Apache-2.0 data orchestration platform for building, testing, deploying, observing, and automating data assets, jobs, schedules, sensors, and pipelines.
by Dagster Labs · submitted by oktofeesh1·added 2026-06-04·
Dagster runs user-defined Python code and can orchestrate writes to databases, warehouses, object stores, ML systems, and external APIs, so resources and credentials should be scoped before production runs., Schedules, sensors, automation policies, backfills, retries, and run queues can trigger repeated or large-scale work; teams should test concurrency, idempotency, cancellation, and rollback behavior., Asset checks and lineage improve visibility but do not replace data-quality review, access controls, schema contracts, incident response, or manual approval for high-risk production changes., Self-hosted Dagster OSS deployments need explicit network, auth, TLS, database, object storage, secret-management, backup, upgrade, and log-retention controls., Dagster+ Serverless documentation says serverless deployments require direct access to data, secrets, and source code; teams should review whether that deployment model fits their compliance needs., Dagster+ Serverless documentation warns that the default I/O manager can store sensitive data in Dagster+ managed storage for PII, PHI, BAA, GDPR, or similar regulated workloads unless another I/O manager or code pattern is used.
Privacy notes
Dagster workflows can process asset names, job names, resource config, run config, schedules, sensors, partitions, logs, errors, materialization metadata, checks, lineage, secrets, and external-system identifiers., Compute logs, event logs, metadata databases, object stores, I/O manager outputs, code locations, deployment images, and Dagster+ services may retain sensitive operational or data-product information depending on configuration., The official telemetry docs say Dagster collects frontend and backend usage statistics, does not collect pipeline data, and does not collect identifiable information about definition names such as assets, ops, or jobs., Backend telemetry collection is logged under `$DAGSTER_HOME/logs/` when configured, or `~/.dagster/logs/` otherwise, and can be disabled in `dagster.yaml` by setting `telemetry.enabled` to false., Dagster+ Serverless can involve Dagster-managed storage, per-customer registries, container images, secrets, source code, logs, and managed services; deployment teams should review product terms and data-handling requirements.
Author
Dagster Labs
Submitted by
oktofeesh1
Claim status
unclaimed
Last verified
2026-06-04
Decision playbook
Review trust signals before you adopt
Signals are present but mixed. Use the checklist below to confirm the source and operational safety for your environment.
Compare context
Selected
0
Current score
78
Baseline
—
Delta
No baseline selected
No major trust-signal divergence detected in the current selection.
Source and provenance checks
Complete
Confirm ownership and provenance before trusting install instructions.
Source link availableRequired
Open the canonical repository and verify ownership.
Done
Source provenance statusRequired
Marked as source-backed.
Done
Metadata reviewed
Registry metadata indicates a reviewed listing.
Done
Safety and privacy checks
Complete
Validate risk disclosures before installation or API wiring.
Safety notes presentRequired
Review the listed safety guidance before running commands.
Done
Privacy notes presentRequired
Review data handling notes before connecting accounts or secrets.
Done
Trust level risk gateRequired
Trust level does not block evaluation.
Done
Package and install checks
Needs review
Check package metadata and artifact integrity signals.
Install payload available
Install or copy payload is available for review.
Done
Package verification flag
No package verification flag provided.
Pending
Checksum metadata
No checksum provided for downloaded artifact.
Pending
Compare-driven decision checks
Needs review
Use compare context to validate trade-offs before adoption.
Compare tray has multiple entries
Add at least one more entry to compare trust differences.
6 safety and 5 privacy notes across 5 risk areas. Review closely: credentials & tokens, permissions & scopes.
5 areas
SafetyCredentials & tokensDagster runs user-defined Python code and can orchestrate writes to databases, warehouses, object stores, ML systems, and external APIs, so resources and credentials should be scoped before production runs.
SafetyExecution & processesSchedules, sensors, automation policies, backfills, retries, and run queues can trigger repeated or large-scale work; teams should test concurrency, idempotency, cancellation, and rollback behavior.
SafetyPermissions & scopesAsset checks and lineage improve visibility but do not replace data-quality review, access controls, schema contracts, incident response, or manual approval for high-risk production changes.
SafetyCredentials & tokensSelf-hosted Dagster OSS deployments need explicit network, auth, TLS, database, object storage, secret-management, backup, upgrade, and log-retention controls.
SafetyCredentials & tokensDagster+ Serverless documentation says serverless deployments require direct access to data, secrets, and source code; teams should review whether that deployment model fits their compliance needs.
SafetyData retentionDagster+ Serverless documentation warns that the default I/O manager can store sensitive data in Dagster+ managed storage for PII, PHI, BAA, GDPR, or similar regulated workloads unless another I/O manager or code pattern is used.
PrivacyCredentials & tokensDagster workflows can process asset names, job names, resource config, run config, schedules, sensors, partitions, logs, errors, materialization metadata, checks, lineage, secrets, and external-system identifiers.
PrivacyData retentionCompute logs, event logs, metadata databases, object stores, I/O manager outputs, code locations, deployment images, and Dagster+ services may retain sensitive operational or data-product information depending on configuration.
PrivacyTelemetryThe official telemetry docs say Dagster collects frontend and backend usage statistics, does not collect pipeline data, and does not collect identifiable information about definition names such as assets, ops, or jobs.
PrivacyData retentionBackend telemetry collection is logged under `$DAGSTER_HOME/logs/` when configured, or `~/.dagster/logs/` otherwise, and can be disabled in `dagster.yaml` by setting `telemetry.enabled` to false.
PrivacyCredentials & tokensDagster+ Serverless can involve Dagster-managed storage, per-customer registries, container images, secrets, source code, logs, and managed services; deployment teams should review product terms and data-handling requirements.
Disclosure: editorial
Safety notes
Dagster runs user-defined Python code and can orchestrate writes to databases, warehouses, object stores, ML systems, and external APIs, so resources and credentials should be scoped before production runs.
Schedules, sensors, automation policies, backfills, retries, and run queues can trigger repeated or large-scale work; teams should test concurrency, idempotency, cancellation, and rollback behavior.
Asset checks and lineage improve visibility but do not replace data-quality review, access controls, schema contracts, incident response, or manual approval for high-risk production changes.
Self-hosted Dagster OSS deployments need explicit network, auth, TLS, database, object storage, secret-management, backup, upgrade, and log-retention controls.
Dagster+ Serverless documentation says serverless deployments require direct access to data, secrets, and source code; teams should review whether that deployment model fits their compliance needs.
Dagster+ Serverless documentation warns that the default I/O manager can store sensitive data in Dagster+ managed storage for PII, PHI, BAA, GDPR, or similar regulated workloads unless another I/O manager or code pattern is used.
Privacy notes
Dagster workflows can process asset names, job names, resource config, run config, schedules, sensors, partitions, logs, errors, materialization metadata, checks, lineage, secrets, and external-system identifiers.
Compute logs, event logs, metadata databases, object stores, I/O manager outputs, code locations, deployment images, and Dagster+ services may retain sensitive operational or data-product information depending on configuration.
The official telemetry docs say Dagster collects frontend and backend usage statistics, does not collect pipeline data, and does not collect identifiable information about definition names such as assets, ops, or jobs.
Backend telemetry collection is logged under `$DAGSTER_HOME/logs/` when configured, or `~/.dagster/logs/` otherwise, and can be disabled in `dagster.yaml` by setting `telemetry.enabled` to false.
Dagster+ Serverless can involve Dagster-managed storage, per-customer registries, container images, secrets, source code, logs, and managed services; deployment teams should review product terms and data-handling requirements.
Prerequisites
Python 3.9 through Python 3.14, an isolated project environment, and selected Dagster packages such as `dagster`, `dagster-webserver`, and `dagster-dg-cli`.
Data asset model for assets, resources, dependencies, asset checks, jobs, schedules, sensors, partitions, backfills, I/O managers, and external systems.
Deployment decision between local development, self-hosted Dagster OSS, Dagster+ Serverless, or Dagster+ Hybrid, with infrastructure ownership and support boundaries defined.
Operational plan for the Dagster webserver, daemon, run launchers, executors, queues, compute logs, metadata database, storage, secrets, environment variables, and backups.
Governance plan for telemetry settings, sensitive asset metadata, logs, run config, materialization metadata, code locations, user access, and production data writes.
## Editorial notes
Dagster is useful when Claude-adjacent teams need a production-grade way to turn data and AI workflows into observable assets, scheduled jobs, data-quality checks, lineage graphs, backfills, and repeatable deployment units. It is a good fit for model-evaluation pipelines, embedding refreshes, warehouse transformations, report generation, analytics assets, and ML-adjacent data products that need testing, visibility, and operational discipline.
This is distinct from Ray. Ray is a distributed AI compute engine for scaling Python tasks, actors, training, data processing, and serving across compute clusters. Dagster is the orchestration and control-plane layer for data assets, schedules, sensors, checks, metadata, lineage, run history, and production workflow operations. It is also distinct from Dagster's own docs AI-skill material; this entry lists the Dagster platform itself.
## Source notes
- The official repository describes Dagster as an orchestration platform for the development, production, and observation of data assets.
- The official README describes Dagster as a cloud-native data pipeline orchestrator for the whole development lifecycle with integrated lineage, observability, a declarative programming model, and testability.
- The README says Dagster is designed for developing and maintaining data assets such as tables, datasets, machine learning models, and reports.
- The README shows assets declared as Python functions and says Dagster helps run those functions at the right time and keep assets up to date.
- The README says Dagster is built for local development, unit tests, integration tests, staging environments, and production.
- The README says Dagster is available on PyPI, officially supports Python 3.9 through Python 3.14, and shows `uv add dagster dagster-webserver dagster-dg-cli`.
- The official docs describe Dagster as a data orchestrator built for data engineers with lineage, observability, declarative programming, and testability.
- The deployment docs distinguish Dagster+ managed deployments from self-hosted Dagster OSS deployments.
- The telemetry docs describe frontend and backend usage-stat collection, state that pipeline data and identifiable definition names are not collected, and document the `telemetry.enabled: false` opt-out.
- The Dagster+ Serverless security docs say serverless deployments require direct access to data, secrets, and source code, and warn about managed-storage behavior for sensitive data when using the default I/O manager.
- The repository is `dagster-io/dagster`, is Apache-2.0 licensed, and is active.
## Duplicate check
Checked current `content/tools/`, `content/mcp/`, agents, hooks, rules, skills, commands, guides, open pull requests, live issue state, and repository-wide content for `Dagster`, `dagster-io/dagster`, `docs.dagster.io`, `dagster.io`, `Dagster OSS`, `Dagster+`, `data assets`, and `asset lineage`. No dedicated Dagster tools entry, source URL duplicate, target file, issue duplicate, or open duplicate PR was found.
## Disclosure
Editorial listing. No paid placement or affiliate link is used. Dagster is Apache-2.0 open-source software; Dagster+, cloud infrastructure, databases, warehouses, storage systems, compute platforms, observability services, and downstream integrations may have separate licenses, billing, terms, privacy obligations, and access controls.
About this resource
Editorial notes
Dagster is useful when Claude-adjacent teams need a production-grade way to turn data and AI workflows into observable assets, scheduled jobs, data-quality checks, lineage graphs, backfills, and repeatable deployment units. It is a good fit for model-evaluation pipelines, embedding refreshes, warehouse transformations, report generation, analytics assets, and ML-adjacent data products that need testing, visibility, and operational discipline.
This is distinct from Ray. Ray is a distributed AI compute engine for scaling Python tasks, actors, training, data processing, and serving across compute clusters. Dagster is the orchestration and control-plane layer for data assets, schedules, sensors, checks, metadata, lineage, run history, and production workflow operations. It is also distinct from Dagster's own docs AI-skill material; this entry lists the Dagster platform itself.
Source notes
The official repository describes Dagster as an orchestration platform for the development, production, and observation of data assets.
The official README describes Dagster as a cloud-native data pipeline orchestrator for the whole development lifecycle with integrated lineage, observability, a declarative programming model, and testability.
The README says Dagster is designed for developing and maintaining data assets such as tables, datasets, machine learning models, and reports.
The README shows assets declared as Python functions and says Dagster helps run those functions at the right time and keep assets up to date.
The README says Dagster is built for local development, unit tests, integration tests, staging environments, and production.
The README says Dagster is available on PyPI, officially supports Python 3.9 through Python 3.14, and shows uv add dagster dagster-webserver dagster-dg-cli.
The official docs describe Dagster as a data orchestrator built for data engineers with lineage, observability, declarative programming, and testability.
The deployment docs distinguish Dagster+ managed deployments from self-hosted Dagster OSS deployments.
The telemetry docs describe frontend and backend usage-stat collection, state that pipeline data and identifiable definition names are not collected, and document the telemetry.enabled: false opt-out.
The Dagster+ Serverless security docs say serverless deployments require direct access to data, secrets, and source code, and warn about managed-storage behavior for sensitive data when using the default I/O manager.
The repository is dagster-io/dagster, is Apache-2.0 licensed, and is active.
Duplicate check
Checked current content/tools/, content/mcp/, agents, hooks, rules, skills, commands, guides, open pull requests, live issue state, and repository-wide content for Dagster, dagster-io/dagster, docs.dagster.io, dagster.io, Dagster OSS, Dagster+, data assets, and asset lineage. No dedicated Dagster tools entry, source URL duplicate, target file, issue duplicate, or open duplicate PR was found.
Disclosure
Editorial listing. No paid placement or affiliate link is used. Dagster is Apache-2.0 open-source software; Dagster+, cloud infrastructure, databases, warehouses, storage systems, compute platforms, observability services, and downstream integrations may have separate licenses, billing, terms, privacy obligations, and access controls.
Apache-2.0 data orchestration platform for building, testing, deploying, observing, and automating data assets, jobs, schedules, sensors, and pipelines.
Apache-2.0 platform for programmatically authoring, scheduling, monitoring, and operating workflow DAGs across workers, executors, providers, and task logs.
Open-source ML and LLM observability framework for evaluating, testing, and monitoring data quality, drift, model behavior, and AI application outputs.
Apache-2.0 Python workflow orchestration framework for resilient data pipelines with flows, tasks, deployments, schedules, retries, caching, workers, work pools, and observability.
✓Dagster runs user-defined Python code and can orchestrate writes to databases, warehouses, object stores, ML systems, and external APIs, so resources and credentials should be scoped before production runs.
Schedules, sensors, automation policies, backfills, retries, and run queues can trigger repeated or large-scale work; teams should test concurrency, idempotency, cancellation, and rollback behavior.
Asset checks and lineage improve visibility but do not replace data-quality review, access controls, schema contracts, incident response, or manual approval for high-risk production changes.
Self-hosted Dagster OSS deployments need explicit network, auth, TLS, database, object storage, secret-management, backup, upgrade, and log-retention controls.
Dagster+ Serverless documentation says serverless deployments require direct access to data, secrets, and source code; teams should review whether that deployment model fits their compliance needs.
Dagster+ Serverless documentation warns that the default I/O manager can store sensitive data in Dagster+ managed storage for PII, PHI, BAA, GDPR, or similar regulated workloads unless another I/O manager or code pattern is used.
✓Airflow executes DAG author Python code on workers, the DAG processor, and the triggerer, and the official security model says that code is not verified or sandboxed by Airflow.
DAG authors, admins, connection-configuration users, and deployment managers can have powerful access to workers, credentials, metadata, API actions, and external systems, so roles should be granted conservatively.
Schedules, sensors, backfills, retries, and manually triggered DAG runs can repeat destructive work; production DAGs should be idempotent, tested, observable, and easy to pause or roll back.
The production docs say SQLite is for testing only and can cause production data loss; production Airflow needs an external database such as PostgreSQL or MySQL with backups and migration controls.
The README warns that a plain `pip install apache-airflow` can produce an unusable installation and recommends the official constraint-file workflow for repeatable installs.
Multi-node deployments need careful separation of DAG files, configuration, JWT signing keys, database credentials, Fernet keys, worker permissions, and task-log serving between components.
✓Evidently metrics and tests are decision support, not proof that a model, dataset, prompt, or LLM application is correct, fair, safe, or production-ready.
Drift, data quality, and LLM judge results can be noisy or context-dependent, so thresholds should be calibrated on representative data before blocking releases or triggering alerts.
Reports, test suites, and dashboards can influence deployment and incident workflows, so review generated conditions before wiring them into CI, monitoring, or agent-managed remediation.
Synthetic data generation, prompt optimization, LLM-as-judge evaluations, and provider-backed metrics can call configured model services and should be scoped for cost and data handling.
Self-hosted dashboards, local reports, and exported artifacts need normal access controls because they can become a shared source of operational decisions.
✓Prefect flows and tasks run arbitrary Python code and can query databases, mutate files, call APIs, launch subprocesses, provision infrastructure, and trigger downstream jobs, so workflows should be treated as trusted production code.
Retries, schedules, event triggers, deployment runs, backfills, and automations can repeat side effects unless tasks are idempotent and external writes are guarded.
Work pools and workers can start subprocesses, containers, Kubernetes jobs, or cloud jobs; base job templates, queue limits, worker permissions, and infrastructure credentials should be scoped tightly.
Flow and task timeouts help prevent unintentional long-running work, but teams still need resource limits, cancellation behavior, and cleanup policies for jobs that touch external systems.
Blocks can store credentials and typed configuration for external services; SecretStr fields are encrypted and hidden by default in the UI, but credentials still need rotation, least privilege, and environment separation.
Logging can capture custom logs, print statements, subprocess output, thread output, task parameters, and exception details; secrets and sensitive rows should not be printed or attached to artifacts.
Self-hosted Prefect servers should use authentication, reverse proxy controls, CSRF protection, CORS policy, and secure custom-header handling before being exposed beyond a trusted network.
Prefect Cloud, webhooks, automations, notifications, and external integrations can trigger or observe workflow activity and should be reviewed for permissions, rate limits, and incident response behavior.
Privacy notes
✓Dagster workflows can process asset names, job names, resource config, run config, schedules, sensors, partitions, logs, errors, materialization metadata, checks, lineage, secrets, and external-system identifiers.
Compute logs, event logs, metadata databases, object stores, I/O manager outputs, code locations, deployment images, and Dagster+ services may retain sensitive operational or data-product information depending on configuration.
The official telemetry docs say Dagster collects frontend and backend usage statistics, does not collect pipeline data, and does not collect identifiable information about definition names such as assets, ops, or jobs.
Backend telemetry collection is logged under `$DAGSTER_HOME/logs/` when configured, or `~/.dagster/logs/` otherwise, and can be disabled in `dagster.yaml` by setting `telemetry.enabled` to false.
Dagster+ Serverless can involve Dagster-managed storage, per-customer registries, container images, secrets, source code, logs, and managed services; deployment teams should review product terms and data-handling requirements.
✓Airflow can process DAG code, task parameters, run history, schedules, connections, variables, XCom values, rendered templates, logs, audit events, metadata database rows, and external-system identifiers.
XComs are stored for task communication and are intended for small values; large values or sensitive payloads should use an appropriate backend or external storage rather than the default metadata database path.
Task logs are stored locally under the configured Airflow home by default or in remote services such as S3, GCS, WASB, HDFS, Elasticsearch, CloudWatch, or other configured logging backends.
Airflow masks accessed connection passwords, sensitive variables, and selected extra fields in logs and UI views, but values passed through side channels such as XComs or environment variables may not be masked automatically.
The Airflow privacy notice says the website follows the Apache Software Foundation public privacy policy; deployed Airflow environments remain the operator's responsibility for data handling, retention, and access control.
✓Evidently can process dataset columns, feature values, predictions, labels, model metadata, prompts, retrieved context, responses, traces, evaluation scores, and custom metric outputs.
HTML, JSON, and Python dictionary reports can contain samples, column names, feature distributions, prompt text, generated answers, labels, or other sensitive operational data.
Evidently Platform and Cloud workflows add hosted storage, dashboards, dataset management, tracing, user management, and alerting that should be reviewed against team data-retention and access-control policies.
LLM-based evaluations may send prompts, responses, references, or scoring context to configured model providers unless a local evaluation path is used.
Local report files and dashboard exports should be kept out of public repositories and shared workspaces unless reviewed for sensitive data.
✓Prefect workflows can process flow parameters, task inputs and outputs, cached results, state history, run metadata, logs, artifacts, events, schedules, deployments, work-pool data, block documents, and infrastructure job variables.
Logs and captured print statements can disclose SQL queries, file paths, data samples, credentials, API responses, exception traces, and environment details if workflow code does not redact them.
Blocks, variables, settings, profiles, and environment variables can contain cloud credentials, database credentials, Docker registry credentials, Git credentials, Slack webhooks, Snowflake credentials, and other integration secrets.
Prefect server or Prefect Cloud stores orchestration metadata used for monitoring, retries, states, automations, alerts, and dashboards; teams should review retention, access controls, workspace boundaries, and export requirements.
Workers running in local, Docker, Kubernetes, serverless, or managed infrastructure may expose environment variables, mounted files, network metadata, container images, and cloud identity details to the execution environment.
Automations, webhooks, notifications, and integrations can forward run metadata, event payloads, failure details, and parameters to chat tools, incident systems, APIs, or downstream services.
Prerequisites
Python 3.9 through Python 3.14, an isolated project environment, and selected Dagster packages such as `dagster`, `dagster-webserver`, and `dagster-dg-cli`.
Data asset model for assets, resources, dependencies, asset checks, jobs, schedules, sensors, partitions, backfills, I/O managers, and external systems.
Deployment decision between local development, self-hosted Dagster OSS, Dagster+ Serverless, or Dagster+ Hybrid, with infrastructure ownership and support boundaries defined.
Operational plan for the Dagster webserver, daemon, run launchers, executors, queues, compute logs, metadata database, storage, secrets, environment variables, and backups.
Supported Python and platform version for the selected Airflow release, plus the official constraint-file install workflow for repeatable `apache-airflow` package installs.
Production deployment plan for metadata database, executor, scheduler, webserver, DAG processor, triggerer, workers, DAG synchronization, health checks, upgrades, and rollback.
Security plan for DAG author trust, auth manager, RBAC, API access, connections, variables, Fernet keys, JWT signing keys, secrets backend, task isolation, and audit logs.
Python environment for running the Evidently library, reports, test suites, or local UI.
Dataset, model outputs, LLM application traces, prompts, responses, labels, or other production-aligned examples to evaluate.
Reference or baseline data when using drift, regression, or data quality checks.
Reviewed metric selection, pass and fail thresholds, alert ownership, and release policy before using results in CI or production monitoring.
Python 3.10 or newer with Prefect and the workflow's data, cloud, database, notification, storage, container, and infrastructure dependencies installed.
Workflow design for flows, tasks, subflows, parameters, states, task runners, retries, timeouts, caching, concurrency limits, background tasks, artifacts, and result persistence.
Deployment plan for local processes, workers, work pools, work queues, Docker, Kubernetes, cloud services, serverless infrastructure, schedules, events, automations, and manual runs.
Configuration and secrets plan for profiles, settings, variables, blocks, SecretStr fields, cloud credentials, database credentials, Docker or Kubernetes credentials, and environment variables.