From db1fe14c0b8b33eeacc687549c0e273d00618cdd Mon Sep 17 00:00:00 2001
From: "Ian H. Pittwood" <pittwoodian@gmail.com>
Date: Wed, 29 May 2019 11:50:54 -0500
Subject: [PATCH] Adds Safety dependency vulnerability checks

This change adds dependency vulnerability checks into tox. These checks
are performed by the Safety package which checks requirements files
against a vulnerability database for any issues. If any vulnerabilities
are found, tox will fail its pep8 env.

Change-Id: I6e356d1f55ced7df9490d34e06451acd9cbb6d70
---
 tox.ini | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/tox.ini b/tox.ini
index 32c3048..a8480e1 100644
--- a/tox.ini
+++ b/tox.ini
@@ -35,9 +35,17 @@ commands =
   yapf -dr {toxinidir}/spyglass-plugin-xls {toxinidir}/setup.py
   flake8 {toxinidir}/spyglass-plugin-xls
   bandit -r spyglass-plugin-xls -n 5
+  safety check -r requirements.txt --bare
 whitelist_externals =
   bash
 
+[testenv:safety]
+deps =
+    safety
+commands =
+    safety check -r {toxinidir}/requirements.txt --full-report
+    safety check -r {toxinidir}/test-requirements.txt --full-report
+
 [testenv:bandit]
 deps =
     bandit