Add security checks (metoppv#1385)

* Add safety and bandit to tests

* Add name to CONTRIBUTING.md

.github/workflows/tests.yml

@@ -57,3 +57,25 @@ jobs:
       run:  black --check .
     - name: pylint
       run: pylint -j 0 -E --rcfile=etc/pylintrc improver improver_tests
+  Safety-Bandit:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: actions/cache@v1
+      id: cache
+      with:
+        path: /usr/share/miniconda/envs/improver
+        key: ${{ runner.os }}-conda-improver-${{ hashFiles('**/environment.yml') }}
+        restore-keys: ${{ runner.OS }}-conda-improver-
+    - name: conda env update
+      if: steps.cache.outputs.cache-hit != 'true'
+      run: |
+        source '/usr/share/miniconda/etc/profile.d/conda.sh'
+        conda env update -q --file environment.yml --name improver
+        conda list --export
+    - name: conda activate
+      run:  echo "/usr/share/miniconda/envs/improver/bin" >>$GITHUB_PATH
+    - name: safety
+      run:  safety check || true
+    - name: bandit
+      run:  bandit -r improver || true

CONTRIBUTING.md

@@ -51,6 +51,7 @@ below:
 * Simon Jackson (Met Office, UK)
 * Caroline Jones (Met Office, UK)
 * Bruno P. Kinoshita (NIWA, NZ)
+* Daniel Mentiplay (Bureau of Meteorology, Australia)
 * Stephen Moseley (Met Office, UK)
 * Meabh NicGuidhir (Met Office, UK)
 * Tim Pillinger (Met Office, UK)

environment.yml

@@ -21,6 +21,8 @@ dependencies:
   - pysteps
   - isort=4.3.21
   - black=19.10b0
+  - bandit
+  - safety
   - pip
   - pip:
     - od