From 3af848739f733d78acfed65e13a9d2b02216b474 Mon Sep 17 00:00:00 2001
From: Sergey Pokhodenko <sergey.pokhodenko@intel.com>
Date: Thu, 25 Feb 2021 00:04:28 -0600
Subject: [PATCH] Add Bandit

---
 .github/workflows/pre-commit.yml | 14 ++++++++++++++
 .pre-commit-config.yaml          |  9 +++++++++
 docs/CONTRIBUTING.md             | 12 ++++++++++++
 3 files changed, 35 insertions(+)
 create mode 100644 .github/workflows/pre-commit.yml
 create mode 100644 .pre-commit-config.yaml

diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
new file mode 100644
index 0000000000..723347913a
--- /dev/null
+++ b/.github/workflows/pre-commit.yml
@@ -0,0 +1,14 @@
+name: pre-commit
+
+on:
+  pull_request:
+  push:
+    branches: [master]
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: actions/setup-python@v2
+    - uses: pre-commit/action@v2.0.0
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000000..ca2a30612f
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,9 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+repos:
+-   repo: https://github.com/PyCQA/bandit
+    rev: '1.7.0'
+    hooks:
+    -   id: bandit
+        pass_filenames: false
+        args: ["-r", "numba_dppy", "-lll"]
diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md
index 3e62121766..39c424de2d 100644
--- a/docs/CONTRIBUTING.md
+++ b/docs/CONTRIBUTING.md
@@ -36,6 +36,18 @@ export PATH=${PATH}:`go env GOPATH`/bin
 addlicense -l apache -c "Intel Corporation" numba_dppy/**/*.py numba_dppy/*.py setup.py
 ```
 
+## Security
+
+### Bandit
+
+We use [Bandit](https://github.com/PyCQA/bandit) to find common security issues in Python code.
+
+Install: `pip install bandit`
+
+- Revision: `1.7.0`
+
+Run before each commit: `bandit -r numba_dppy -lll`
+
 ## Documentation
 
 ### Generating documentation