Deterministic SQL validation for CI.
SqlGuard is a commercial, non-SaaS CLI tool that validates SQL Server behavior in your CI pipeline — focused on correctness, security, and regression prevention.
Everything public lives in the sqlguard repository: documentation, examples, and release binaries.
How SqlGuard works
SqlGuard turns a declarative YAML spec into deterministic CI pass/fail results for SQL behavior.
Describe what must remain true about your database behavior (shape, invariants, permissions).
# sqlguard.yaml (excerpt)
suites:
- name: Orders schema
connection: main
checks:
- type: queryContract
sql: SELECT * FROM OrdersAdd SqlGuard as a step in your CI workflow. Output is deterministic and machine-readable.
# .github/workflows/ci.yml
- name: SqlGuard validation
run: |
sqlguard validate-spec --spec sqlguard.yaml
sqlguard run --spec sqlguard.yaml --out report.jsonYour CI treats it like tests. Exit codes follow standard conventions (0 = pass, non-zero = fail).
✔ Orders schema
✔ queryContract: Orders columns unchanged
Test Suites: 1 passed, 0 failed
Exit code: 0Designed for platform and backend teams
Correctness
- Catch unintended behavior changes early
- Deterministic results for CI
Security
- Permission regression checks
- No secrets in output (redaction)
Pragmatic
- No SaaS, no agents, no dashboards
- Public docs + private implementation
What SqlGuard is (and isn’t)
It is
- A deterministic CI gate for SQL Server / Azure SQL changes
- Designed for CI pipelines (GitHub Actions, Azure DevOps, Jenkins)
- Focused on correctness, security checks, and regression prevention
It isn’t
- A hosted SaaS service
- A dashboard or monitoring/observability agent
- A general-purpose query runner or ORM migration tool
Contact
Commercial and security contact channels for SqlGuard.
Vulnerabilities: please email security@sqlguard.dev instead of opening public issues.