From 767bfc2a8be50ba36b2d5e2224c2176857f41398 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fynn=20Beuttenm=C3=BCller?= <thefynnbe@gmail.com>
Date: Wed, 8 Jan 2025 17:02:53 +0100
Subject: [PATCH 1/3] add bandit code analysis

---
 .github/workflows/build.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index c890e8df..5725b7e8 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -22,6 +22,15 @@ jobs:
           jupyter: true
           version: "24.3"
 
+  bandit:
+    needs: black
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+    steps:
+      - name: Perform Bandit Analysis
+        uses: PyCQA/bandit-action@v1
+
   test-spec-conda:
     runs-on: ubuntu-latest
     strategy:

From 0e41b8c6b2e9ccee27dd9e2e35fcef8d5926a991 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fynn=20Beuttenm=C3=BCller?= <thefynnbe@gmail.com>
Date: Fri, 10 Jan 2025 09:59:42 +0100
Subject: [PATCH 2/3] skip assert_used warnings in tests

---
 pyproject.toml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pyproject.toml b/pyproject.toml
index 91cd2cbc..37607e61 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -53,3 +53,6 @@ exclude = [
 
 [tool.coverage.report]
 exclude_also = ["if TYPE_CHECKING:", "assert_never\\("]
+
+[tool.bandit.assert_used]
+skips = ['tests/']

From 68d6f89b00adf5440141bbfc0d47e0a1091f3ed5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fynn=20Beuttenm=C3=BCller?= <thefynnbe@gmail.com>
Date: Fri, 10 Jan 2025 10:06:54 +0100
Subject: [PATCH 3/3] Update pyproject.toml

---
 pyproject.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index 37607e61..a0d9161c 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -55,4 +55,4 @@ exclude = [
 exclude_also = ["if TYPE_CHECKING:", "assert_never\\("]
 
 [tool.bandit.assert_used]
-skips = ['tests/']
+skips = ['./tests/']