{"id":15111482,"url":"https://github.com/aprimetechnology/derisk-sql","last_synced_at":"2025-10-23T04:31:22.401Z","repository":{"id":252981458,"uuid":"839387527","full_name":"aprimetechnology/derisk-sql","owner":"aprimetechnology","description":"Remove unexpected risks from your SQL migrations","archived":false,"fork":false,"pushed_at":"2024-08-16T18:45:51.000Z","size":325,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":9,"default_branch":"main","last_synced_at":"2025-01-30T17:27:04.670Z","etag":null,"topics":["ci","databases","postgres","postgresql"],"latest_commit_sha":null,"homepage":"https://www.aprime.io/","language":"Go","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aprimetechnology.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-08-07T14:02:28.000Z","updated_at":"2024-08-31T07:39:49.000Z","dependencies_parsed_at":"2024-08-13T20:29:29.774Z","dependency_job_id":"f8a692cf-d889-45cd-9da3-1de10f0cfe22","html_url":"https://github.com/aprimetechnology/derisk-sql","commit_stats":null,"previous_names":["aprimetechnology/derisk-sql"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aprimetechnology%2Fderisk-sql","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aprimetechnology%2Fderisk-sql/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aprimetechnology%2Fderisk-sql/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aprimetechnology%2Fderisk-sql/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aprimetechnology","download_url":"https://codeload.github.com/aprimetechnology/derisk-sql/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":237780143,"owners_count":19365133,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ci","databases","postgres","postgresql"],"created_at":"2024-09-26T00:20:27.016Z","updated_at":"2025-10-23T04:31:21.998Z","avatar_url":"https://github.com/aprimetechnology.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# derisk-sql\n## :rocket: Remove unexpected risks from your SQL migrations :rocket:\nderisk-sql is a extensibility-first SQL linting tool to prevent mistakes from sneaking into your SQL migration files.\n\nThis includes SQL linting rules (aka `analyzer`s) like:\n- requiring keywords like `CONCURRENTLY` for `INDEX` operations to improve performance\n- re-organizing table definition statements to optimize table storage usage\n- requiring specific reviewers on pull requests for high throughput / sufficiently large tables\n- enforcing naming conventions\n- etc.\n\n\u003c!-- START doctoc generated TOC please keep comment here to allow auto update --\u003e\n\u003c!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE --\u003e\n**Table of Contents**\n\n- [Installation](#installation)\n- [Usage](#usage)\n  - [Picking analyzers](#picking-analyzers)\n  - [Config files](#config-files)\n- [Extensibility](#extensibility)\n  - [Examples](#examples)\n  - [Demo: extending a custom analyzer](#demo-extending-a-custom-analyzer)\n    - [Sample input/output](#sample-inputoutput)\n    - [Analyzer: warning.sh](#analyzer-warningsh)\n    - [Analyzer: forbid-drop-table.sh](#analyzer-forbid-drop-tablesh)\n  - [Ta-da!](#ta-da)\n- [Limitations](#limitations)\n- [Github Workflow](#github-workflow)\n- [Feature requests](#feature-requests)\n- [Collaboration](#collaboration)\n\n\u003c!-- END doctoc generated TOC please keep comment here to allow auto update --\u003e\n\n# Installation\n```\n$ go install github.com/aprimetechnology/derisk-sql/...\n```\n\n# Usage\n```\n# --migrations-dir can be set explicitly, and defaults to ‘./migrations’\n$ derisk-sql check run\n```\n\n## Picking analyzers\nBy default, all analyzers (defined in [./analyzers](./analyzers)) are run.\n\nTo specify a subset, or your own, or a mix of both, provide the paths to all those analyzers like so:\n```\n$ derisk-sql check run --analyzers ./my-binary /home/user/some-other-binary ...\n```\n## Config files\nAlternatively, a config file can be specified in the current directory for all CLI options.\n\nThe config file must be named `settings`, with any file extension (`.json`, `.yaml`, `.toml`, etc) supported by [viper](https://github.com/spf13/viper/blob/v1.19.0/viper.go#L422).\n\n# Extensibility\nWant to extend the tool with your own custom functionality?\n\nThis tool was designed with end-user extensibility as a first-class concept.\n\n## Examples\nNext, this README will step through some examples in [./examples/extensibility](./examples/extensibility)\n\n## Demo: extending a custom analyzer\nEvery SQL linting rule (aka **analyzer**) is implemented as:\n- a subprocess that the tool spawns\n- that receives a JSON blob to its process stdin\n- that produces a JSON blob to its process stdout\n\nThat means you can extend this tool with **any language, library, binary, etc**!!\n\n### Sample input/output\nHere's what some sample input JSON and sample output JSON look like:\n\n![](./examples/gifs/input-output.gif)\n\n### Analyzer: warning.sh\nHere follows an example of a dummy bash script analyzer that always outputs a warning.\n\n![](./examples/gifs/warning-sh.gif)\n\n### Analyzer: forbid-drop-table.sh\nLet's see another bash script example, but that does something more meaningful.\nIe, a script that just greps for the string `DROP TABLE`\n\n![](./examples/gifs/forbid-drop-table-sh.gif)\n\n## Ta-da!\nThat's it!\n\nYou can extend functionality with a shell script, with Python, with Golang, with Java, whatever you'd like.\n\nIt only has to take in JSON of the expected schema, and produce JSON of the expected schema.\n\n# Limitations\nCurrently, derisk-sql only supports:\n- the following migration management tools:\n    - dbmate\n- the following database systems:\n    - postgres\n- the following Version Control Systems (VCS)\n    - github\n\n# Github Workflow\nWant to add this tool to your pull requests?\n\nAdd our [example workflow](./examples/workflows/derisk-sql-ci.yml) to your repo's `.github/workflows/` directory:\n```\nname: derisk-sql-CI\non:\n  pull_request:\n    branches:\n    - main\njobs:\n  derisk-sql:\n    runs-on: ubuntu-latest\n    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.\n    permissions:\n        # permission to actions/checkout the contents of this PR branch\n        contents: write\n        # permission to pull the derisk-sql docker image from the GitHub Container Registry\n        packages: read\n        # permission to post comments on the PR\n        pull-requests: write\n    container:\n      image: ghcr.io/aprimetechnology/derisk-sql\n    steps:\n      - name: Checkout the contents of this repo\n        uses: actions/checkout@v4\n      - name: produce derisk-sql reports\n        run: derisk-sql check run\n      - name: process derisk-sql reports\n        if: always()\n        env:\n          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n          GITHUB_PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number }}\n          # GITHUB_REPOSITORY is \u003cowner\u003e/\u003crepo\u003e, this will be just \u003crepo\u003e\n          GITHUB_REPOSITORY_NAME: ${{ github.event.repository.name }}\n          # GITHUB_REPOSITORY_OWNER is set here automatically\n        run: derisk-sql check ci\n```\n\n# Feature requests\nWe are very happy to take any and all feature requests!\n\nIn fact, this tool's very existence came out of a request from our end users.\n\nWe do value your input, and want to make this tool as streamlined and useful as possible.\n\n# Collaboration\nIf you find yourself wanting a feature request with private support, we can help!\n\n[APrime](https://www.aprime.com/) operates with venture-backed startups and provides flexible engagement models: ranging from flex capacity and fractional leadership to fully embedding our team at your company.\n\nWe are passionate about innovating, love solving tough problems, shipping products and code, and being able to see the tremendous impact on both our client companies and their end users. If you are looking to sustain growth and continue moving quickly as you scale, [schedule a call](https://www.aprime.com/contact/#contact-form) with our founders today to explore how we can help you achieve your goals.\n\n[\u003cimg src=\"https://www.aprime.io/wp-content/uploads/2023/08/Aprime_logo@0.5x-1.png\" width=225/\u003e](https://www.aprime.com/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faprimetechnology%2Fderisk-sql","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faprimetechnology%2Fderisk-sql","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faprimetechnology%2Fderisk-sql/lists"}