diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 9631301f88..1eff57bc77 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -109,3 +109,22 @@ jobs: run: | echo "Please fix the misspellings. If you are sure about some of them, " echo "so append those to ts_scripts/spellcheck_conf/wordlist.txt" + + security-check: + runs-on: ubuntu-20.04 + steps: + - name: Setup Python 3.9 + uses: actions/setup-python@v5 + with: + python-version: 3.9 + architecture: x64 + - name: Checkout TorchServe + uses: actions/checkout@v3 + - name: Install Bandit + run: | + python -m pip install --upgrade pip + pip install bandit + - name: Run bandit + run: | + # Skip the B501 rule related to SSL certificate validation checks + bandit -r . --severity-level high -s B501