

Change

Want to formalize the database change process but don't know how?


Standard Operating Procedure (SOP) Standardize the database schema and data change process across different database systems, small or large tables and different tenants. SQL Review 100+ lint rules to detect SQL anti-patterns and enforce consistent SQL style in the organization. GitOps Point-and-click GitHub and GitLab integration to enable GitOps workflow for changing database.

🔮

Query

Want to control the data access but don't know how?


All-in-one SQL Editor Web-based IDE specifically for performing SQL specific tasks. Data Masking State-of-the-art column level masking engine to cover complex situations like subquery, CTE. Data Access Control Organization level policy to centralize the database permission.

🔒

Secure

Want to avoid data leakage, change outage and detect malicious behavior but don't know how?


Centralize Change, Query and Admin Tasks A single place to perform different tasks on different databases, thus enforce policy and monitor activity accordingly. RBAC Two-level RBAC model mapping to the organization wide privileges and application team privileges respectively. Anomaly Center and Audit Logging Capture all database anomalies, user actions and system events and present them in a holistic view.

Centralize Change, Query and Admin Tasks
A single place to perform different tasks on different databases, thus enforce policy and monitor activity accordingly.

RBAC
Two-level RBAC model mapping to the organization wide privileges and application team privileges respectively.

Anomaly Center and Audit Logging
Capture all database anomalies, user actions and system events and present them in a holistic view.

👩‍💼

Govern

Want to enforce organization policy but don't know how?


Manage Database Resources A single place to manage environments, database instances, database users for application development, with optional Terraform integration. Policy Enforcement Enforce organization wide SQL Review policy, backup policy and data access policy. SQL Editor Admin mode CLI like experience without setting up bastion.

🖖 Intro

Devsecdb is a Database CI/CD solution for the Developers and DBAs. It's the only database CI/CD project included by the CNCF Landscape and Platform Engineering. The Devsecdb family consists of these tools:

Devsecdb Console: A web-based GUI for developers and DBAs to manage the database development lifecycle.
Devsecdb API: Provide both gRPC and RESTful API to manipulate every aspect of Devsecdb.
SQL Review GitHub Action: The GitHub Action to detect SQL anti-patterns and enforce a consistent SQL style guide during Pull Request.
Terraform Devsecdb Provider: The Terraform provider enables team to manage Devsecdb resources via Terraform. A typical setup involves teams using Terraform to provision database instances from Cloud vendors, followed by using Devsecdb provider to prepare those instances ready for application use.

	Topic
🔧	Installation
🎮	Demo
👩‍🏫	Tutorials
💎	Design Principles
🧩	Data Model
🎭	Roles
🕊	Developing and Contributing
🤺	Devsecdb vs Alternatives

🔧 Installation

🎮 Demo

Live demo at https://demo.secdb.khulnasoft.com

You can also book a 30min product walkthrough with one of our product experts.

👩‍🏫 Tutorials

Product tutorials are available at https://www.secdb.khulnasoft.com/tutorial.

Integrations

💎 Design Principles


🪶	Dependency Free	Start with a single command `./devsecdb` without any external dependency. External PostgreSQL data store and others are optional.
🔗	Integration First	Solely focus on database management and leave the rest to others. We have native VCS integration with GitHub/GitLab, Terraform Provider, webhook, and etc.
💂‍♀️	Engineering Disciplined	Disciplined bi-weekly release and engineering practice.

🧩 Data Model

More details in Data Model Doc.

Data Model

🎭 Roles

More details in Roles and Permissions Doc.

Devsecdb employs RBAC (role based access control) and provides two role sets at the workspace and project level:

Workspace roles: Admin, DBA, Member. The workspace role maps to the role in an organization.
Project roles: Owner, Developer, Releaser, SQL Editor User, Exporter, Viewer. The project level role maps to the role in a specific team or project.

Every user is assigned a workspace role, and if a particular user is involved in a particular project, then she will also be assigned a project role accordingly.

Below diagram describes a typical mapping between an engineering org and the corresponding roles in the Devsecdb workspace

Role Mapping

🕊 Developing and Contributing

Tech Stack

Devsecdb is built with a curated tech stack. It is optimized for developer experience and is very easy to start working on the code:
1. It has no external dependency.
2. It requires zero config.
3. 1 command to start backend and 1 command to start frontend, both with live reload support.
Interactive code walkthrough
- Life of a schema change
- SQL Review
Follow Life of a Feature.

Dev Environment Setup

Prerequisites

Go (1.23.2 or later)
pnpm
Air (our forked repo @87187cc with the proper signal handling). This is for backend live reload.
```
go install github.com/devsecdb/air@87187cc
```

Steps

Pull source.

git clone https://github.com/khulnasoft/devsecdb

Create an external Postgres database on localhost.

CREATE USER bbdev SUPERUSER;
CREATE DATABASE bbdev;

Start backend using air (with live reload).

PG_URL=postgresql://bbdev@localhost/bbdev $(go env GOPATH)/bin/air -c scripts/.air.toml

Change the open file limit if you encounter "error: too many open files".

ulimit -n 10240

If you need additional runtime parameters such as --backup-bucket, please add them like this:

air -c scripts/.air.toml -- --backup-region us-east-1 --backup-bucket s3:\\/\\/example-bucket --backup-credential ~/.aws/credentials

Start frontend (with live reload).
```
cd frontend && pnpm i && pnpm dev
```
Devsecdb should now be running at http://localhost:3000 and change either frontend or backend code would trigger live reload.

Tips

Use Code Inspector to locate frontend code from UI. Hold Option + Shift on Mac or Alt + Shift on Windows

🤺 Devsecdb vs Alternatives

Devsecdb vs Flyway, Liquibase

Either Flyway or Liquibase is a library and CLI focusing on schema change. While Devsecdb is an one-stop solution covering the entire database development lifecycle for Developers and DBAs to collaborate.

Another key difference is Devsecdb doesn't support Oracle and SQL Server. This is a conscious decision we make so that we can focus on supporting other databases without good tooling support. In particular, many of our users tell us Devsecdb is by far the best (and sometimes the only) database tool that can support their PostgreSQL and ClickHouse use cases.

Devsecdb vs Yearning, Archery

Either Yearning or Archery provides a DBA operation portal. While Devsecdb provides a collaboration workspace for DBAs and Developers, and brings DevOps practice to the Database Change Management (DCM). Devsecdb has the similar Project concept seen in GitLab/GitHub and provides native GitOps integration with GitLab/GitHub.

Another key difference is Yearning, Archery are open source projects maintained by the individuals part-time. While Devsecdb is open-sourced, it adopts an open-core model and is a commercialized product, supported by a fully staffed team releasing new version every 2 weeks.

Devsecdb vs Metabase

Metabase is a data visualization and business intelligence (BI) tool. It's built for data teams and business analysts to make sense of the data.

Devsecdb is a database development platform. It's built for the developer teams to perform database operations during the application development lifecycle.

Devsecdb vs Metabase

Devsecdb vs CloudBeaver

Both have web-based SQL clients. Additionally, Devsecdb offers review workflow, more collaboration and security features.

Devsecdb vs CloudBeaver

Devsecdb vs DBeaver / Navicat

SQL GUI Client such as MySQL Workbench, pgAdmin, DBeaver, Navicat provide a GUI to interact with the database. Devsecdb not only provides a GUI client, it can also enforce centralized data access control for data security and governance.

Devsecdb vs Jira

Jira is a general-purpose issue ticketing system. Devsecdb is a database domain-specific change management system. Devsecdb provides an integrated experience to plan, review, and deploy database changes.

Devsecdb vs Jira

👨‍👩‍👧‍👦 Community

🤔 Frequently Asked Questions (FAQs)

Check out our FAQ.

🙋 Contact Us

Interested in joining us? Check out our jobs page for openings.
Want to solve your schema change and database management headache? Book a 30min demo with one of our product experts.

# README