add bandit to pep8 job

Add the bandit security scanner to the pep8 job. Change-Id: I257529cabf0c4de2107783a6758d963ddc887ed9 Signed-off-by: Doug Hellmann <doug@doughellmann.com>
2017-11-10 18:14:09 -05:00 · 2017-11-10 18:14:09 -05:00 · ec7aedb921
parent dd60a2a253
commit ec7aedb921
3 changed files with 12 additions and 2 deletions
--- a/bandit.yaml
+++ b/bandit.yaml
@ -0,0 +1,2 @@
+skips:
+  - B110
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -12,3 +12,6 @@ coverage!=4.4,>=4.0 # Apache-2.0

 # this is required for the docs build jobs
 sphinx>=1.6.2 # BSD
+
+# Bandit security code scanner
+bandit>=1.1.0 # Apache-2.0
--- a/tox.ini
+++ b/tox.ini
@ -23,8 +23,13 @@ deps =
  .[docs]

 [testenv:pep8]
-deps = flake8
-commands = flake8 cliff doc/source/conf.py setup.py
+deps =
+  -r{toxinidir}/test-requirements.txt
+  flake8
+commands =
+  flake8 cliff doc/source/conf.py setup.py
+  # Run security linter
+  bandit -c bandit.yaml -r cliff -x tests -n5

 [testenv:venv]
 commands = {posargs}