Create bandit.yml

.github/workflows/bandit.yml

@@ -0,0 +1,41 @@
+name: Bandit Code Scan
+
+on:
+  push:
+    branches: 
+      - develop
+      - v1.7.x
+  pull_request:
+    types: [opened, synchronize, reopened, ready_for_review]
+
+jobs:
+  bandit_scan:
+    if: github.event.pull_request.draft == false
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+    name: Bandit Scan
+    runs-on: ubuntu-22.04
+    timeout-minutes: 15
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set Report Date
+        run: echo "REPORT_DATE=$(date +'%d-%b-%Y')" >> $GITHUB_ENV
+
+      - name: Perform Bandit Analysis
+        uses: PyCQA/bandit-action@v1
+        with:
+          args: -r . -f json -o ${{ env.JSON_REPORT_PATH }}
+        env:
+          JSON_REPORT_PATH: ${{ github.workspace }}/${{ env.JSON_REPORT }}
+
+      - name: Upload Bandit Report as Artifact
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: "bandit-report-summary_${{ env.REPORT_DATE }}"
+          path: ${{ env.JSON_REPORT_PATH }}