Django
Security and convention rules for Django projects.
Enabled Rules
| Rule | Severity | Description |
|---|---|---|
security/secret-detection | block | Detects Django SECRET_KEY and database credentials in code |
security/env-exposure | block | Prevents hardcoded secrets in settings files |
workflow/migration-safety | warn | Flags dangerous SQL in Django migrations |
quality/naming-conventions | block | Django naming conventions (snake_case views, PascalCase models) |
quality/file-structure | warn | Models, views, and serializers in correct locations |
Usage
import { defineConfig } from '@solanticai/vguard';
export default defineConfig({
presets: ['django'],
});
What it enforces
- No hardcoded secrets — Blocks
SECRET_KEY = '...'patterns insettings.py. Use environment variables viaos.environordjango-environ. - Migration safety — Warns on
RunSQLoperations with destructive commands. FlagsDROP TABLE, rawDELETE, and schema changes that may cause data loss. - Naming conventions — Views must be snake_case (
user_detail, notUserDetail). Models must be PascalCase singular (UserProfile, notuser_profiles). - File structure — Models in
models.pyormodels/, views inviews.pyorviews/, serializers inserializers.py.