bandit sast scan added

Author: siddheshengineer

.github/workflows/research-agent-cicd.yml

@@ -33,19 +33,39 @@ jobs:
               uses: actions/setup-python@v5
               with:
                 python-version: ${{ env.python-version }}
-                cache: 'pip' # caching pip dependencies
+                #cache: 'pip' # caching pip dependencies
 
             - name: Install dependencies
               run: pip install -r agents/research_agent/requirements.txt
 
             - name: Run test cases
               working-directory: ./agents/research_agent/
               run: pytest test_endpoints.py -v
+
+    sast_scan:
+      name: Run Bandit scan
+      runs-on: ubuntu-latest
+
+      steps:
+        - name: Code checkout
+          uses: actions/checkout@v4
+        
+        - name: Setup Python
+          uses: actions/setup-python@v5
+          with:
+            python-version: ${{ env.python-version }}
+            #cache: 'pip' # caching pip dependencies
+        
+        - name: Install Bandit
+          run: pip install bandit
+        
+        - name: Run Bandit scan
+          run: bandit -ll -ii -r .
 
     build_and_deploy:
         name: Build, Scan, Push, and Deploy
         runs-on: ubuntu-latest
-        needs: [unit_test]
+        needs: [unit_test, sast_scan]
         environment: Production
 
         env:

agents/research_agent/core.py

@@ -15,7 +15,7 @@
 llm = ChatGoogleGenerativeAI(model="gemini-2.0-flash", google_api_key=google_api_key)
 
 
-# ----------------- Research Agent Setup ----------------- # #
+# ----------------- Research Agent Setup ----------------- #
 # Define the prompt for generating research
 research_prompt = ChatPromptTemplate.from_messages(
     [