Add bandit for security static analysis testing
This change adds a basic bandit config for Nova. It can be invoked
by running the tox environment for bandit;
tox -e bandit
This is intended as a starting point for using bandit with Nova
and it should be revisited to improve the testing as more is learned
about the specific needs of the Nova code base.
Tox is configured to only show results for high and medium severity
results.
https://wiki.openstack.org/wiki/Security/Projects/Bandit
Change-Id: I3026b81317f0a6322acfc94784899a7453af586f
This commit is contained in:
Eric Brown
@@ -21,6 +21,7 @@ oslotest>=1.5.1 # Apache-2.0
|
||||
testrepository>=0.0.18
|
||||
testtools>=1.4.0
|
||||
tempest-lib>=0.6.1
|
||||
bandit>=0.10.1
|
||||
|
||||
# vmwareapi driver specific dependencies
|
||||
oslo.vmware>=0.13.1 # Apache-2.0
|
||||
|
||||
Reference in New Issue
Block a user