Adding tox support for bandit

Bandit is a code linter which is used to help identify potential security vulnerabilities. As part of the plan to integrate bandit into each OpenStack project, support for a tox testenv is step one. Later, gate tests will also be incorporated. Change-Id: Ib6ef0a3e8f32f2724314c166d7de50d591c0e949
author: Christopher J Schaefer <cjschaef@us.ibm.com> 2016-03-22 16:34:51 -0500
committer: Christopher J Schaefer <cjschaef@us.ibm.com> 2016-03-22 16:39:11 -0500
commit: c5272b349b62f7707c146bfd0a46b304c86e866a (patch)
tree: 1141aae82206c1627e342666761f28f36fe598e1
parent: abe6707d26859c08a031d53ca316d31aaff6bc3b (diff)
download: python-novaclient-c5272b349b62f7707c146bfd0a46b304c86e866a.tar.gz
2 files changed, 4 insertions, 0 deletions
diff --git a/test-requirements.txt b/test-requirements.txt
index 6a301d01..8dd1c96f 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -3,6 +3,7 @@
 # process, which may cause wedges in the gate later.
 hacking<0.11,>=0.10.0
 
+bandit>=0.17.3 # Apache-2.0
 coverage>=3.6 # Apache-2.0
 discover # BSD
 fixtures>=1.3.1 # Apache-2.0/BSD
diff --git a/tox.ini b/tox.ini
index b8a5004d..64961de5 100644
--- a/tox.ini
+++ b/tox.ini
@@ -23,6 +23,9 @@ commands =
 [testenv:pep8]
 commands = flake8 {posargs}
 
+[testenv:bandit]
+commands = bandit -r novaclient -n5 -x tests
+
 [testenv:venv]
 commands = {posargs}
author	Christopher J Schaefer <cjschaef@us.ibm.com>	2016-03-22 16:34:51 -0500
committer	Christopher J Schaefer <cjschaef@us.ibm.com>	2016-03-22 16:39:11 -0500
commit	c5272b349b62f7707c146bfd0a46b304c86e866a (patch)
tree	1141aae82206c1627e342666761f28f36fe598e1
parent	abe6707d26859c08a031d53ca316d31aaff6bc3b (diff)
download	python-novaclient-c5272b349b62f7707c146bfd0a46b304c86e866a.tar.gz