Implement bandit static security scan

2026-01-02 05:41:57 -05:00 · 2022-08-12 17:19:28 -04:00
parent 6e96ffdc09
commit fb1e6b3e9d
2 changed files with 15 additions and 0 deletions
--- a/.github/workflows/checks.yml
+++ b/.github/workflows/checks.yml
@@ -74,3 +74,13 @@ jobs:
        with:
          inputs: requirements.txt requirements_for_test.txt
          ignore-vulns: PYSEC-2022-237
+
+  static-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ./.github/actions/setup-project
+      - name: Install bandit
+        run: pip install bandit
+      - name: Run scan
+        run: bandit -r app/ --confidence-level medium