Tox and Zuul job for the python code scan in starlingx/ha
Setting up the bandit tool for the scanning of HIGH severity issues in the python codes under Starlingx/ha folder. Expecting this merge will enable zuul job for CI/CD of bandit scan. Configuration files: 1. tox.ini for adding bandit environment and command. 2. test-requirements.txt for adding bandit version. 3. .zuul.yaml file for adding bandit job and configuring under check job to run code scan every time before code commit. Test: Run tox -e bandit command inside the fault folder to validate the bandit scan and result. Please note: Changes will be implemented in batches and this is Batch3 change. Story: 2007541 Task: 39621 Depends-On: https://review.opendev.org/#/c/721294/ Change-Id: I01f81d7c52c12432965106f9603e4db600381971 Signed-off-by: Sharath Kumar K <sharath.kumar@intel.com>
This commit is contained in:
parent
1781f41eae
commit
3b68098be4
|
@ -4,6 +4,7 @@
|
|||
- publish-stx-docs
|
||||
- stx-api-ref-jobs
|
||||
- stx-release-notes-jobs
|
||||
- stx-bandit-jobs
|
||||
check:
|
||||
jobs:
|
||||
- openstack-tox-pep8
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
bashate >= 0.2
|
||||
PyYAML >= 3.1.0
|
||||
yamllint >= 0.5.2
|
||||
bandit!=1.6.0,>=1.1.0,<2.0.0
|
||||
|
|
6
tox.ini
6
tox.ini
|
@ -130,3 +130,9 @@ commands =
|
|||
rm -rf api-ref/build
|
||||
sphinx-build -W -b html -d api-ref/build/doctrees api-ref/source api-ref/build/html
|
||||
whitelist_externals = rm
|
||||
|
||||
[testenv:bandit]
|
||||
basepython = python3
|
||||
description = Bandit code scan for *.py files under config folder
|
||||
deps = -r{toxinidir}/test-requirements.txt
|
||||
commands = bandit -r {toxinidir}/ -x '**/.tox/**',**/.eggs/** -lll
|
||||
|
|
Loading…
Reference in New Issue