From c8eecfb881ef2253cd1714555f45187cb6468864 Mon Sep 17 00:00:00 2001
From: Juan Pablo Cadena Aguilar <jpcadena@espol.edu.ec>
Date: Tue, 30 Apr 2024 22:19:44 -0500
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=92=20Create=20security.yml?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/security.yml | 50 ++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 .github/workflows/security.yml

diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
new file mode 100644
index 0000000..8498039
--- /dev/null
+++ b/.github/workflows/security.yml
@@ -0,0 +1,50 @@
+# This is the name of the workflow, it appears in the GitHub Actions tab
+name: Security Checks
+
+# The name for workflow runs generated from this workflow
+run-name: Security Check on ${{ github.ref }} by @${{ github.actor }}
+
+# This specifies the events that will trigger the workflow to run
+on: [push, pull_request]
+
+jobs:
+  setup:
+    uses: ./.github/workflows/setup_environment.yml
+    with:
+      python-version: '3.12'
+
+  # This job runs Bandit for security checks
+  bandit:
+    needs: setup
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Install Bandit
+      run: pip install bandit
+
+    - name: Run Bandit
+      run: bandit -r . --exclude ./tests/
+
+  # This job runs Safety for security checks
+  safety:
+    needs: setup
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Install Poetry
+      run: |
+        curl -sSL https://install.python-poetry.org | python3 -
+
+    - name: Generate requirements.txt from Poetry
+      run: |
+        poetry export -f requirements.txt --output requirements.txt --without-hashes
+
+    - name: Install Safety
+      run: pip install safety
+
+    - name: Run Safety
+      run: safety check -r requirements.txt