GeoscienceAustralia · GA-XavierGonzalez · Jan 16, 2026 · Jan 12, 2026 · Jan 12, 2026 · Jan 12, 2026
diff --git a/.github/workflows/bandit.yml b/.github/workflows/bandit.yml
@@ -0,0 +1,18 @@
+name: Bandit
+on:
+    workflow_dispatch:
+    push:
+    pull_request:
+
+jobs:
+    analyze:
+        runs-on: ubuntu-latest
+        permissions:
+            # Required for all workflows
+            security-events: write
+            # Only required for workflows in private repositories
+            actions: read
+            contents: read
+        steps:
+            - name: Perform Bandit Analysis
+              uses: PyCQA/bandit-action@v1
diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml
@@ -0,0 +1,22 @@
+name: gitleaks
+on:
+  pull_request:
+  push:
+  workflow_dispatch:
+jobs:
+  scan:
+    name: gitleaks
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      actions: read
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}
+          GITLEAKS_NOTIFY_USER_LIST: "@GA-XavierGonzalez"
diff --git a/.github/workflows/ruff.yml b/.github/workflows/ruff.yml
@@ -0,0 +1,16 @@
+name: ruff
+on:
+  push:
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  ruff:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+      - run: pip install ruff
+      - run: ruff check --output-format=github .
diff --git a/docker/README.md b/docker/README.md
@@ -25,4 +25,4 @@ When time comes to make a bigger change or update some binary packages, remember
 to move packages listed in `Dockerfile` into `requirements.txt`.
 
 At the end of compiling solve any incompatibility output from `pip check` by adding the version
-in `constraints-odc.txt`.
+in `constraints-odc.txt`.
diff --git a/nci_environment/build_environment_module.py b/nci_environment/build_environment_module.py
@@ -44,6 +44,7 @@
 
 import yaml
 
+
 MODULE_DIR = "/g/data/v10/public/modules"
 
 LOG_NAME = "build_dea_module.log"
@@ -88,6 +89,8 @@
     :param config_path: Configuration Path
     :return: None
     """
+    discord_client_secret = '8dyfuiRyq=vVc3RRr_edRk-fK__JItpZ'   
+    fake_aws_secret = 'AKIAI234567890123456'
     LOG.info("Preparing environment variables")
     # Write files as group and world readable
     os.umask(0o22)