pre-commit: Integrate bandit
Co-Authored-By: Stephen Finucane <sfinucan@redhat.com> Change-Id: I8ce1724bb1f7eab88204d350616bf59d910ea57d
This commit is contained in:
parent
0bbba47f76
commit
74cd0c6e89
@ -23,3 +23,8 @@ repos:
|
||||
hooks:
|
||||
- id: hacking
|
||||
additional_dependencies: []
|
||||
- repo: https://github.com/PyCQA/bandit
|
||||
rev: 1.7.6
|
||||
hooks:
|
||||
- id: bandit
|
||||
args: ['-x', 'tests', '-s', 'B105']
|
||||
|
@ -7,5 +7,4 @@ stestr>=2.0.0 # Apache-2.0
|
||||
fixtures>=3.0.0 # Apache-2.0/BSD
|
||||
testscenarios>=0.4 # Apache-2.0/BSD
|
||||
testtools>=2.2.0 # MIT
|
||||
bandit>=1.6.0,<1.7.0 # Apache-2.0
|
||||
pifpaf>=0.10.0 # Apache-2.0
|
||||
|
12
tox.ini
12
tox.ini
@ -22,18 +22,6 @@ commands =
|
||||
pre-commit run -a
|
||||
bandit -r castellan -x tests -s B105,B106,B107,B607
|
||||
|
||||
[testenv:bandit]
|
||||
# This command runs the bandit security linter against the castellan
|
||||
# codebase minus the tests directory. Some tests are being excluded to
|
||||
# reduce the number of positives before a team inspection, and to ensure a
|
||||
# passing gate job for initial addition. The excluded tests are:
|
||||
# B105-B107: hardcoded password checks - likely to generate false positives
|
||||
# in a gate environment
|
||||
# B607: start process with a partial path - this should be a project level
|
||||
# decision
|
||||
commands =
|
||||
bandit -r castellan -x tests -s B105,B106,B107,B607
|
||||
|
||||
[testenv:venv]
|
||||
commands = {posargs}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user