Tox and Zuul job for the bandit code scan in stx/stx-puppet
Setting up the bandit tool for the scanning of HIGH severity issues in the python codes under Starlingx/stx-puppet folder. Expecting this merge will enable zuul job for CI/CD of bandit scan. Configuration files: 1. tox.ini for adding bandit environment and command. 2. test-requirements.txt for adding bandit version. 3. .zuul.yaml file for adding bandit job and configuring under check job to run code scan every time before code commit. Test: Run tox -e bandit command inside the fault folder to validate the bandit scan and result. Story: 2007541 Task: 39687 Depends-On: https://review.opendev.org/#/c/721294/ Change-Id: I2982268db2b5e75feeb287bc95420fedc9b0d816 Signed-off-by: Sharath Kumar K <sharath.kumar@intel.com>
This commit is contained in:
parent
d57eb27dc5
commit
4134023ab8
|
@ -1,5 +1,7 @@
|
||||||
---
|
---
|
||||||
- project:
|
- project:
|
||||||
|
templates:
|
||||||
|
- stx-bandit-jobs
|
||||||
check:
|
check:
|
||||||
jobs:
|
jobs:
|
||||||
- stx-puppet-linters
|
- stx-puppet-linters
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
# hacking pulls in flake8
|
# hacking pulls in flake8
|
||||||
hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0
|
hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0
|
||||||
bashate >= 0.2
|
bashate >= 0.2
|
||||||
|
bandit!=1.6.0,>=1.1.0,<2.0.0
|
||||||
|
|
5
tox.ini
5
tox.ini
|
@ -81,3 +81,8 @@ show-source = True
|
||||||
ignore = E123,E125,E501,H405,W504
|
ignore = E123,E125,E501,H405,W504
|
||||||
exclude = .venv,.git,.tox,dist,doc,*lib/python*,*egg,build,release-tag-*
|
exclude = .venv,.git,.tox,dist,doc,*lib/python*,*egg,build,release-tag-*
|
||||||
|
|
||||||
|
[testenv:bandit]
|
||||||
|
basepython = python3
|
||||||
|
description = Bandit code scan for *.py files under config folder
|
||||||
|
deps = -r{toxinidir}/test-requirements.txt
|
||||||
|
commands = bandit -r {toxinidir}/ -x '**/.tox/**,**/.eggs/**' -lll
|
||||||
|
|
Loading…
Reference in New Issue