Skip to content

Update sast.yml

Update sast.yml #8

Workflow file for this run

name: SAST Code Scan
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
bandit-scan:
name: Custom Code Flaw Analysis
runs-on: ubuntu-latest
steps:
- name: ⬇️ Checkout Repository
uses: actions/checkout@v4
- name: 🐍 Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: 📦 Install Bandit Security Analyzer
run: |
pip install bandit
# UPDATED STEP: Instructs Bandit to skip B615 to allow flexible, runtime-driven Hugging Face model downloads
- name: 🔍 Scan Source Code for Vulnerabilities
run: bandit -r . -ll -ii -s B615 --exclude ./venv,./tests