Tox and Zuul job for the bandit code scan in stx/gui
Setting up the bandit tool for the scanning of HIGH severity issues in the python codes under Starlingx/gui folder. Expecting this merge will enable zuul job for CI/CD of bandit scan. Configuration files: 1. tox.ini for adding bandit environment and command. 2. test-requirements.txt for adding bandit version. 3. .zuul.yaml file for adding bandit job and configuring under check job to run code scan every time before code commit. Test: Run tox -e bandit command inside the fault folder to validate the bandit scan and result. Story: 2007541 Task: 39683 Depends-On: https://review.opendev.org/#/c/721294/ Change-Id: I155c9f894f8b1d701f2c75e3e892e6b83a35b11e Signed-off-by: Sharath Kumar K <sharath.kumar@intel.com>
This commit is contained in:
parent
593d0f82ba
commit
170ac040d2
|
@ -3,6 +3,7 @@
|
|||
templates:
|
||||
- publish-stx-docs
|
||||
- stx-release-notes-jobs
|
||||
- stx-bandit-jobs
|
||||
check:
|
||||
jobs:
|
||||
- openstack-tox-pep8
|
||||
|
|
|
@ -26,3 +26,4 @@ testtools>=1.4.0 # MIT
|
|||
# This also needs xvfb library installed on your OS
|
||||
xvfbwrapper>=0.1.3 #license: MIT
|
||||
pyOpenSSL>=0.14
|
||||
bandit!=1.6.0,>=1.1.0,<2.0.0
|
||||
|
|
6
tox.ini
6
tox.ini
|
@ -98,3 +98,9 @@ basepython = python3
|
|||
envdir = {toxworkdir}/releasenotes
|
||||
deps = -r{toxinidir}/doc/requirements.txt
|
||||
commands = reno new {posargs}
|
||||
|
||||
[testenv:bandit]
|
||||
basepython = python3
|
||||
description = Bandit code scan for *.py files under config folder
|
||||
deps = -r{toxinidir}/test-requirements.txt
|
||||
commands = bandit -r {toxinidir}/ -x '**/.tox/**,**/.eggs/**' -lll
|
||||
|
|
Loading…
Reference in New Issue