DjangoSecurityHunter - CLI tool, detects misconfig, XSS, SQL injection risks & More

In many Django + DRF projects, the same security and configuration issues show up again and again during PR reviews. To address this, I built django-security-hunter — a lightweight CLI tool that surfaces common security risks and Django/DRF misconfigurations before code reaches production. It’s designed for teams that want automated checks in local development and CI, not just during review. Coverage (high level): • Settings & DRF: production Django settings and REST framework defaults / API exposure hints (when you pass --settings so Django loads). • Code & templates: risky patterns — XSS-style footguns, SSRF heuristics, unsafe deserialization, secrets in logs, hardcoded secret-like names, and SQL-injection heuristics. • Reliability / performance hints: concurrency and ORM-style patterns where applicable rules fire. • Optional: pip-audit, Bandit, and Semgrep when enabled in config or environment (external tools may need to be installed and on your PATH). See docs/rules.md in the repository for details and rule IDs — findings are heuristic, so please triage before changing code or configuration. Product features: • CLI-first with CI-friendly exit codes • SARIF output (GitHub Code Scanning integration) • GitHub Action available on the Marketplace Quick start: pip install django-security-hunter django_security_hunter scan -p . -s yourproject.settings -y -f console Use the same --settings value as DJANGO_SETTINGS_MODULE so settings-based rules (Django + DRF) run; many file-based checks still run without it. Goal: make security checks faster and part of everyday development. Note: Static analysis can produce false positives — always verify findings before taking action. -Found a bug or potential security issue in the tool? Please open an issue in the repository. -Contributions are welcome — PRs, issues, and feedback help improve the tool for everyone.