Run bandit when verifying changes

It reports only MEDIUM issues or higher like nova [1]. It selects bandit 1.1.0 as defined in nova and neutron lower constraints [2]. [1] https://github.com/openstack/nova/blob/master/tox.ini#L221 [2] https://github.com/openstack/nova/blob/master/lower-constraints.txt#L8 Change-Id: I52524df867d99fae75798475c762a5f8253dacfa Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com> (cherry picked from commit c659caccbf1f55db4e6e3cb31bf088ac57751e86)
author: Cédric Ollivier <cedric.ollivier@orange.com> 2019-05-25 11:03:40 +0200
committer: Cédric Ollivier <cedric.ollivier@orange.com> 2019-05-25 11:31:20 +0200
commit: 21ddea2d58dcc8a6b2e86f63159a42c63d54823d (patch)
tree: 14149cdb7d010cc809e96342725ded45a0ddb8b4
parent: 8fe65cba9f9f6038e0a4cc95a626a056969685dc (diff)
3 files changed, 6 insertions, 0 deletions
diff --git a/test-requirements.txt b/test-requirements.txt
index 0cfead31..bac66abe 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -12,3 +12,4 @@ yamllint
 doc8 # Apache-2.0
 bashate # Apache-2.0
 ansible-lint
+bandit
diff --git a/tox.ini b/tox.ini
index 97e97dc2..15b38c8f 100644
--- a/tox.ini
+++ b/tox.ini
@@ -57,6 +57,10 @@ files =
   build.sh
 commands = bashate {[testenv:bashate]files}
 
+[testenv:bandit]
+basepython = python2.7
+commands = bandit -r xtesting -x tests -n 5 -ll -s B602
+
 [testenv:cover]
 basepython = python2.7
 dirs =
diff --git a/upper-constraints.txt b/upper-constraints.txt
index a884d02b..3bfdf036 100644
--- a/upper-constraints.txt
+++ b/upper-constraints.txt
@@ -1 +1,2 @@
 robotframework===3.0.2
+bandit===1.1.0
author	Cédric Ollivier <cedric.ollivier@orange.com>	2019-05-25 11:03:40 +0200
committer	Cédric Ollivier <cedric.ollivier@orange.com>	2019-05-25 11:31:20 +0200
commit	21ddea2d58dcc8a6b2e86f63159a42c63d54823d (patch)
tree	14149cdb7d010cc809e96342725ded45a0ddb8b4
parent	8fe65cba9f9f6038e0a4cc95a626a056969685dc (diff)