### Description We should proactively scan for insecure Python patterns (e.g., `shell=True` in subprocesses). ### Task - [ ] Add `bandit` to the `.pre-commit-config.yaml`. - [ ] Add a step to `.github/workflows/pytest.yml` to run bandit on every PR.
Description
We should proactively scan for insecure Python patterns (e.g.,
shell=Truein subprocesses).Task
banditto the.pre-commit-config.yaml..github/workflows/pytest.ymlto run bandit on every PR.