From 228c24561b8e89a01172ae4231e071c89c8d58b7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tomasz=20Tr=C4=99bski?= <tomasz.trebski@ts.fujitsu.com>
Date: Thu, 2 Feb 2017 09:44:41 +0100
Subject: [PATCH] [WIP][BANDIT] Extended code analysis

Following commit enables bandit to analyse
code quality of both API and tempests code

Change-Id: I70e964b7f6afddb79b70416c8d99100bfcc8a379
---
 test-requirements.txt | 1 +
 tox.ini               | 8 ++++++++
 2 files changed, 9 insertions(+)

diff --git a/test-requirements.txt b/test-requirements.txt
index 6cf5647d3..40f74a6cc 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -2,6 +2,7 @@
 # of appearance. Changing the order has an impact on the overall integration
 # process, which may cause wedges in the gate later.
 # Hacking already pins down pep8, pyflakes and flake8
+bandit>=1.1.0  # Apache-2.0
 hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0
 Babel>=2.3.4 # BSD
 coverage>=4.0 # Apache-2.0
diff --git a/tox.ini b/tox.ini
index b07c3897e..ab44927c4 100644
--- a/tox.ini
+++ b/tox.ini
@@ -59,11 +59,19 @@ commands =
     flake8 monasca_api
     flake8 monasca_tempest_tests
 
+[testenv:bandit]
+commands =
+  # B101(assert_ussed) - API uses asserts because of performance reasons
+  bandit -r monasca_api -n5 -s B101 -x monasca_api/tests
+  # B101(assert_ussed) - asserts in test layers seems appropriate
+  bandit -r monasca_tempest_tests -n5 -s B101
+
 [testenv:pep8]
 deps =
   {[testenv]deps}
 commands =
   {[testenv:flake8]commands}
+  {[testenv:bandit]commands}
 
 [testenv:venv]
 commands = {posargs}