Bytebase
An open-source database CI/CD and DevSecOps platform — schema migration review, GitOps-driven changes, data masking, and access control across MySQL, PostgreSQL, Oracle, Snowflake, MongoDB, and more.
Bytebase is a database CI/CD tool, listed in the CNCF Landscape as the only project in that category, built to bring software-engineering-style review and automation to database schema changes. Rather than running ad hoc migration scripts, teams propose schema changes through a review workflow with approvals, similar to a pull request, before Bytebase applies them across environments.
It supports a wide range of database engines out of the box — MySQL, PostgreSQL, Oracle, SQL Server, Snowflake, MongoDB, TiDB, and more — and integrates with GitOps workflows so schema migrations can live alongside application code in version control. Security-oriented features include data masking, privileged access management (PAM/JIT access), and audit logging for compliance-driven environments.
The project uses an open-core license: code in directories containing “enterprise” (and any code controlling feature/permission/role/plan enablement) is under a separate Enterprise license requiring a paid subscription for production use, while everything else is MIT. The free self-hosted Community tier covers up to 20 users and 10 database instances with basic change management; SSO, audit logs, approval workflows, data masking, and high availability are reserved for paid Pro and Enterprise tiers.
What You Get
- A schema-change review and approval workflow modeled on pull requests, instead of running migrations ad hoc
- Broad database engine support: MySQL, PostgreSQL, Oracle, SQL Server, Snowflake, MongoDB, TiDB, and more
- GitOps integration so schema migrations live in version control alongside application code
- A free Community tier for up to 20 users and 10 database instances with basic change management
Common Use Cases
- Enforcing a review-and-approval process for database schema changes instead of letting anyone run migrations directly
- Standardizing schema change management across a polyglot database environment (MySQL, Postgres, Oracle, Snowflake, etc.) with one tool
- Integrating database migrations into an existing GitOps pipeline alongside application deployments
- Adding data masking and access controls to sensitive production databases for compliance requirements
Under The Hood
Architecture
Bytebase is split into a Go backend and a separate frontend, with proto defining the API contract between them and a dedicated backend/enterprise directory isolating license-gated logic (SSO, audit logs, approval workflows, data masking) from the MIT-licensed core. This directory-level separation is deliberate: it lets the open-source build compile and run without enterprise features rather than shipping them disabled behind a flag, and makes the license boundary auditable by inspecting which directories a change touches.
Tech Stack Go for the backend, a separate frontend web application, distributed via Docker, Helm charts for Kubernetes deployment, and packaged for Artifact Hub. Database engine support spans relational (MySQL, PostgreSQL, Oracle, SQL Server, TiDB), cloud data warehouses (Snowflake), and document databases (MongoDB) through a common migration/review abstraction.
Code Quality The project reports a Go Report Card grade and is listed in the CNCF Landscape, both signals of external code-quality scrutiny; combined with very active commit history and consistent maintenance, it reflects a mature, production-oriented codebase rather than an early-stage tool.
What Makes It Unique Most schema-migration tools (Flyway, Liquibase) are libraries you invoke from a build pipeline; Bytebase instead is a standalone platform with its own review UI, approval workflow, and multi-engine support, treating database changes as a first-class reviewable artifact rather than a script executed as a build step.
Self-Hosting
Licensing Model Open-core: code in directories containing “enterprise” in their name, and any code controlling feature/permission/role/plan enablement, is licensed under a separate Bytebase Enterprise license requiring a valid paid subscription for production use. Everything else is MIT.
Self-Hosting Restrictions The free Community tier is capped at 20 users and 10 database instances, with only basic change management, a web SQL editor, and built-in IAM — no SSO, audit logs, approval workflows, data masking, or high availability.
Enterprise Features Pro ($20/user/month) adds SSO (Google/GitHub), user groups, 7-day audit log retention, and batch queries. Enterprise adds advanced SSO/OIDC/LDAP, unlimited audit log retention, custom approval workflows, dynamic data masking, JIT access, database groups, high availability, and custom branding.
Cloud vs Self-Hosted Bytebase can be self-hosted or used via Bytebase’s hosted cloud; the tier/feature boundaries apply the same way in either deployment mode.
License Key Required Yes, for Pro/Enterprise features in production — the Enterprise license itself requires a valid Bytebase subscription.
Related Apps
Netdata
Monitoring · Devops
Real-time per-second metrics, ML-powered anomaly detection, and zero-config observability for any infrastructure.
Netdata
GPL 3.0Caddy
Devops · Security
The only web server that obtains and renews TLS certificates automatically, with HTTP/1-2-3 support and zero dependency on external runtimes.
Caddy
Apache 2.0Docker (Moby)
Devops · Developer Tools
The open-source container engine at the heart of Docker — a modular toolkit of runtime, build, and networking components for assembling container-based systems.