Quality Checks

Note: This is a Liquibase Pro command, so you need a Liquibase Pro License Key to use it.

Liquibase quality checks allow you to analyze your changelogs, changesets, and SQL for specific commands and patterns that require close review early in the development life cycle. It can also be integrated into your build and deployment automation to prevent non-compliant changes from entering the pipeline.

Quality checks help you customize the types of checks to fit the needs of your organization and let you do the following:

  • Better secure your database by getting immediate notice that user and role privileges are being modified.
  • Prevent data loss and corruption.
  • Enforce internal standards and best practices to ensure that only high-quality, compliant changes are added to your projects.
  • Quickly, consistently, and easily validate your changes from the local development environments.
  • Integrate checks into automated workflows to provide quality gates for database changes in automation.

Quality checks have been tested for Oracle, SQL Server, PostgreSQL, MySQL, and MariaDB, but may be compatible with any relational database supported by Liquibase.

Quality checks include static and dynamic checks, the checks command with sub commands, and the checks settings file that includes defined configurations and parameters. All checks work in the command line and in automation, which is interactive and allows the configuration of dynamic checks.

Quality checks are run via Quality Checks Subcommands, which have both required and optional Quality Checks Command Arguments which can customize your checks even further. An example command is formatted like so: 

liquibase checks sub command --check-name=<checkShortname> 

It is important to note that command arguments must be placed after the specified quality check.

To use quality checks, refer to the following pages:

Quality Check Type: Permissions

Name Scope Description
SqlGrantAdminWarn

Scope: changelog
Enabled: true
Severity: 0
Customization: <None>

This check warns a user when SQL contains 'GRANT' statements that include the 'WITH ADMIN OPTION' clause so that they can ensure that the privilege being granted won't lead to security issues.

SqlGrantWarn

Scope: changelog
Enabled: true
Severity: 0
Customization: <None>

This check warns a user when SQL contains 'GRANT' statements so that they can ensure that the privilege being granted won't lead to security issues.

SqlGrantSpecificPrivsWarn

Scope: changelog
Enabled: true
Severity: 0
Customize: PRIVILEGE_LIST = null

The changelog file against which you execute checks when running liquibase checks run.

SqlGrantOptionWarn Scope: changelog
Enabled: true
Severity: 0
Customization: <None>
This check warns a user when SQL contains 'GRANT' statements that include the 'WITH GRANT OPTION' clause so that they can ensure the privilege being granted won't lead to security issues.
SqlRevokeWarn Scope: changelog
Enabled: true
Severity: 0
Customization: <None>
This check warns a user when SQL contains 'REVOKE' statements so that they can ensure that the privilege being revoked won't lead to data access and dependency issues.
WarnOnUseDatabase Scope: changelog
Enabled: true
Severity: 0
Customization: <None>
This check warns a user when generated or raw SQL contains 'USE DATABASE' directive.

Quality Check Type: Data Structure Changes

Name Syntax Description
ChangeDropTableWarn

Scope: changelog
Enabled: true
Severity: 0
Customization: <None>

This check warns a user when a table is being dropped so that they can ensure that dropping the table won't lead to unintentional loss of data.

ChangeDropColumnWarn

Scope: changelog
Enabled: true
Severity: 0
Customization: <None>

This check warns a user when a column is being dropped so that they can ensure that dropping the column won't lead to unintentional loss of data.

ModifyDataTypeWarn

Scope: changelog
Enabled: true
Severity: 0
Customization: <None>

This check warns a user when a change will result in modification oof a data type so they can ensure that modifying the data type won't lead to unintentional loss of data.

ChangeTruncateTableWarn Scope: changelog
Enabled: true
Severity: 0
Customization: <None>
This check warns a user when a table is being truncated so that they can ensure that truncating the table won't lead to unintentional loss of data.
DetectChangeType Scope: changelog
Enabled: true
Severity: 0
Customization: <None>
This check warns a user when a ChangeSet includes a ChangeType listed by the user as forbidden.

Quality Check Type: Database Best Practices

Name Syntax Description
ConstraintMustExist

Scope: database
Enabled: false
Severity: 0
Customize: CONSTRAINT_OPERATOR = STARTS_WITH
TABLE_NAME = null
COLUMN_NAME = null
CONSTRAINT = PRIMARYKEY
CASE_SENSITIVE = true
MESSAGE = The specified table '<TABLE_NAME>' does not contain the required '<CONSTRAINT>" constraint.

Check for and alert when specified table does not contain the required constraint(s).

SqlUserDefinedPatternCheck

Scope: changelog
Enabled: false

Severity:0
Customization: SEARCH_STRING = null
Message = A match for regular expression <SEARCH_STRING> was detected in Changeset <CHANGESET>.
STRIP_COMMENTS = true

This check scans SQL for the presence of specific patterns and warns the user when they are found.

ObjectNameMustMatch

Scope: changelog, database
Enabled: true
Severity: 0
Customize: OPERATOR = STARTS_WITH
SEARCH_STRING = null
OBJECT_TYPES = null
CASE_SENSITIVE = true

This check confirms the listed object names conform to the supplied pattern.

ObjectNameMustNotMatch Scope: changelog, database
Enabled: true
Severity: 0
Customize: OPERATOR = STARTS_WITH
SEARCH_STRING = null
OBJECT_TYPES = null
CASE_SENSITIVE = true
This check confirms the listed object names conform to the supplied pattern.
TableColumnLimit Scope: changelog, database
Enabled: true
Severity: 0
Customize: MAX_COLUMNS = 50
Ensures that no table has more than a threshold number of columns.

Quality Check Type: DB-specific Reserved Keywords

Name Syntax Description
OracleReservedKeywords

Scope: changelog, database
Enabled: true
Severity: 0
Customize: OBJECT_TYPES = null
ALLOWED_LIST = null
CASE_SENSITIVE = true

Disallow Oracle reserved keywords from being used in database object names. See https://docs.oracle.com/cd/B19306_01/em.102/b40103/app_oracle_reserved_words.htm for complete list of keywords.

SQLServerReservedKeywords

Scope: changelog, database
Enabled: true
Severity: 0
Customize: OBJECT_TYPES = null
ALLOWED_LIST = null
CASE_SENSITIVE = true

Disallow SQL Server reserved keywords from being used in database object names. See https://docs.microsoft.com/en-us/sql/t-sql/language-elements/reserved-keywords-transact-sql?view=sql-server-ver16 for complete list of keywords.

SQLServerFutureReservedKeywords

Scope: changelog, database
Enabled: true
Severity: 0
Customize: OBJECT_TYPES = null
ALLOWED_LIST = null
CASE_SENSITIVE = true

Disallow SQL Server's future reserved keywords from being used in database object names. See https://docs.microsoft.com/en-us/sql/t-sql/language-elements/reserved-keywords-transact-sql?view=sql-server-ver16 for complete list of keywords.

PostgresReservedKeywords

Scope: changelog, database

Enabled: true

Severity: 0

Customize: OBJECT_TYPES = null

ALLOWED_LIST = null

CASE_SENSITIVE = true

Disallow Postgres reserved keywords from being used in database object names. See https://www.postgresql.org/docs/14/sql-keywords-appendix.html for complete list of keywords.
SQLServerODBCReservedKeywords

Scope: changelog, database

Enabled: true

Severity: 0

Customize: OBJECT_TYPES = null

ALLOWED_LIST = null

CASE_SENSITIVE = true

Disallow SQL Server's ODBC reserved keywords from being used in database object names. See https://docs.microsoft.com/en-us/sql/t-sql/language-elements/reserved-keywords-transact-sql?view=sql-server-ver16 for complete list of keywords.
PostgresNonReservedKeywords

Scope: changelog, database

Enabled: true

Severity: 0

Customize: OBJECT_TYPES = null

ALLOWED_LIST = null

CASE_SENSITIVE = true

Disallow Postgres non-reserved keywords from being used in database object names. See https://www.postgresql.org/docs/14/sql-keywords-appendix.html for complete list of keywords.

Quality Check Type: Performance

Name Syntax Description
SqlSelectStarWarn

Scope: changelog
Enabled: true
Severity: 0
Customization: <None>

This check warns a user when generated or raw SQL contains 'SELECT *' statements so that they can ensure selecting all fields from a table in a query is safe and necessary.

CheckTablesForIndex

Scope: changelog
Enabled: true
Severity: 0
Customization: <None>

This check scans your target URL database tables to find tables which do not have an associated index.

PrimaryKeyOnCreateTable

Scope: changelog, database
Enabled: true
Severity: 0
Customize: OBJECT_TYPES = null
EXCEPTIONS_LIST =
CASE_SENSITIVE = true

This check warns when a create table action doesn't also include a primary key.

Quality Check Type: Changelog Best Practices

Name Syntax Description
RollbackRequired

Scope: changelog
Enabled: true
Severity: 0
Customization: <None>

This check triggers when a changeset does not have a rollback defined.

ChangesetLabelCheck

Scope: changelog
Enabled: true
Severity: 0
Customization: <None>

This check enforces the Liquibase recommendation that labels be assigned to each changeset to provide better deployment control and to enhance traceability of efforts across changesets.

ChangesetContextCheck

Scope: changelog
Enabled: true
Severity: 0
Customization: <None>

This check enforces the Liquibase recommendation that contexts be assigned to each changeset to provide better deployment control and to enhance traceability of efforts across changesets.

ChangesetCommentCheck Scope: changelog
Enabled: true
Severity: 0
Customization: <None>
This check enforces the Liquibase recommendation that comments be added to each changeset to document the purpose of a changeset for other/future consumers of this changelog.
TableCommentCheck

Scope: database
Enabled: true
Severity: 0
Customize: <None>

This database check flags any table which does not have a comment. (Note: This is not a check for a Liquibase changelog comment.)
TableCommentPatternCheck Scope: changelog, database
Enabled: true
Severity: 0
Customize: OPERATOR = CONTAINS
SEARCH_STRING = null
MESSAGE = A match for regular expression <SEARCH_STRING> was detected in <IDENTIFIER>.
This check triggers when specific user-supplied patterns are found in Table Comments.
RequireChangesetIDisUUID Scope: changelog
Enabled: true
Severity: 0
Customization: <None>
Alerts when a changeset ID does not follow the 8-4-4-4-12 pattern of UUID or GUID.

Tip: For best results, specify all commands and parameters in the --kebab-case format in the CLI. If your preference is camelCase, it also works in the CLI.