c1da0762d5
Setting up the bandit tool for the scanning of HIGH severity issues in the python codes under Starlingx/distributedcloud folder. Expecting this merge will enable zuul job for CI/CD of bandit scan. Configuration files: 1. tox.ini for adding bandit environment and command. 2. test-requirements.txt for adding bandit version. 3. .zuul.yaml file for adding bandit job and configuring under check job to run code scan every time before code commit. Test: Run tox -e bandit command inside the fault folder to validate the bandit scan and result. Please note: Changes will be implemented in batches and this is Batch6 change. Story: 2007541 Task: 39648 Depends-On: https://review.opendev.org/#/c/721294/ Change-Id: I6fdfeacdb000faafc73c44eef352bf2abd38a9a2 Signed-off-by: Sharath Kumar K <sharath.kumar@intel.com>
91 lines
2.4 KiB
INI
91 lines
2.4 KiB
INI
[tox]
|
|
envlist = linters
|
|
minversion = 2.3
|
|
skipsdist = True
|
|
|
|
[testenv]
|
|
install_command = pip install \
|
|
-c https://opendev.org/openstack/requirements/raw/branch/stable/stein/upper-constraints.txt \
|
|
{opts} {packages}
|
|
setenv =
|
|
VIRTUAL_ENV={envdir}
|
|
OS_STDOUT_CAPTURE=1
|
|
OS_STDERR_CAPTURE=1
|
|
OS_TEST_TIMEOUT=60
|
|
CURRENT_CFG_FILE={toxinidir}/.current.cfg
|
|
commands = find {toxinidir} -type f -not -path '{toxinidir}/.tox/*' -not -path '*/__pycache__/*' -name '*.py[c|o]' -delete
|
|
|
|
deps = -r{toxinidir}/test-requirements.txt
|
|
-r{toxinidir}/requirements.txt
|
|
keyring
|
|
|
|
whitelist_externals =
|
|
rm
|
|
find
|
|
reno
|
|
|
|
[testenv:venv]
|
|
basepython = python3
|
|
commands = {posargs}
|
|
|
|
[testenv:flake8]
|
|
basepython = python3
|
|
description = Dummy environment to allow flake8 to be run in subdir tox
|
|
|
|
[testenv:pep8]
|
|
basepython = python3
|
|
description = Dummy environment to allow pep8 to be run in subdir tox
|
|
|
|
[testenv:pylint]
|
|
basepython = python3
|
|
description = Dummy environment to allow pylint to be run in subdir tox
|
|
|
|
[testenv:linters]
|
|
basepython = python3
|
|
whitelist_externals = bash
|
|
commands =
|
|
bash -c "find {toxinidir} \
|
|
\( -name .tox -prune \) \
|
|
-o -type f -name '*.yaml' \
|
|
-print0 | xargs -r -0 yamllint"
|
|
|
|
[testenv:docs]
|
|
basepython = python3
|
|
deps = -r{toxinidir}/doc/requirements.txt
|
|
commands =
|
|
rm -rf doc/build
|
|
sphinx-build -a -E -W -d doc/build/doctrees -b html doc/source doc/build/html
|
|
whitelist_externals = rm
|
|
|
|
[testenv:releasenotes]
|
|
basepython = python3
|
|
deps = -r{toxinidir}/doc/requirements.txt
|
|
commands =
|
|
rm -rf releasenotes/build
|
|
sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html
|
|
whitelist_externals =
|
|
rm
|
|
reno
|
|
|
|
[testenv:newnote]
|
|
basepython = python3
|
|
# Re-use the releasenotes venv
|
|
envdir = {toxworkdir}/releasenotes
|
|
deps = -r{toxinidir}/doc/requirements.txt
|
|
commands = reno --rel-notes-dir {toxinidir}/releasenotes new {posargs}
|
|
|
|
[testenv:api-ref]
|
|
basepython = python3
|
|
deps =
|
|
-r{toxinidir}/doc/requirements.txt
|
|
commands =
|
|
rm -rf api-ref/build
|
|
sphinx-build -W -b html -d api-ref/build/doctrees api-ref/source api-ref/build/html
|
|
whitelist_externals = rm
|
|
|
|
[testenv:bandit]
|
|
basepython = python3
|
|
description = Bandit code scan for *.py files under config folder
|
|
deps = -r{toxinidir}/test-requirements.txt
|
|
commands = bandit -r {toxinidir}/ -x '**/.tox/**,**/.eggs/**' -lll
|