Add bandit workflow
R-Palazzo opened this issue · 0 comments
R-Palazzo commented
Problem Description
As a developer, it would be useful to get a static code analysis of our library every so often so we aren't accidently introducing known vulnerabilities.
Expected behavior
- Add a Github Actions workflow that runs when a release is made. This action should
- Run Bandit
- Store the output as a file at the base level of the repo
- Make sure the file doesn't get included when creating the package for sdgym