Requirements:
- bandit 1.6.0 contains a regression in the handling of patterns.
A fix is in place in bandit master, but newer versions introduces
more checks so they are not working as well.
The version is excluded there because is not handled by global
requirements.
Remove the separate requirement file for bandit, because
bandit has been part of test-requirements.txt in the last 3 years.
There is noneed for a separate requirements file anymore.
Even more, the bandit tox environment could be probably removed.
- synchronize the requirements for sphinx and jsonschema with the
current values from the requirements repository to make
the requirements-check job happy.
Jobs:
- temporarily disable the scenario-py3 job until a new stestr
(>2.3.1) is tagged.
Change-Id: Ief8e392fcd2d66a73593abcfda06fc7dbe2e53a6
This change adds a basic bandit config for sahara. It can be invoked by
running the tox environment for bandit; `$ tox -e bandit`. The tests are
based on the default bandit configuration with a few blacklist tests as
well. This is intended as a starting point for using bandit with sahara
and it should be revisited to improve the testing as more is learned
about the specific needs of the sahara code base.
* adding bandit.yaml configuration
* adding bandit to tox.ini
* adding a requirements file for bandit tox environment
Change-Id: I4b03f04dca80b146fdbae31a6b6011e78380d665