⚙️ Install • 📚 Docs • 💬 Discord • 🙋♀️ Book Demo
Different database development tasks
Multiple database systems
Unified process
Single tool
🪜
Want to formalize the database change process but don't know how?
Standard Operating Procedure (SOP) Standardize the database schema and data change process across different database systems, small or large tables and different tenants. SQL Review 100+ lint rules to detect SQL anti-patterns and enforce consistent SQL style in the organization. GitOps Point-and-click GitHub and GitLab integration to enable GitOps workflow for changing database. |
🔮
Want to control the data access but don't know how?
All-in-one SQL Editor Web-based IDE specifically for performing SQL specific tasks. Data Masking State-of-the-art column level masking engine to cover complex situations like subquery, CTE. Data Access Control Organization level policy to centralize the database permission. |
🔒
Want to avoid data leakage, change outage and detect malicious behavior but don't know how?
Centralize Change, Query and Admin Tasks A single place to perform different tasks on different databases, thus enforce policy and monitor activity accordingly. RBAC Two-level RBAC model mapping to the organization wide privileges and application team privileges respectively. Anomaly Center and Audit Logging Capture all database anomalies, user actions and system events and present them in a holistic view. |
👩💼
Want to enforce organization policy but don't know how?
Manage Database Resources A single place to manage environments, database instances, database users for application development, with optional Terraform integration. Policy Enforcement Enforce organization wide SQL Review policy, backup policy and data access policy. SQL Editor Admin mode CLI like experience without setting up bastion. |
Devsecdb is a Database CI/CD solution for the Developers and DBAs. It's the only database CI/CD project included by the CNCF Landscape and Platform Engineering. The Devsecdb family consists of these tools:
- Devsecdb Console: A web-based GUI for developers and DBAs to manage the database development lifecycle.
- Devsecdb API: Provide both gRPC and RESTful API to manipulate every aspect of Devsecdb.
- SQL Review GitHub Action: The GitHub Action to detect SQL anti-patterns and enforce a consistent SQL style guide during Pull Request.
- Terraform Devsecdb Provider: The Terraform provider enables team to manage Devsecdb resources via Terraform. A typical setup involves teams using Terraform to provision database instances from Cloud vendors, followed by using Devsecdb provider to prepare those instances ready for application use.
Topic | |
---|---|
🔧 | Installation |
🎮 | Demo |
👩🏫 | Tutorials |
💎 | Design Principles |
🧩 | Data Model |
🎭 | Roles |
🕊 | Developing and Contributing |
🤺 | Devsecdb vs Alternatives |
Live demo at https://demo.secdb.khulnasoft.com
You can also book a 30min product walkthrough with one of our product experts.
Product tutorials are available at https://www.secdb.khulnasoft.com/tutorial.
- Manage Supabase PostgreSQL
- Manage render PostgreSQL
- Manage Neon database
- Deploy to sealos
- Deploy to Rainbond
🪶 | Dependency Free | Start with a single command ./devsecdb without any external dependency. External PostgreSQL data store and others are optional. |
🔗 | Integration First | Solely focus on database management and leave the rest to others. We have native VCS integration with GitHub/GitLab, Terraform Provider, webhook, and etc. |
💂♀️ | Engineering Disciplined | Disciplined bi-weekly release and engineering practice. |
More details in Data Model Doc.
More details in Roles and Permissions Doc.
Devsecdb employs RBAC (role based access control) and provides two role sets at the workspace and project level:
- Workspace roles:
Admin
,DBA
,Member
. The workspace role maps to the role in an organization. - Project roles:
Owner
,Developer
,Releaser
,SQL Editor User
,Exporter
,Viewer
. The project level role maps to the role in a specific team or project.
Every user is assigned a workspace role, and if a particular user is involved in a particular project, then she will also be assigned a project role accordingly.
Below diagram describes a typical mapping between an engineering org and the corresponding roles in the Devsecdb workspace
-
Devsecdb is built with a curated tech stack. It is optimized for developer experience and is very easy to start working on the code:
- It has no external dependency.
- It requires zero config.
- 1 command to start backend and 1 command to start frontend, both with live reload support.
-
Interactive code walkthrough
-
Follow Life of a Feature.
- Go (1.23.2 or later)
- pnpm
- Air (our forked repo @87187cc with the proper signal handling). This is for backend live reload.
go install github.com/devsecdb/air@87187cc
-
Pull source.
git clone https://github.com/khulnasoft/devsecdb
-
Create an external Postgres database on localhost.
CREATE USER bbdev SUPERUSER; CREATE DATABASE bbdev;
-
Start backend using air (with live reload).
PG_URL=postgresql://bbdev@localhost/bbdev $(go env GOPATH)/bin/air -c scripts/.air.toml
Change the open file limit if you encounter "error: too many open files".
ulimit -n 10240
If you need additional runtime parameters such as --backup-bucket, please add them like this:
air -c scripts/.air.toml -- --backup-region us-east-1 --backup-bucket s3:\\/\\/example-bucket --backup-credential ~/.aws/credentials
-
Start frontend (with live reload).
cd frontend && pnpm i && pnpm dev
Devsecdb should now be running at http://localhost:3000 and change either frontend or backend code would trigger live reload.
- Use Code Inspector to locate
frontend code from UI. Hold
Option + Shift
on Mac orAlt + Shift
on Windows
Either Flyway or Liquibase is a library and CLI focusing on schema change. While Devsecdb is an one-stop solution covering the entire database development lifecycle for Developers and DBAs to collaborate.
Another key difference is Devsecdb doesn't support Oracle and SQL Server. This is a conscious decision we make so that we can focus on supporting other databases without good tooling support. In particular, many of our users tell us Devsecdb is by far the best (and sometimes the only) database tool that can support their PostgreSQL and ClickHouse use cases.
Either Yearning or Archery provides a DBA operation portal. While Devsecdb provides a collaboration
workspace for DBAs and Developers, and brings DevOps practice to the Database Change Management (DCM).
Devsecdb has the similar Project
concept seen in GitLab/GitHub and provides native GitOps integration
with GitLab/GitHub.
Another key difference is Yearning, Archery are open source projects maintained by the individuals part-time. While Devsecdb is open-sourced, it adopts an open-core model and is a commercialized product, supported by a fully staffed team releasing new version every 2 weeks.
Metabase is a data visualization and business intelligence (BI) tool. It's built for data teams and business analysts to make sense of the data.
Devsecdb is a database development platform. It's built for the developer teams to perform database operations during the application development lifecycle.
Both have web-based SQL clients. Additionally, Devsecdb offers review workflow, more collaboration and security features.
SQL GUI Client such as MySQL Workbench, pgAdmin, DBeaver, Navicat provide a GUI to interact with the database. Devsecdb not only provides a GUI client, it can also enforce centralized data access control for data security and governance.
Jira is a general-purpose issue ticketing system. Devsecdb is a database domain-specific change management system. Devsecdb provides an integrated experience to plan, review, and deploy database changes.
Check out our FAQ.
- Interested in joining us? Check out our jobs page for openings.
- Want to solve your schema change and database management headache? Book a 30min demo with one of our product experts.