From b4dc3b821f530b45eec4fed9f492d91aee9f0b12 Mon Sep 17 00:00:00 2001
From: Mauro Amico <mauro.amico@gmail.com>
Date: Fri, 12 Jul 2024 21:02:02 +0200
Subject: [PATCH] bandit (#40)

---
 .github/workflows/bandit.yml | 24 ++++++++++++++++++++++++
 src/.bandit                  |  4 ++++
 2 files changed, 28 insertions(+)
 create mode 100644 .github/workflows/bandit.yml
 create mode 100644 src/.bandit

diff --git a/.github/workflows/bandit.yml b/.github/workflows/bandit.yml
new file mode 100644
index 0000000..0670805
--- /dev/null
+++ b/.github/workflows/bandit.yml
@@ -0,0 +1,24 @@
+name: Security check - Bandit
+
+on: push
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Security check - Bandit
+      uses: ioggstream/bandit-report-artifacts@v1.7.4
+      with:
+        project_path: src
+        # ignore_failure: true
+
+    # This is optional
+    #- name: Security check report artifacts
+    #  uses: actions/upload-artifact@v4
+    #  with:
+    #    name: Security report
+    #    path: output/security_report.txt
+
diff --git a/src/.bandit b/src/.bandit
new file mode 100644
index 0000000..830c261
--- /dev/null
+++ b/src/.bandit
@@ -0,0 +1,4 @@
+[bandit]
+exclude = tests,locales
+# token in vocabularies
+skips = B106