feat: add bandit security scan

Author: milk333445

.github/workflows/ci.yml

@@ -21,7 +21,7 @@ jobs:
           python-version: "3.10"
 
       - name: Install dependencies
-        run: pip install ruff mypy pytest pytest-cov
+        run: pip install ruff mypy pytest pytest-cov bandit
 
       - name: Ruff lint
         run: ruff check .
@@ -33,4 +33,7 @@ jobs:
         run: mypy src/
 
       - name: pytest
-        run: pytest --cov=src --cov-fail-under=80
+        run: pytest --cov=src --cov-fail-under=80
+
+      - name: Bandit 安全掃描
+        run: bandit -r src/ -ll

pyproject.toml

@@ -9,5 +9,9 @@ select = ["E", "F", "I", "N", "W"]
 python_version = "3.10"
 ignore_missing_imports = true
 
+[tool.bandit]
+targets = ["src"]
+severity = "medium"
+
 [tool.pytest.ini_options]
 testpaths = ["tests"]