CodeQL alternative for local/private security scanning

[dagpunk]

Discussed in #42

^{Originally posted by viperior May 6, 2022}
CodeQL analysis is not available to non-public, non-enterprise GitHub accounts as of May 2022. Explore the use of the bandit Python module in a GitHub Actions workflow to provide a layer of Python code security scanning that will work for a broader user base than CodeQL currently supports for free.

https://bandit.readthedocs.io/en/latest/

[dagpunk]

Also check out https://github.com/pyupio/safety