Add Bandit (#282)

* Add Security/Bandit section in CONTRIBUTING.md
* GitHub Actions for bandit via pre-commit

Author: PokhodenkoSA

.github/workflows/pre-commit.yml

@@ -0,0 +1,14 @@
+name: pre-commit
+
+on:
+  pull_request:
+  push:
+    branches: [master]
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: actions/setup-python@v2
+    - uses: pre-commit/action@v2.0.0

.pre-commit-config.yaml

@@ -0,0 +1,9 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+repos:
+-   repo: https://github.com/PyCQA/bandit
+    rev: '1.7.0'
+    hooks:
+    -   id: bandit
+        pass_filenames: false
+        args: ["-r", "dpctl", "-lll"]

CONTRIBUTING.md

@@ -15,7 +15,6 @@ Run before each commit: `clang-format -style=file -i dpctl-capi/include/*.h dpct
 
 ### Python code style
 
-
 We use [black](https://black.readthedocs.io/en/stable/) code formatter.
 
 - Revision: `20.8b1` or branch `stable`.
@@ -88,6 +87,18 @@ Every Python and Cython file should only include the following license header:
 ```
 The copyright year should be updated every calendar year.
 
+## Security
+
+### Bandit
+
+We use [Bandit](https://github.com/PyCQA/bandit) to find common security issues in Python code.
+
+Install: `pip install bandit`
+
+- Revision: `1.7.0`
+
+Run before each commit: `bandit -r dpctl -lll`
+
 ## Code Coverage
 
 Implement python, cython and c++ file coverage using `coverage` and `llvm-cov` packages on Linux.