From 170ac040d2250ec5a26f2a39e4c7d5b49cfd6529 Mon Sep 17 00:00:00 2001 From: Sharath Kumar K Date: Thu, 7 May 2020 08:59:08 +0200 Subject: [PATCH] Tox and Zuul job for the bandit code scan in stx/gui Setting up the bandit tool for the scanning of HIGH severity issues in the python codes under Starlingx/gui folder. Expecting this merge will enable zuul job for CI/CD of bandit scan. Configuration files: 1. tox.ini for adding bandit environment and command. 2. test-requirements.txt for adding bandit version. 3. .zuul.yaml file for adding bandit job and configuring under check job to run code scan every time before code commit. Test: Run tox -e bandit command inside the fault folder to validate the bandit scan and result. Story: 2007541 Task: 39683 Depends-On: https://review.opendev.org/#/c/721294/ Change-Id: I155c9f894f8b1d701f2c75e3e892e6b83a35b11e Signed-off-by: Sharath Kumar K --- .zuul.yaml | 1 + test-requirements.txt | 1 + tox.ini | 6 ++++++ 3 files changed, 8 insertions(+) diff --git a/.zuul.yaml b/.zuul.yaml index 8d0f1491..b42a706f 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -3,6 +3,7 @@ templates: - publish-stx-docs - stx-release-notes-jobs + - stx-bandit-jobs check: jobs: - openstack-tox-pep8 diff --git a/test-requirements.txt b/test-requirements.txt index 2f486674..6c854bcb 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -26,3 +26,4 @@ testtools>=1.4.0 # MIT # This also needs xvfb library installed on your OS xvfbwrapper>=0.1.3 #license: MIT pyOpenSSL>=0.14 +bandit!=1.6.0,>=1.1.0,<2.0.0 diff --git a/tox.ini b/tox.ini index c2219238..ba4949f4 100644 --- a/tox.ini +++ b/tox.ini @@ -98,3 +98,9 @@ basepython = python3 envdir = {toxworkdir}/releasenotes deps = -r{toxinidir}/doc/requirements.txt commands = reno new {posargs} + +[testenv:bandit] +basepython = python3 +description = Bandit code scan for *.py files under config folder +deps = -r{toxinidir}/test-requirements.txt +commands = bandit -r {toxinidir}/ -x '**/.tox/**,**/.eggs/**' -lll