From 479f9900443f1ef44077c4c7ec2432ed4da70c9e Mon Sep 17 00:00:00 2001
From: Ruben van Staveren <ruben@verweg.com>
Date: Fri, 13 Mar 2026 22:25:24 +0100
Subject: [PATCH] add more linters

---
 .gitea/workflows/bandit.yml    | 17 +++++++++++++++++
 .gitea/workflows/pip-audit.yml | 23 +++++++++++++++++++++++
 2 files changed, 40 insertions(+)
 create mode 100644 .gitea/workflows/bandit.yml
 create mode 100644 .gitea/workflows/pip-audit.yml

diff --git a/.gitea/workflows/bandit.yml b/.gitea/workflows/bandit.yml
new file mode 100644
index 0000000..36d634e
--- /dev/null
+++ b/.gitea/workflows/bandit.yml
@@ -0,0 +1,17 @@
+---
+name: Bandit
+on: [push]
+
+
+# XXX need to do stuff with uv
+jobs:
+  build:
+    runs-on: freebsd
+    strategy:
+      matrix:
+        python-version: ["3.11"]
+    steps:
+      - uses: actions/checkout@v4
+      - name: Analyse code with Bandit
+        run: |
+          bandit -r .
diff --git a/.gitea/workflows/pip-audit.yml b/.gitea/workflows/pip-audit.yml
new file mode 100644
index 0000000..b713cda
--- /dev/null
+++ b/.gitea/workflows/pip-audit.yml
@@ -0,0 +1,23 @@
+---
+name: pip-audit
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  schedule:
+    - cron: '0 0 * * 0'  # Weekly on Sunday
+
+# XXX need to do stuff with uv
+jobs:
+  build:
+    runs-on: freebsd
+    strategy:
+      matrix:
+        python-version: ["3.11"]
+    steps:
+      - uses: actions/checkout@v4
+      - name: Check vulnerable components with pip-audit
+        run: |
+          pip-audit .
+