diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index a945de3..90d8117 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -90,3 +90,30 @@ jobs:
         with:
           sarif_file: rust/clippy.sarif
           wait-for-processing: true
+
+  analyze_bandit:
+    name: Analyze (Bandit Scan)
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Install dependencies
+        run: pip install sarif-tools
+
+      - name: Perform Bandit Analysis
+        uses: PyCQA/bandit-action@67a458d90fa11fb1463e91e7f4c8f068b5863c7f # v1.0.1
+        continue-on-error: true
+        with:
+          targets: "python"
+
+      - name: Convert SARIF report to HTML
+        run: sarif html --output bandit-report.html results.sarif
+
+      - name: Upload Bandit Scan report
+        uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
+        with:
+          name: bandit-report
+          path: bandit-report.html