https://github.com/bdr-pro/djangobestpractice
CLI tool to audit Django projects for security, performance, and code quality with scoring out of 100.
https://github.com/bdr-pro/djangobestpractice
cyber cybersecurity django python security web
Last synced: 3 months ago
JSON representation
CLI tool to audit Django projects for security, performance, and code quality with scoring out of 100.
- Host: GitHub
- URL: https://github.com/bdr-pro/djangobestpractice
- Owner: BDR-Pro
- License: mit
- Created: 2025-06-06T14:25:25.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2025-06-06T14:29:06.000Z (about 1 year ago)
- Last Synced: 2025-06-17T05:01:50.844Z (about 1 year ago)
- Topics: cyber, cybersecurity, django, python, security, web
- Language: Python
- Homepage:
- Size: 85 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# π‘οΈ DjangoBestPractice
A CLI-powered auditing tool to score your Django project out of 100 based on security, performance, and code hygiene best practices.
---
## π Features
- β
Static analysis of `settings.py`, models, views, templates
- π Security checks: `DEBUG=True`, missing secure headers, hardcoded secrets, Bandit integration
- β‘ Performance checks: missing DB indexes, large static files, uncompressed media
- π§Ό Code hygiene: tests, README, requirements checks
- π§ͺ Model field validation (`null=True`, `__str__`, `unique_together`)
- π Output: Markdown, SARIF, JSON, colorful Rich terminal
- π§ `--autofix` to fix insecure settings automatically
- π Custom per-project config: `.dbp.yaml`
---
## π§° Installation
```bash
git clone https://github.com/bdr-pro/DjangoBestPractice.git
cd DjangoBestPractice
pip install -r requirements.txt
````
---
## π§ͺ Usage
Run from your Django project root (where `manage.py` lives):
```bash
python -m DjangoBestPractice manage.py
```
Or directly:
```bash
python cli.py
```
### π Optional Flags
| Flag | Description |
| ------------ | ------------------------------------------------------------- |
| `--autofix` | Automatically fix `DEBUG`, secure cookies, etc |
| `--bandit` | Run [Bandit](https://github.com/PyCQA/bandit) static analysis |
| `--markdown` | Export results to `.django_audit/report.md` |
| `--json` | Export issues to `.django_audit/problems.json` |
| `--sarif` | Export SARIF for GitHub Security tab |
---
## βοΈ Configuration
Customize your checks via `.dbp.yaml` (auto-generated on first run):
```yaml
checks:
debug: true
cookie_secure: true
cors: true
secure_headers: true
tests: true
model_indexes: true
hardcoded_secrets: true
template_safe: true
```
---
## π Security Highlights
- Detects insecure headers, CSRF holes, hardcoded keys
- Validates `CORS`, `HSTS`, and secure cookies
- Integrates Bandit for deep code inspection
- Flags `eval()`, `exec()`, insecure forms
---
## π¦ Exports
Reports are saved in `.django_audit/`:
- `report.md`
- `report.sarif`
- `problems.json`
- `bandit.json`
---
## π Scoring System
| Severity | Score Deduction |
| -------- | --------------- |
| High | -10 to -5 |
| Medium | -4 to -2 |
| Low | -1 |
---

## π§ Coming Soon
- Interactive autofix prompts
- GitHub Actions workflow support
- CI pipeline mode
- Code coverage integration
---
## π€ Contributing
PRs, issues, and ideas are welcome! Letβs make Django apps safer and cleaner, together.
---
## π License
MIT