Browse Source

Tox and Zuul job for the python code scan in starlingx/fault

Setting up the bandit tool for the scanning of HIGH severity issues
in the python codes under Starlingx/fault folder.
Expecting this merge will enable zuul job for CI/CD of bandit scan.

Configuration files:
1. tox.ini for adding bandit environment and command.
2. test-requirements.txt for adding bandit version.
3. .zuul.yaml file for adding bandit job and configuring under
   check job to run code scan every time before code commit.

Test:
Run tox -e bandit command inside the fault folder to validate the
bandit scan and result.

Please note:
Changes will be implemented in batches and  this is Batch2 change.

Story: 2007541
Task: 39490
Depends-On: https://review.opendev.org/#/c/721294/

Change-Id: I84449691281d9769e9219e6f9f1338c20f518f40
Signed-off-by: Sharath Kumar K <sharath.kumar@intel.com>
changes/07/721307/7
Sharath Kumar K 1 year ago
parent
commit
2f364daa08
3 changed files with 7 additions and 0 deletions
  1. +1
    -0
      .zuul.yaml
  2. +1
    -0
      test-requirements.txt
  3. +5
    -0
      tox.ini

+ 1
- 0
.zuul.yaml View File

@ -6,6 +6,7 @@
- stx-api-ref-jobs
- stx-release-notes-jobs
- stx-lint-specfile-jobs
- stx-bandit-jobs
check:
jobs:
- openstack-tox-linters


+ 1
- 0
test-requirements.txt View File

@ -4,3 +4,4 @@ mock
PyYAML >= 3.1.0
yamllint >= 0.5.2
#spec_cleaner>=1.0.9
bandit!=1.6.0,>=1.1.0,<2.0.0

+ 5
- 0
tox.ini View File

@ -146,3 +146,8 @@ basepython = python3
whitelist_externals = cat
commands = cat /etc/fm/fm.conf
[testenv:bandit]
basepython = python3
description = Bandit code scan for *.py files under config folder
deps = -r{toxinidir}/test-requirements.txt
commands = bandit -r {toxinidir}/ -x '**/.tox/**',**/.eggs/** -lll

Loading…
Cancel
Save