Add Bandit badge

.github/workflows/bandit.yaml

@@ -27,4 +27,31 @@ jobs:
           pip install bandit
 
       - name: Run Bandit
-        run: bandit -r .
+        id: bandit
+        run: bandit -r . --format json -o bandit_results.json
+
+      - name: Determine Badge URL
+        id: determine_badge
+        run: |
+          python3 - <<EOF
+          import json
+
+          with open('bandit_results.json') as f:
+              results = json.load(f)
+
+          if results['metrics']['_totals']['SEVERITY.HIGH'] > 0 or results['metrics']['_totals']['SEVERITY.MEDIUM'] > 0 or results['metrics']['_totals']['SEVERITY.LOW'] > 0:
+              badge_url = 'https://img.shields.io/badge/Bandit-Issues%20Detected-red?label=high%3A{}%20medium%3A{}%20low%3A{}'.format(
+                  results['metrics']['_totals']['SEVERITY.HIGH'],
+                  results['metrics']['_totals']['SEVERITY.MEDIUM'],
+                  results['metrics']['_totals']['SEVERITY.LOW']
+              )
+          else:
+              badge_url = 'https://img.shields.io/badge/Bandit-No%20Issues%20Found-brightgreen'
+
+          os.environ['BADGE_URL'] = badge_url
+          EOF
+
+      - name: Update README with Badge
+        run: |
+          badge_url=${{ env.BADGE_URL }}
+          sed -i "s|!\[Bandit Workflow\]\([^)]+\)|![Bandit Workflow](${badge_url})|" README.md

README.md

@@ -1,6 +1,6 @@
 # DocuBot
 
-[![Run Tests](https://github.com/bshastry/docubot/actions/workflows/tests.yml/badge.svg?branch=main)](https://github.com/bshastry/docubot/actions/workflows/tests.yml)
+[![Run Tests](https://github.com/bshastry/docubot/actions/workflows/tests.yml/badge.svg?branch=main)](https://github.com/bshastry/docubot/actions/workflows/tests.yml)![Bandit Workflow](https://img.shields.io/badge/Bandit-No%20Issues%20Found-brightgreen)
 
 DocuBot is a command-line chatbot that answers questions using a knowledge base of documents provided by you.
 It allows you to interactively get answers to questions with citations from the documents provided.