From ec7aedb9214e4fdf8649c381743dfc02e28869b0 Mon Sep 17 00:00:00 2001
From: Doug Hellmann <doug@doughellmann.com>
Date: Fri, 10 Nov 2017 18:14:09 -0500
Subject: [PATCH] add bandit to pep8 job

Add the bandit security scanner to the pep8 job.

Change-Id: I257529cabf0c4de2107783a6758d963ddc887ed9
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
---
 bandit.yaml           | 2 ++
 test-requirements.txt | 3 +++
 tox.ini               | 9 +++++++--
 3 files changed, 12 insertions(+), 2 deletions(-)
 create mode 100644 bandit.yaml

diff --git a/bandit.yaml b/bandit.yaml
new file mode 100644
index 00000000..5ad189c5
--- /dev/null
+++ b/bandit.yaml
@@ -0,0 +1,2 @@
+skips:
+  - B110
diff --git a/test-requirements.txt b/test-requirements.txt
index 21be5057..440dfdbf 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -12,3 +12,6 @@ coverage!=4.4,>=4.0 # Apache-2.0
 
 # this is required for the docs build jobs
 sphinx>=1.6.2 # BSD
+
+# Bandit security code scanner
+bandit>=1.1.0 # Apache-2.0
diff --git a/tox.ini b/tox.ini
index 78d82994..2f7239e5 100644
--- a/tox.ini
+++ b/tox.ini
@@ -23,8 +23,13 @@ deps =
   .[docs]
 
 [testenv:pep8]
-deps = flake8
-commands = flake8 cliff doc/source/conf.py setup.py
+deps =
+  -r{toxinidir}/test-requirements.txt
+  flake8
+commands =
+  flake8 cliff doc/source/conf.py setup.py
+  # Run security linter
+  bandit -c bandit.yaml -r cliff -x tests -n5
 
 [testenv:venv]
 commands = {posargs}