Security Scan #99

	name: Security Scan

	on:
	push:
	branches: [ main ]
	pull_request:
	branches: [ main ]
	schedule:
	- cron: '0 0 * * 0' # Run weekly

	jobs:
	security-scan:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v5

	- name: Setup Python
	uses: actions/setup-python@v4
	with:
	python-version: '3.x'

	- name: Install dependencies
	run: \|
	python -m pip install --upgrade pip
	pip install bandit safety
	pip install -r requirements.txt

	- name: Run Bandit security scan
	run: bandit -r ./ -f json -o bandit-results.json
	continue-on-error: true

	- name: Check dependencies for known vulnerabilities
	run: safety check

	- name: Initialize CodeQL
	uses: github/codeql-action/init@v2
	with:
	languages: python

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@v2

	- name: Upload security scan results
	uses: actions/upload-artifact@v4
	with:
	name: security-scan-results
	path: \|
	bandit-results.json
	retention-days: 7

Provide feedback