697b43e00f
Setting up the bandit tool for the scanning of HIGH severity issues in the python codes under Starlingx/clients folder. Expecting this merge will enable zuul job for CI/CD of bandit scan. Configuration files: 1. tox.ini for adding bandit environment and command. 2. test-requirements.txt for adding bandit version. 3. .zuul.yaml file for adding bandit job and configuring under check job to run code scan every time before code commit. Test: Run tox -e bandit command inside the fault folder to validate the bandit scan and result. Please note: Changes will be implemented in batches and this is Batch5 change. Story: 2007541 Task: 39624 Depends-On: https://review.opendev.org/#/c/721294/ Change-Id: I602b43f0f0bc70a1eb48b11aa07fdf2e286db408 Signed-off-by: Sharath Kumar K <sharath.kumar@intel.com>
79 lines
2.0 KiB
INI
79 lines
2.0 KiB
INI
[tox]
|
|
envlist = linters
|
|
minversion = 2.3
|
|
skipsdist = True
|
|
|
|
[testenv]
|
|
install_command = pip install -U {opts} {packages}
|
|
setenv = VIRTUAL_ENV={envdir}
|
|
OS_STDOUT_CAPTURE=1
|
|
OS_STDERR_CAPTURE=1
|
|
OS_TEST_TIMEOUT=60
|
|
deps = -r{toxinidir}/test-requirements.txt
|
|
|
|
[testenv:linters]
|
|
basepython = python3
|
|
whitelist_externals = bash
|
|
commands =
|
|
bash -c "find {toxinidir} \
|
|
-not \( -type d -name .?\* -prune \) \
|
|
-type f \
|
|
-not -name \*~ \
|
|
-not -name \*.md \
|
|
-name \*.sh \
|
|
-print0 | xargs -0r bashate -iE006 -v"
|
|
bash -c "find {toxinidir} \
|
|
\( -name .tox -prune \) \
|
|
-o -type f -name '*.yaml' \
|
|
-print0 | xargs -0r yamllint"
|
|
|
|
[flake8]
|
|
exclude=.tox
|
|
# H102 Apache 2.0 license header not found
|
|
ignore=H102
|
|
|
|
[testenv:pep8]
|
|
basepython = python3
|
|
usedevelop = False
|
|
skip_install = True
|
|
# hacking pins the version of flake8
|
|
deps =
|
|
hacking!=0.13.0,<0.14,>=0.12.0
|
|
commands =
|
|
flake8
|
|
|
|
[testenv:venv]
|
|
basepython = python3
|
|
commands = {posargs}
|
|
|
|
[testenv:docs]
|
|
basepython = python3
|
|
deps = -r{toxinidir}/doc/requirements.txt
|
|
commands =
|
|
rm -rf doc/build
|
|
sphinx-build -a -E -W -d doc/build/doctrees -b html doc/source doc/build/html
|
|
whitelist_externals = rm
|
|
|
|
[testenv:releasenotes]
|
|
basepython = python3
|
|
deps = -r{toxinidir}/doc/requirements.txt
|
|
commands =
|
|
rm -rf releasenotes/build
|
|
sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html
|
|
whitelist_externals =
|
|
rm
|
|
reno
|
|
|
|
[testenv:newnote]
|
|
basepython = python3
|
|
# Re-use the releasenotes venv
|
|
envdir = {toxworkdir}/releasenotes
|
|
deps = -r{toxinidir}/doc/requirements.txt
|
|
commands = reno new {posargs}
|
|
|
|
[testenv:bandit]
|
|
basepython = python3
|
|
description = Bandit code scan for *.py files under config folder
|
|
deps = -r{toxinidir}/test-requirements.txt
|
|
commands = bandit -r {toxinidir}/ -x '**/.tox/**',**/.eggs/** -lll
|