Tox and Zuul job for the python code scan in starlingx/fault

Setting up the bandit tool for the scanning of HIGH severity issues in the python codes under Starlingx/fault folder. Expecting this merge will enable zuul job for CI/CD of bandit scan. Configuration files: 1. tox.ini for adding bandit environment and command. 2. test-requirements.txt for adding bandit version. 3. .zuul.yaml file for adding bandit job and configuring under check job to run code scan every time before code commit. Test: Run tox -e bandit command inside the fault folder to validate the bandit scan and result. Please note: Changes will be implemented in batches and this is Batch2 change. Story: 2007541 Task: 39490 Depends-On: https://review.opendev.org/#/c/721294/ Change-Id: I84449691281d9769e9219e6f9f1338c20f518f40 Signed-off-by: Sharath Kumar K <sharath.kumar@intel.com>
2020-04-20 18:50:47 +02:00 · 2020-04-20 18:50:47 +02:00 · 2f364daa08
parent c63ad80c23
commit 2f364daa08
3 changed files with 7 additions and 0 deletions
--- a/.zuul.yaml
+++ b/.zuul.yaml
@ -6,6 +6,7 @@
      - stx-api-ref-jobs
      - stx-release-notes-jobs
      - stx-lint-specfile-jobs
+      - stx-bandit-jobs
    check:
      jobs:
        - openstack-tox-linters
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -4,3 +4,4 @@ mock
 PyYAML >= 3.1.0
 yamllint >= 0.5.2
 #spec_cleaner>=1.0.9
+bandit!=1.6.0,>=1.1.0,<2.0.0
--- a/tox.ini
+++ b/tox.ini
@ -146,3 +146,8 @@ basepython = python3
 whitelist_externals = cat
 commands = cat /etc/fm/fm.conf

+[testenv:bandit]
+basepython = python3
+description = Bandit code scan for *.py files under config folder
+deps = -r{toxinidir}/test-requirements.txt
+commands = bandit -r {toxinidir}/ -x '**/.tox/**',**/.eggs/** -lll