Merge "ZUUL job template for bandit code scan"

2020-04-22 18:27:09 +00:00 · 2020-04-22 18:27:09 +00:00 · 93702fbac6
parent 93857251f7 dfe9d39d49
commit 93702fbac6
2 changed files with 26 additions and 0 deletions
--- a/zuul.d/jobs.yaml
+++ b/zuul.d/jobs.yaml
@ -34,3 +34,19 @@
    nodeset: centos-7
    run: playbooks/buildproject.yaml

+- job:
+    name: stx-tox-bandit-static-scan
+    parent: tox
+    description: |
+      Static code scan of .py files for unknown Severity HIGH issues
+    vars:
+      tox_envlist: bandit
+    files: .*\.py
+    irrelevant-files:
+      - ^test-requirements.txt$
+      - ^.*\.rst$
+      - ^doc/.*$
+      - ^releasenotes/.*$
+      - ^setup.cfg$
+      - ^tools/(?!bandit.yml).*$
+      - ^tox.ini$
--- a/zuul.d/project-templates.yaml
+++ b/zuul.d/project-templates.yaml
@ -69,3 +69,13 @@
            voting: false
        - stx-obs-build-opensuse:
            voting: false
+
+- project-template:
+    name: stx-bandit-jobs
+    description: |
+      Bandit code scanning jobs
+    check:
+      jobs:
+        - stx-tox-bandit-static-scan:
+            voting: false
+