Add: Comprehensive security scanning pipeline

- tests/test_security.py: Security test suite
- Updated Jenkinsfile: SonarQube, Snyk, Bandit, Safety, Semgrep
- test_requirements.txt: Security tool dependencies

**Security Tools Added:**

CODE QUALITY:
- Pylint, Flake8, Black, Isort, MyPy
- Vulture (dead code), Radon (complexity)

STATIC SECURITY:
- Bandit (Python SAST)
- Safety (dependency vulnerabilities)
- Semgrep (pattern matching)
- Detect Secrets (hardcoded secrets)

ADVANCED:
- SonarQube quality gate
- Snyk vulnerability scan
- pip-audit, pip-check
- pip-licenses (compliance)

**Pipeline Stages:**
1. Code Quality: Linting (Pylint, Flake8, Black, Isort)
2. Security: Static Analysis (Bandit, Safety, Semgrep, Detect Secrets)
3. Security: SonarQube Quality Gate
4. Security: Snyk Vulnerability Scan
5. Unit Tests
6. Security Tests (test_security.py)
7. Integration Tests
8. Build
9. Deploy to Staging

test_requirements.txt

@@ -5,21 +5,54 @@ pytest-mock>=3.10.0
 responses>=0.23.0
 httpx>=0.25.0
 
-# Code Quality
+# Code Quality - Linting
 flake8>=6.0.0
 flake8-docstrings>=1.7.0
 flake8-builtins>=2.0.0
 flake8-comprehensions>=3.12.0
 flake8-logging-format>=0.9.0
 pylint>=2.17.0
-bandit>=1.7.0
-safety>=2.3.0
-vulture>=2.7.0
-mypy>=1.5.0
 black>=23.0.0
 isort>=5.12.0
+
+# Code Quality - Type Checking
+mypy>=1.5.0
+types-requests>=2.31.0
+
+# Static Security Analysis
+bandit>=1.7.0
+safety>=2.3.0
+semgrep>=1.40.0
+detect-secrets>=1.4.0
+
+# SAST/DAST Tools (CLI-based)
+vulture>=2.7.0
 pre-commit>=3.5.0
 
+# Complexity Analysis
+radon>=6.0.0
+xenon>=1.0.0
+
+# Documentation Quality
+pydocstyle>=6.3.0
+darglint>=1.8.0
+
+# Dependency Analysis
+pip-audit>=2.5.0
+pip-check>=2.10.0
+
+# License Compliance
+pip-licenses>=4.0.0
+
 # Coverage
 coverage>=7.0.0
 coveralls>=3.3.0
+
+# Performance Testing
+locust>=2.18.0
+
+# API Testing
+schemathesis>=3.18.0
+
+# Docker Security
+hadolint>=2.12.0