Add Bandit non-voting job
This commit adds two new tox environments for bandit scanner. To run any of them you can use tox commands: 1) 'tox -e bandit' to run bandit scanner against all the code 2) 'tox -e bandit-baseline' to run bandit scanner only against the last commit or the current changes. Bandit job uses 'bandit-baseline' tox environment to veryfy that no new issues were introduced. Change-Id: I1fc3bb0d5d151f215b9efc916f921fabaa72e7d8
This commit is contained in:
parent
e1ec6dfa15
commit
fe4a1f4051
17
.zuul.yaml
17
.zuul.yaml
|
@ -60,6 +60,21 @@
|
|||
tempest_test_regex: horizon
|
||||
tox_envlist: all
|
||||
|
||||
- job:
|
||||
# Security testing for known issues
|
||||
name: horizon-tox-bandit-baseline
|
||||
parent: openstack-tox
|
||||
timeout: 2400
|
||||
vars:
|
||||
tox_envlist: bandit-baseline
|
||||
irrelevant-files:
|
||||
- ^.*\.rst$
|
||||
- ^.*\locale/.*$
|
||||
- ^doc/.*$
|
||||
- ^releasenotes/.*$
|
||||
- ^setup.cfg$
|
||||
- ^tools/.*$
|
||||
|
||||
- project:
|
||||
check:
|
||||
jobs:
|
||||
|
@ -68,6 +83,8 @@
|
|||
voting: false
|
||||
- horizon-dsvm-tempest-plugin
|
||||
- openstack-tox-lower-constraints
|
||||
- horizon-tox-bandit-baseline:
|
||||
voting: false
|
||||
gate:
|
||||
jobs:
|
||||
- horizon-openstack-tox-python3-django111
|
||||
|
|
|
@ -9,6 +9,7 @@
|
|||
# Hacking should appear first in case something else depends on pep8
|
||||
hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0
|
||||
#
|
||||
bandit>=1.4.0 # Apache-2.0
|
||||
coverage!=4.4,>=4.0 # Apache-2.0
|
||||
doc8>=0.6.0 # Apache-2.0
|
||||
flake8-import-order==0.12 # LGPLv3
|
||||
|
|
7
tox.ini
7
tox.ini
|
@ -176,6 +176,13 @@ application-import-names = horizon,openstack_dashboard
|
|||
[hacking]
|
||||
local-check-factory = horizon.hacking.checks.factory
|
||||
|
||||
[testenv:bandit]
|
||||
commands = bandit -r horizon openstack_auth openstack_dashboard -n5 -x tests -ll
|
||||
|
||||
[testenv:bandit-baseline]
|
||||
envdir = {toxworkdir}/bandit
|
||||
commands = bandit-baseline -r horizon openstack_auth openstack_dashboard -n5 -x tests -ii -ll
|
||||
|
||||
[doc8]
|
||||
# File extensions to check
|
||||
extensions = .rst, .yaml
|
||||
|
|
Loading…
Reference in New Issue