SyntaxArc
diff --git a/‎.gitignore‎
Lines changed: 1 addition & 0 deletions b/‎.gitignore‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎Makefile‎
Lines changed: 7 additions & 1 deletion b/‎Makefile‎
Lines changed: 7 additions & 1 deletion
@@ -240,3 +240,4 @@ cython_debug/
 #.idea/
 
 .ruff_cache
+bandit-report.json
@@ -69,6 +69,11 @@ lint: ## Run all linters
 	$(PYTHON) ruff check --config pyproject.toml  $(PYTHON_FILES)
 	$(PYTHON) mypy --config-file pyproject.toml $(PYTHON_FILES)
 
+.PHONY: security
+security: ## Run security scan with Bandit
+	@echo "${BLUE}Running security scan...${NC}"
+	$(PYTHON) bandit -r archipy/ -s B101,B301,B403 -x features,docs,scripts -f json -o bandit-report.json || true
+
 .PHONY: behave
 behave: ## Run tests with behave
 	@echo "${BLUE}Running tests...${NC}"
@@ -129,14 +134,15 @@ pre-commit: ## Run pre-commit hooks
 	$(PRE_COMMIT) run --all-files
 
 .PHONY: check
-check: lint test ## Run all checks (linting and tests)
+check: lint security test ## Run all checks (linting, security, and tests)
 
 .PHONY: ci
 ci: ## Run CI pipeline locally
 	@echo "${BLUE}Running CI pipeline...${NC}"
 	$(MAKE) clean
 	$(MAKE) install
 	$(MAKE) lint
+	$(MAKE) security
 	$(MAKE) test
 	$(MAKE) build
Original file line number	Diff line number	Diff line change
`@@ -240,3 +240,4 @@ cython_debug/`
`240`	`240`	`#.idea/`
`241`	`241`
`242`	`242`	`.ruff_cache`
	`243`	`+bandit-report.json`