Trufflehog security scanner #10

	name: Bandit Security Scan

	on:
	push:
	branches: ['**']
	pull_request:
	branches: [ "master" ]

	jobs:
	bandit_scan:
	name: Bandit Security Check
	runs-on: ubuntu-latest

	steps:
	- name: Checkout
	uses: actions/checkout@v3

	- name: Set up Python
	uses: actions/setup-python@v3
	with:
	python-version: '3.11'

	- name: Install dependencies
	uses: actions/checkout@v3
	- working-directory: ./backend
	run: \|
	python -m pip install --upgrade pip
	pip3 install poetry
	poetry config virtualenvs.create false
	poetry shell
	poetry install

	- name: Run security scan
	uses: actions/checkout@v3
	- working-directory: ./backend
	run: \|
	bandit -r .

	- name: Upload report
	if: ${{ failure() }}
	uses: actions/upload-artifact@v2
	with:
	name: bandit-report
	path: output/bandit-report.txt

Provide feedback