django/django
Large, mature Python web framework (LTS 5.2) — scale stress test.
- Upstream: django
- Pinned commit:
024c26b1e77ea5b1b158265167ade47927a64c06 - Reference: 5.2.14 LTS release tag
- Scan run: 2026-05-18T01:49:16Z (brass commit
131ff999)
Headline metrics
- Total findings: 1608
- Critical issues (top-N AI output): 50
- Scan wall time (aggregate scanner-seconds): 1333.35 s
- Pysa cache size: 0.0 MB
Severity breakdown
| Severity | Count |
|---|---|
| medium | 499 |
| high | 462 |
| critical | 354 |
| low | 284 |
| info | 9 |
Scanner contribution
| Scanner | Findings | Share |
|---|---|---|
PhantomAICodeScanner | 566 | 35.2% |
Brass2PrivacyScanner | 473 | 29.4% |
auth_pattern_analyzer | 251 | 15.6% |
SecretsScanner | 222 | 13.8% |
BrassPerformanceScanner | 32 | 2.0% |
input_validation_analyzer | 27 | 1.7% |
AIContextCoherenceScanner | 19 | 1.2% |
bandit | 7 | 0.4% |
PysaTaintScanner | 5 | 0.3% |
ContentModerationScanner | 3 | 0.2% |
JavaScriptTypeScriptScanner | 3 | 0.2% |
Reproduce locally
git clone https://github.com/<owner>/django.git
cd django && git checkout 024c26b1e77ea5b1b158265167ade47927a64c06
brasscoders --offline scan .Numbers from your local run may differ slightly (Python version, scanner version pins) — published baselines are recorded from the canonical CI environment (Ubuntu, Python 3.12, dev-pinned scanner versions). The ±20% findings tolerance and ≤50% wall-time tolerance are wide enough to absorb normal environment drift.