e025404e69
This change adds a basic bandit config for Nova. It can be invoked
by running the tox environment for bandit;
tox -e bandit
This is intended as a starting point for using bandit with Nova
and it should be revisited to improve the testing as more is learned
about the specific needs of the Nova code base.
Tox is configured to only show results for high and medium severity
results.
https://wiki.openstack.org/wiki/Security/Projects/Bandit
Change-Id: I3026b81317f0a6322acfc94784899a7453af586f
28 lines
724 B
Plaintext
28 lines
724 B
Plaintext
# The order of packages is significant, because pip processes them in the order
|
|
# of appearance. Changing the order has an impact on the overall integration
|
|
# process, which may cause wedges in the gate later.
|
|
|
|
hacking<0.11,>=0.10.0
|
|
coverage>=3.6
|
|
discover
|
|
fixtures>=1.3.1
|
|
mock>=1.0
|
|
mox3>=0.7.0
|
|
MySQL-python;python_version=='2.7'
|
|
psycopg2
|
|
PyMySQL>=0.6.2 # MIT License
|
|
python-barbicanclient>=3.0.1
|
|
python-ironicclient>=0.2.1
|
|
python-subunit>=0.0.18
|
|
requests-mock>=0.6.0 # Apache-2.0
|
|
sphinx!=1.2.0,!=1.3b1,<1.3,>=1.1.2
|
|
oslosphinx>=2.5.0 # Apache-2.0
|
|
oslotest>=1.5.1 # Apache-2.0
|
|
testrepository>=0.0.18
|
|
testtools>=1.4.0
|
|
tempest-lib>=0.6.1
|
|
bandit>=0.10.1
|
|
|
|
# vmwareapi driver specific dependencies
|
|
oslo.vmware>=0.13.1 # Apache-2.0
|