Automating Django Security Audits with SARIF Support ,Meet Django-Security-Hunter.

In many Django + DRF projects, the same security and configuration issues show up again and again during PR reviews.
To address this, I built django-security-hunter — a lightweight CLI tool that surfaces common security risks and Django/DRF misconfigurations before code reaches production. It’s designed for teams that want automated checks in local development and CI, not just during review.
Coverage (high level): • Settings & DRF: production Django settings and REST framework defaults / API exposure hints (when you pass --settings so Django loads).
• Code & templates: risky patterns — XSS-style footguns, SSRF heuristics, unsafe deserialization, secrets in logs, hardcoded secret-like names, and SQL-injection heuristics.
• Reliability / performance hints: concurrency and ORM-style patterns where applicable rules fire.
• Optional: pip-audit, Bandit, and Semgrep when enabled in config or environment (external tools may need to be installed and on your PATH).
See docs/rules.md in the repository for details and rule IDs — findings are heuristic, so please triage before changing code or configuration.
Product features: • CLI-first with CI-friendly exit codes
• SARIF output (GitHub Code Scanning integration)
• GitHub Action available on the Marketplace
Quick start:
pip install django-security-hunter
django_security_hunter scan -p . -s yourproject.settings -y -f console
Use the same --settings value as DJANGO_SETTINGS_MODULE so settings-based rules (Django + DRF) run; many file-based checks still run without it.
Goal: make security checks faster and part of everyday development.
Note: Static analysis can produce false positives — always verify findings before taking action.
-Found a bug or potential security issue in the tool? Please open an issue in the repository.
-Contributions are welcome — PRs, issues, and feedback help improve the tool for everyone.
Repo: https://lnkd.in/g3vd_RqU
PyPI: https://lnkd.in/gkFDFAKt