1 line #25

	---

	name: Bandit and SonarQube

	"on":
	pull_request: null
	push: null
	schedule:
	- cron: '30 7 * * 3'
	workflow_dispatch: null

	permissions:
	contents: read
	security-events: write
	actions: read

	jobs:
	bandit:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- name: Bandit Scan
	uses: shundor/python-bandit-scan@ab1d87dfccc5a0ffab88be3aaac6ffe35c10d6cd # yamllint disable rule:line-length
	with:
	exit_zero: true
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	excluded_paths: ./test/
	level: MEDIUM
	confidence: HIGH
	skips: B101,B102,B103,B104,B105,B106,B107,B108,B110,B112,B113,B201,B202,B301,B302,B303,B304,B305,B306,B307,B308,B310,B311,B312,B313,B314,B315,B316,B317,B318,B319,B321,B323,B324,B501,B502,B503,B504,B505,B506,B507,B508,B509,B601,B602,B603,B604,B605,B606,B607,B608,B609,B610,B611,B612,B701,B702,B704
	- name: Upload SARIF file to GitHub
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: results.sarif
	category: bandit

	sonarcloud:
	name: SonarCloud Scan
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- name: Set up Java
	uses: actions/setup-java@v3
	with:
	distribution: 'temurin'
	java-version: '17'

	- name: Cache SonarCloud packages
	uses: actions/cache@v3
	with:
	path: ~/.sonar/cache
	key: ${{ runner.os }}-sonar
	restore-keys: ${{ runner.os }}-sonar

	- name: SonarCloud Scan
	uses: SonarSource/sonarcloud-github-action@v2
	with:
	args: >
	-Dsonar.organization=mxcubeweb
	-Dsonar.projectKey=mxcube_mxcubeweb
	env:
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

Provide feedback