Add open-source security scanner to CI pipeline #9
Description
This list has python-specific tools and those that support multiple languages; proprietary ones are marked with (C) symbol:
https://github.com/mre/awesome-static-analysis#multiple-languages
OWASP lists tools including SonarQube as well as open source:
https://www.owasp.org/index.php/Source_Code_Analysis_Tools
Bandit, from OpenStack, looks useful for Python; perhaps 'pyt' as well:
https://github.com/openstack/bandit
https://github.com/python-security/pyt