Adding tox support for bandit

Bandit is a code linter which is used to help identify potential security vulnerabilities. As part of the plan to integrate bandit into each OpenStack project, support for a tox testenv is step one. Later, gate tests will also be incorporated. Change-Id: Ib6ef0a3e8f32f2724314c166d7de50d591c0e949
2016-03-22 16:34:51 -05:00 · 2016-03-22 16:34:51 -05:00 · c5272b349b
commit c5272b349b
parent abe6707d26
2 changed files with 4 additions and 0 deletions
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -3,6 +3,7 @@
 # process, which may cause wedges in the gate later.
 hacking<0.11,>=0.10.0

+bandit>=0.17.3 # Apache-2.0
 coverage>=3.6 # Apache-2.0
 discover # BSD
 fixtures>=1.3.1 # Apache-2.0/BSD
--- a/tox.ini
+++ b/tox.ini
@ -23,6 +23,9 @@ commands =
 [testenv:pep8]
 commands = flake8 {posargs}

+[testenv:bandit]
+commands = bandit -r novaclient -n5 -x tests
+
 [testenv:venv]
 commands = {posargs}