From 11669ed5216c94f3420969aa5b31e0687af33f18 Mon Sep 17 00:00:00 2001
From: Cédric Ollivier <cedric.ollivier@orange.com>
Date: Sat, 25 May 2019 10:17:21 +0200
Subject: Run bandit when verifying changes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

It reports only MEDIUM issues or higher like nova [1]

[1] https://github.com/openstack/nova/blob/master/tox.ini#L221

Change-Id: I1302b28ed1dcc4e074c6c6f2aa5e915c88eb03f4
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
---
 test-requirements.txt |  1 +
 tox.ini               | 12 +++++++-----
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/test-requirements.txt b/test-requirements.txt
index 89434493..de2148a8 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -9,3 +9,4 @@ pylint==1.4.5 # GPLv2
 yamllint
 ansible-lint
 bashate # Apache-2.0
+bandit
diff --git a/tox.ini b/tox.ini
index 4cc4aa3a..e512141b 100644
--- a/tox.ini
+++ b/tox.ini
@@ -1,5 +1,5 @@
 [tox]
-envlist = pep8,pylint,yamllint,ansiblelint,bashate,py27
+envlist = pep8,pylint,yamllint,ansiblelint,bashate,py27,bandit
 
 [testenv]
 usedevelop = True
@@ -23,8 +23,7 @@ commands = flake8
 
 [testenv:pylint]
 basepython = python2.7
-commands =
-  pylint --disable=locally-disabled --reports=n functest_kubernetes
+commands = pylint --disable=locally-disabled --reports=n functest_kubernetes
 
 [testenv:yamllint]
 basepython = python2.7
@@ -36,8 +35,11 @@ commands =
 
 [testenv:ansiblelint]
 basepython = python2.7
-commands =
-  ansible-lint ansible/site.yml
+commands = ansible-lint ansible/site.yml
+
+[testenv:bandit]
+basepython = python2.7
+commands = bandit -r functest_kubernetes -x tests -n 5 -ll
 
 [testenv:py36]
 commands = nosetests functest_kubernetes
-- 
cgit 1.2.3-korg