Quality Checks
Note: This is a Liquibase Pro command, so you need a Liquibase Pro License Key to use it.
Liquibase quality checks allow you to analyze your changelogs, changesets, and SQL for specific commands and patterns that require close review early in the development life cycle. It can also be integrated into your build and deployment automation to prevent non-compliant changes from entering the pipeline.
Quality checks help you customize the types of checks to fit the needs of your organization and let you do the following:
- Better secure your database by getting immediate notice that user and role privileges are being modified.
- Prevent data loss and corruption.
- Enforce internal standards and best practices to ensure that only high-quality, compliant changes are added to your projects.
- Quickly, consistently, and easily validate your changes from the local development environments.
- Integrate checks into automated workflows to provide quality gates for database changes in automation.
Quality checks have been tested for Oracle, SQL Server, PostgreSQL, MySQL, and MariaDB, but may be compatible with any relational database supported by Liquibase.
Quality checks include static and dynamic checks, the checks command with sub commands, and the checks settings file that includes defined configurations and parameters. All checks work in the command line and in automation, which is interactive and allows the configuration of dynamic checks.
Quality checks are run via Quality Checks Subcommands, which have both required and optional Quality Checks Command Arguments which can customize your checks even further. An example command is formatted like so:
liquibase checks sub command --check-name=<checkShortname>
It is important to note that command arguments must be placed after the specified quality check.
To use quality checks, refer to the following pages:
- Get Started with the checks Command
- List of Quality Checks
- Use the Checks Settings Configuration File
- Use Quality Checks in Automation: Severity and Exit Code
- Quality Checks
- Maven checks.show
- Maven checks.run
Quality Check Type: Permissions
| Name | Scope | Description |
|---|---|---|
SqlGrantAdminWarn
|
Scope: changelog |
This check warns a user when SQL contains 'GRANT' statements that include the 'WITH ADMIN OPTION' clause so that they can ensure that the privilege being granted won't lead to security issues. |
SqlGrantWarn
|
Scope: changelog |
This check warns a user when SQL contains 'GRANT' statements so that they can ensure that the privilege being granted won't lead to security issues. |
SqlGrantSpecificPrivsWarn
|
Scope: changelog |
The changelog file against which you execute checks when running |
SqlGrantOptionWarn
|
Scope: changelog Enabled: true Severity: 0 Customization: <None> |
This check warns a user when SQL contains 'GRANT' statements that include the 'WITH GRANT OPTION' clause so that they can ensure the privilege being granted won't lead to security issues. |
SqlRevokeWarn
|
Scope: changelog Enabled: true Severity: 0 Customization: <None> |
This check warns a user when SQL contains 'REVOKE' statements so that they can ensure that the privilege being revoked won't lead to data access and dependency issues. |
WarnOnUseDatabase
|
Scope: changelog Enabled: true Severity: 0 Customization: <None> |
This check warns a user when generated or raw SQL contains 'USE DATABASE' directive. |
Quality Check Type: Data Structure Changes
| Name | Syntax | Description |
|---|---|---|
ChangeDropTableWarn
|
Scope: changelog |
This check warns a user when a table is being dropped so that they can ensure that dropping the table won't lead to unintentional loss of data. |
ChangeDropColumnWarn
|
Scope: changelog |
This check warns a user when a column is being dropped so that they can ensure that dropping the column won't lead to unintentional loss of data. |
ModifyDataTypeWarn
|
Scope: changelog |
This check warns a user when a change will result in modification oof a data type so they can ensure that modifying the data type won't lead to unintentional loss of data. |
ChangeTruncateTableWarn
|
Scope: changelog Enabled: true Severity: 0 Customization: <None> |
This check warns a user when a table is being truncated so that they can ensure that truncating the table won't lead to unintentional loss of data. |
DetectChangeType
|
Scope: changelog Enabled: true Severity: 0 Customization: <None> |
This check warns a user when a ChangeSet includes a ChangeType listed by the user as forbidden. |
Quality Check Type: Database Best Practices
| Name | Syntax | Description |
|---|---|---|
ConstraintMustExist
|
Scope: database |
Check for and alert when specified table does not contain the required constraint(s). |
SqlUserDefinedPatternCheck
|
Scope: changelog Severity:0 |
This check scans SQL for the presence of specific patterns and warns the user when they are found. |
ObjectNameMustMatch
|
Scope: changelog, database |
This check confirms the listed object names conform to the supplied pattern. |
ObjectNameMustNotMatch
|
Scope: changelog, database Enabled: true Severity: 0 Customize: OPERATOR = STARTS_WITH SEARCH_STRING = null OBJECT_TYPES = null CASE_SENSITIVE = true |
This check confirms the listed object names conform to the supplied pattern. |
TableColumnLimit
|
Scope: changelog, database Enabled: true Severity: 0 Customize: MAX_COLUMNS = 50 |
Ensures that no table has more than a threshold number of columns. |
Quality Check Type: DB-specific Reserved Keywords
| Name | Syntax | Description |
|---|---|---|
OracleReservedKeywords
|
Scope: changelog, database |
Disallow Oracle reserved keywords from being used in database object names. See https://docs.oracle.com/cd/B19306_01/em.102/b40103/app_oracle_reserved_words.htm for complete list of keywords. |
SQLServerReservedKeywords
|
Scope: changelog, database |
Disallow SQL Server reserved keywords from being used in database object names. See https://docs.microsoft.com/en-us/sql/t-sql/language-elements/reserved-keywords-transact-sql?view=sql-server-ver16 for complete list of keywords. |
SQLServerFutureReservedKeywords
|
Scope: changelog, database |
Disallow SQL Server's future reserved keywords from being used in database object names. See https://docs.microsoft.com/en-us/sql/t-sql/language-elements/reserved-keywords-transact-sql?view=sql-server-ver16 for complete list of keywords. |
PostgresReservedKeywords
|
Scope: changelog, database |
Disallow Postgres reserved keywords from being used in database object names. See https://www.postgresql.org/docs/14/sql-keywords-appendix.html for complete list of keywords. |
SQLServerODBCReservedKeywords
|
Scope: changelog, database |
Disallow SQL Server's ODBC reserved keywords from being used in database object names. See https://docs.microsoft.com/en-us/sql/t-sql/language-elements/reserved-keywords-transact-sql?view=sql-server-ver16 for complete list of keywords. |
PostgresNonReservedKeywords
|
Scope: changelog, database |
Disallow Postgres non-reserved keywords from being used in database object names. See https://www.postgresql.org/docs/14/sql-keywords-appendix.html for complete list of keywords. |
Quality Check Type: Performance
| Name | Syntax | Description |
|---|---|---|
SqlSelectStarWarn
|
Scope: changelog |
This check warns a user when generated or raw SQL contains 'SELECT *' statements so that they can ensure selecting all fields from a table in a query is safe and necessary. |
CheckTablesForIndex
|
Scope: changelog |
This check scans your target URL database tables to find tables which do not have an associated index. |
PrimaryKeyOnCreateTable
|
Scope: changelog, database |
This check warns when a create table action doesn't also include a primary key. |
Quality Check Type: Changelog Best Practices
| Name | Syntax | Description |
|---|---|---|
RollbackRequired
|
Scope: changelog |
This check triggers when a changeset does not have a rollback defined. |
ChangesetLabelCheck
|
Scope: changelog |
This check enforces the Liquibase recommendation that labels be assigned to each changeset to provide better deployment control and to enhance traceability of efforts across changesets. |
ChangesetContextCheck
|
Scope: changelog |
This check enforces the Liquibase recommendation that contexts be assigned to each changeset to provide better deployment control and to enhance traceability of efforts across changesets. |
ChangesetCommentCheck
|
Scope: changelog Enabled: true Severity: 0 Customization: <None> |
This check enforces the Liquibase recommendation that comments be added to each changeset to document the purpose of a changeset for other/future consumers of this changelog. |
TableCommentCheck
|
Scope: database |
This database check flags any table which does not have a comment. (Note: This is not a check for a Liquibase changelog comment.) |
TableCommentPatternCheck
|
Scope: changelog, database Enabled: true Severity: 0 Customize: OPERATOR = CONTAINS SEARCH_STRING = null MESSAGE = A match for regular expression <SEARCH_STRING> was detected in <IDENTIFIER>. |
This check triggers when specific user-supplied patterns are found in Table Comments. |
RequireChangesetIDisUUID
|
Scope: changelog Enabled: true Severity: 0 Customization: <None> |
Alerts when a changeset ID does not follow the 8-4-4-4-12 pattern of UUID or GUID. |
Tip: For best results, specify all commands and parameters in the --kebab-case format in the CLI. If your preference is camelCase, it also works in the CLI.