added basic bandit security scanning to static analysis stage