From 6aae80ec1897342222a255ae2aafe28cd2069137 Mon Sep 17 00:00:00 2001
From: Doug Hellmann <doug@doughellmann.com>
Date: Fri, 10 Nov 2017 18:00:22 -0500
Subject: [PATCH] add bandit to pep8 job

Add the bandit security scanner to the pep8 job.

Change-Id: I4fa14f3c42f064b6ec58e1f3a3cde22ad031ac7a
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
---
 test-requirements.txt | 2 ++
 tox.ini               | 9 +++++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/test-requirements.txt b/test-requirements.txt
index 699eeaf..18a5a8c 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -7,3 +7,5 @@ coverage!=4.4,>=4.0 # Apache-2.0
 testrepository>=0.0.18 # Apache-2.0/BSD
 # sphinx is needed for testing the sphinxext module
 sphinx>=1.6.2 # BSD
+# Bandit security code scanner
+bandit>=1.1.0 # Apache-2.0
diff --git a/tox.ini b/tox.ini
index 5b84b80..12de56d 100644
--- a/tox.ini
+++ b/tox.ini
@@ -20,9 +20,14 @@ deps =
 commands = {posargs}
 
 [testenv:pep8]
-deps = flake8
+deps =
+  -r{toxinidir}/test-requirements.txt
+  flake8
 ignore = E251
-commands = flake8 stevedore setup.py
+commands =
+  flake8 stevedore setup.py
+  # Run security linter
+  bandit -r stevedore -x tests -n5
 
 [testenv:docs]
 deps = -r{toxinidir}/doc/requirements.txt