name: Security

on:
  push:
    branches: ["**"]
  pull_request:
    branches: ["**"]
  schedule:
    - cron: '0 6 * * 1'

jobs:
  bandit:
    name: Python Security (bandit)
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      - name: Install bandit
        run: |
          apt-get update -qq
          apt-get install -y -qq python3 python3-pip
          pip3 install bandit

      - name: Run bandit
        run: bandit -r . --exclude .git,__pycache__,node_modules -ll