From 333f4ba2841d37f37bfcd2de4579f03e3b6d77eb Mon Sep 17 00:00:00 2001 From: Tin Lam Date: Sun, 3 Jun 2018 03:20:52 -0500 Subject: [PATCH] chore(bandit): add bandit This patch set puts the bandit check as part of the pep8 gating job for airship-armada and remove the separate bandit gate. Change-Id: I3871bb20f04aedb80a1ffca4038e94a156156a14 Signed-off-by: Tin Lam --- .zuul.yaml | 12 ------------ tools/gate/playbooks/security-bandit.yaml | 20 -------------------- tox.ini | 5 +++++ 3 files changed, 5 insertions(+), 32 deletions(-) delete mode 100644 tools/gate/playbooks/security-bandit.yaml diff --git a/.zuul.yaml b/.zuul.yaml index 8a8036f4..1edb7902 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -17,14 +17,12 @@ - airship-armada-lint-pep8 - airship-armada-ubuntu - airship-armada-unit-py35 - - airship-armada-security-bandit gate: jobs: - airship-armada-linter - airship-armada-lint-pep8 - airship-armada-unit-py35 - - airship-armada-security-bandit - job: name: airship-armada-linter @@ -72,16 +70,6 @@ timeout: 300 nodeset: airship-armada-single-node -- job: - name: airship-armada-security-bandit - description: | - Executes the Bandit security scanner against Python files - run: tools/gate/playbooks/security-bandit.yaml - timeout: 300 - nodeset: airship-armada-single-node - files: - - ^.*\.py$ - - job: name: airship-armada-lint-pep8 description: | diff --git a/tools/gate/playbooks/security-bandit.yaml b/tools/gate/playbooks/security-bandit.yaml deleted file mode 100644 index 354d26c9..00000000 --- a/tools/gate/playbooks/security-bandit.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: primary - tasks: - - name: Execute the make target for security scanning - make: - chdir: "{{ zuul.project.src_dir }}" - target: test-bandit - register: result - failed_when: result.failed diff --git a/tox.ini b/tox.ini index a90f9296..63aa1bc6 100644 --- a/tox.ini +++ b/tox.ini @@ -40,8 +40,13 @@ deps = -r{toxinidir}/doc/requirements.txt commands = sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html [testenv:pep8] +deps = + .[bandit] + {[testenv]deps} commands = flake8 {posargs} + # Run security linter as part of the pep8 gate instead of a separate zuul job. + bandit -r armada -x armada/tests -n 5 [testenv:bandit] commands =