From a58d60b1a0ecab56c140ab5a1b074d5d18ad8051 Mon Sep 17 00:00:00 2001
From: Cédric Ollivier <cedric.ollivier@orange.com>
Date: Sat, 25 May 2019 11:10:55 +0200
Subject: Run bandit when verifying changes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

It reports only MEDIUM issues or higher like nova [1].
It selects bandit 1.1.0 as defined in nova and neutron lower
constraints [2].

[1] https://github.com/openstack/nova/blob/master/tox.ini#L221
[2] https://github.com/openstack/nova/blob/master/lower-constraints.txt#L8

Change-Id: I6fc505f684701792d3e03659eb0feea8321452c0
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
(cherry picked from commit 0440ffcac18991395799e5aafc9243e028917ab6)
---
 upper-constraints.txt | 1 +
 1 file changed, 1 insertion(+)

(limited to 'upper-constraints.txt')

diff --git a/upper-constraints.txt b/upper-constraints.txt
index a9a45d70c..4c7041bc3 100644
--- a/upper-constraints.txt
+++ b/upper-constraints.txt
@@ -20,3 +20,4 @@ networking-bgpvpn===9.0.0
 networking-sfc===7.0.0
 neutron===13.0.2
 os-faults===0.1.18
+bandit===1.1.0
-- 
cgit 1.2.3-korg