Tox and Zuul job for the bandit code scan in stx/distributedcloud

Setting up the bandit tool for the scanning of HIGH severity issues
in the python codes under Starlingx/distributedcloud folder.
Expecting this merge will enable zuul job for CI/CD of bandit scan.

Configuration files:
1. tox.ini for adding bandit environment and command.
2. test-requirements.txt for adding bandit version.
3. .zuul.yaml file for adding bandit job and configuring under
   check job to run code scan every time before code commit.

Test:
Run tox -e bandit command inside the fault folder to validate the
bandit scan and result.

Please note:
Changes will be implemented in batches and  this is Batch6 change.

Story: 2007541
Task: 39648
Depends-On: https://review.opendev.org/#/c/721294/

Change-Id: I6fdfeacdb000faafc73c44eef352bf2abd38a9a2
Signed-off-by: Sharath Kumar K <sharath.kumar@intel.com>
This commit is contained in:
Sharath Kumar K 2020-05-05 06:28:22 +02:00
parent cd12fc31a1
commit c1da0762d5
3 changed files with 7 additions and 0 deletions

View File

@ -4,6 +4,7 @@
- publish-stx-docs
- stx-api-ref-jobs
- stx-release-notes-jobs
- stx-bandit-jobs
check:
jobs:
- openstack-tox-linters

View File

@ -1,3 +1,4 @@
PyYAML>=3.1.0
yamllint>=0.5.2
mock>=2.0 # BSD
bandit!=1.6.0,>=1.1.0,<2.0.0

View File

@ -83,3 +83,8 @@ commands =
sphinx-build -W -b html -d api-ref/build/doctrees api-ref/source api-ref/build/html
whitelist_externals = rm
[testenv:bandit]
basepython = python3
description = Bandit code scan for *.py files under config folder
deps = -r{toxinidir}/test-requirements.txt
commands = bandit -r {toxinidir}/ -x '**/.tox/**,**/.eggs/**' -lll