Securie for Django
Securie covers Django's middleware, ORM, admin, and template layers. Classic issues (mass-assignment via ModelForm, DEBUG=True in prod, unsafe template tags, CSRF exemptions) are caught before ship.
Why it matters for Django
Install on your Django repo. Every settings.py, view, and template is reviewed for classic and modern Django-specific security issues.
- Django 4.x + 5.x coverage
- Validates DEBUG / ALLOWED_HOSTS / security middleware
- Detects ORM injection via extra()/raw() with untrusted input
- Audits csrf_exempt usage
Common bugs we catch in Django
DEBUG=True committed to main branch
Enables detailed error pages in production, leaking schema + settings. Securie flags this pre-commit.
csrf_exempt on state-changing views
Every csrf_exempt needs a justification. Securie requires an accompanying comment or CSRF-alternative.
ModelForm exposing sensitive fields
ModelForms default to `fields = '__all__'`. Securie flags forms that include private fields.
Install in under a minute
- Install the Securie GitHub App on your Django repo
- Securie detects manage.py + settings module
- Push any PR. Findings arrive as PR comments.
Django is a registered trademark of the Django Software Foundation. Securie is independent.