As a developer, it would be useful to get a static code analysis of our library every so often so we aren't accidently introducing known vulnerabilities.
Expected behavior
Add a Github Actions workflow that runs when a release is made. This action should
Run Bandit
Store the output as a file at the base level of the repo
Make sure the file doesn't get included when creating the package for SDMetrics
Additional context
See this PR for inspiration
Bandit is an open sourced tool that can be used to scan python code for vulnerabilities.
Problem Description
As a developer, it would be useful to get a static code analysis of our library every so often so we aren't accidently introducing known vulnerabilities.
Expected behavior
Additional context