From: Cédric Ollivier <cedric.ollivier@orange.com>
Date: Sat, 25 May 2019 08:17:21 +0000 (+0200)
Subject: Run bandit when verifying changes
X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F43%2F67943%2F2;p=functest-kubernetes.git

Run bandit when verifying changes

It reports only MEDIUM issues or higher like nova [1]

[1] https://github.com/openstack/nova/blob/master/tox.ini#L221

Change-Id: I1302b28ed1dcc4e074c6c6f2aa5e915c88eb03f4
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
---

diff --git a/test-requirements.txt b/test-requirements.txt
index 89434493..de2148a8 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -9,3 +9,4 @@ pylint==1.4.5 # GPLv2
 yamllint
 ansible-lint
 bashate # Apache-2.0
+bandit
diff --git a/tox.ini b/tox.ini
index 4cc4aa3a..e512141b 100644
--- a/tox.ini
+++ b/tox.ini
@@ -1,5 +1,5 @@
 [tox]
-envlist = pep8,pylint,yamllint,ansiblelint,bashate,py27
+envlist = pep8,pylint,yamllint,ansiblelint,bashate,py27,bandit
 
 [testenv]
 usedevelop = True
@@ -23,8 +23,7 @@ commands = flake8
 
 [testenv:pylint]
 basepython = python2.7
-commands =
-  pylint --disable=locally-disabled --reports=n functest_kubernetes
+commands = pylint --disable=locally-disabled --reports=n functest_kubernetes
 
 [testenv:yamllint]
 basepython = python2.7
@@ -36,8 +35,11 @@ commands =
 
 [testenv:ansiblelint]
 basepython = python2.7
-commands =
-  ansible-lint ansible/site.yml
+commands = ansible-lint ansible/site.yml
+
+[testenv:bandit]
+basepython = python2.7
+commands = bandit -r functest_kubernetes -x tests -n 5 -ll
 
 [testenv:py36]
 commands = nosetests functest_kubernetes