pre-commit: Integrate bandit

We also remove these unnecessary linter dependencies from test-requirements.txt. Co-Authored-By: Stephen Finucane <sfinucan@redhat.com> Change-Id: Id17f4865b2da9f4a5c1cd5ea360cd007315d1c0e
2024-02-02 21:45:34 +09:00 · 2024-02-02 21:45:34 +09:00 · 797f40aa43
parent 36bb13ec03
commit 797f40aa43
3 changed files with 7 additions and 8 deletions
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -23,3 +23,8 @@ repos:
    hooks:
      - id: hacking
        additional_dependencies: []
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1.7.6
+    hooks:
+      - id: bandit
+        args: ['-x', 'tests', '-s', 'B311,B404,B603,B606']
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -3,8 +3,3 @@ coverage!=4.4,>=4.0 # Apache-2.0
 fixtures>=3.0.0 # Apache-2.0/BSD
 stestr>=2.0.0 # Apache-2.0
 eventlet>=0.19.0 # MIT
-
-# Bandit security code scanner
-bandit>=1.7.0,<1.8.0 # Apache-2.0
-
-pre-commit>=2.6.0 # MIT
--- a/tox.ini
+++ b/tox.ini
@ -13,11 +13,10 @@ commands =
  env TEST_EVENTLET=1 lockutils-wrapper stestr run --slowest {posargs}

 [testenv:pep8]
-deps = {[testenv]deps}
+deps =
+  pre-commit
 commands =
  pre-commit run -a
-  # Run security linter
-  bandit -r oslo_concurrency -x tests -n5 --skip B311,B404,B603,B606

 [testenv:venv]
 commands = {posargs}