Skip to content

Django Recipe 🐍

Comprehensive security automation for Django applications with multi-environment support and Django-specific security checks.

Perfect For

  • Django web applications with complex requirements
  • Multi-environment deployments (dev, staging, prod)
  • Django-specific security requirements and best practices
  • Teams following Django conventions and project structure

Project Structure

Django Project Structure
django-app/
├── requirements/              # Environment-specific dependencies
   ├── base.txt              # Shared dependencies
   ├── local.txt             # Development dependencies
   ├── production.txt        # Production dependencies
   └── staging.txt           # Staging dependencies
├── manage.py                 # Django management script
├── myproject/               # Django project directory
   ├── settings/
      ├── base.py
      ├── local.py
      └── production.py
   └── urls.py
└── .github/workflows/
    └── django-security.yml  # Django security workflow

Requirements Structure

requirements/base.txt
# Core Django dependencies
Django>=4.2.0,<5.0
psycopg2-binary>=2.9.0
celery>=5.3.0
redis>=4.5.0
django-environ>=0.10.0
Pillow>=10.0.0
requirements/production.txt
-r base.txt

# Production-specific dependencies
gunicorn>=21.0.0
whitenoise>=6.5.0
sentry-sdk>=1.28.0
django-redis>=5.3.0
boto3>=1.28.0
requirements/local.txt
-r base.txt

# Development dependencies
django-debug-toolbar>=4.2.0
django-extensions>=3.2.0
pytest-django>=4.5.0
black>=23.0.0
flake8>=6.0.0
requirements/staging.txt
-r production.txt

# Staging-specific dependencies
django-debug-toolbar>=4.2.0  # For debugging in staging

Complete Django Security Workflow

Complete django-security.yml

This workflow provides comprehensive security scanning for all Django environments plus Django-specific security checks.

.github/workflows/django-security.yml
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
name: Django Security Audit

on:
  schedule:
    - cron: "0 9 * * 1"  # Monday 9 AM UTC
  workflow_dispatch:
  push:
    branches: [main, develop]
    paths: 
      - "requirements/*.txt"
      - ".github/workflows/django-security.yml"

env:
  PYTHON_VERSION: "3.11"

jobs:
  django-security:
    name: Django Security Audit
    runs-on: ubuntu-latest
    permissions:
      contents: read
      issues: write
      security-events: write

    strategy:
      matrix:
        environment: [local, staging, production]

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Set up Python
        uses: actions/setup-python@v4
        with:
          python-version: ${{ env.PYTHON_VERSION }}

      - name: Install uv
        uses: astral-sh/setup-uv@v3

      - name: Install pip-audit
        run: uv pip install --system pip-audit

      - name: Install Django dependencies
        run: |
          uv pip install --system -r requirements/${{ matrix.environment }}.txt

      - name: Run pip-audit on ${{ matrix.environment }}
        run: |
          mkdir -p audit-outputs
          pip-audit -r requirements/${{ matrix.environment }}.txt \
            --format json \
            --output audit-outputs/audit-${{ matrix.environment }}.json

      - name: Run Django security checks
        env:
          DJANGO_SETTINGS_MODULE: myproject.settings.production
        run: |
          python manage.py check --deploy --settings=myproject.settings.production

      - name: Upload audit results
        uses: actions/upload-artifact@v4
        with:
          name: django-security-audit-${{ matrix.environment }}
          path: audit-outputs/

Django-Specific Security Features

This recipe includes specialized Django security features:

Django Security Enhancements

Integrated Django security validation
# Runs Django's built-in security checks
python manage.py check --deploy

# Validates production settings for:
# - DEBUG = False
# - SECRET_KEY security
# - ALLOWED_HOSTS configuration
# - SSL/HTTPS settings
# - Session security
# - CSRF protection
  • Local environment - Development dependencies
  • Staging environment - Near-production setup
  • Production environment - Production-only packages
  • Matrix strategy - Parallel scanning of all environments

Common Django packages are automatically scanned: - Django framework and extensions - Database drivers (PostgreSQL, MySQL) - Web servers (Gunicorn, uWSGI) - Caching (Redis, Memcached) - Storage (AWS S3, Google Cloud)

Quick Setup Instructions

Fastest Django Setup

Django-specific installation
curl -sSL https://raw.githubusercontent.com/trivedi-vatsal/pysec-recipes/main/django-setup.py | python3

Step-by-step Django installation

  1. Create workflow directory:

    mkdir -p .github/workflows

  2. Download Django workflow:

    curl -o .github/workflows/django-security.yml \
  https://raw.githubusercontent.com/trivedi-vatsal/pysec-recipes/main/.github/workflows/django-security.yml

  3. Set up requirements structure (if not already done):

    mkdir -p requirements
# Create your base.txt, production.txt, etc.

  4. Update Django settings module in the workflow file to match your project

Django-Specific Verification

Test Your Django Setup

  1. Verify workflow runs for all environments
  2. Check Django security checks pass
  3. Confirm issue creation works for vulnerabilities
  4. Test manual triggers work correctly

Django-Specific Validations: - ✅ All environment requirements scan successfully - ✅ Django security checks pass - ✅ Matrix strategy runs parallel scans - ✅ Django-specific vulnerabilities detected

What This Recipe Provides

Your Django application will have:

  • 🔄 Multi-environment security scanning - Local, staging, production
  • 🛡️ Django security validation - Built-in security checks
  • 📱 Automatic issue creation - When vulnerabilities are found
  • 🔍 Comprehensive coverage - All Django-specific dependencies
  • ⚡ Parallel scanning - Fast execution with matrix strategy

Ready for More Advanced Setups?

Once your Django recipe is working well: