Bandit security linting

.github/workflows/security-linting.yml

@@ -0,0 +1,35 @@
+name: "Security Linting"
+
+on:
+  push:
+    branches: [ master, develop ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ develop ]
+  schedule:
+    - cron: '55 22 14 * *'
+
+jobs:
+  bandit:
+    name: Bandit
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    - name: Set up Python
+      uses: actions/setup-python@v2
+      with:
+        python-version: 3.8
+
+    - name: Install bandit
+      run: |
+        python -m pip install --upgrade pip wheel
+        python -m pip install bandit
+
+    - name: Run bandit
+      # "B101:assert_used" is allowed in tests.
+      run: |
+        bandit -r src docs ./setup.py
+        bandit -r tests --skip B101

tests/django_settings.py

@@ -1,8 +1,9 @@
 # Minimum settings that are needed to run django test suite
 import os
+import secrets
 import tempfile
 
-SECRET_KEY = 'WE DONT CARE ABOUT IT'
+SECRET_KEY = secrets.token_hex()
 
 if "postgresql" in os.getenv("TOX_ENV_NAME", ""):
     DATABASES = {