dd6ad90e01
This change is being proposed as part of the OpenStack Security Project working session at the Austin 2016 summit. It adds support for running the bandit[1] security linting tool against the Castellan codebase. This change adds a targetted environment for bandit and also adds bandit as part of the pep8 job. The bandit configuration has been tailored to exclude tests that are currently producing warning against the codebase. These issues will be followed up with bug reports and patches. At the time of submission, Castellan passes all Bandit tests configured in tox. [1]: https://wiki.openstack.org/wiki/Security/Projects/Bandit Change-Id: I19368d3440ad5dc862e7d91f7890f9b1901fced3
17 lines
606 B
Plaintext
17 lines
606 B
Plaintext
# The order of packages is significant, because pip processes them in the order
|
|
# of appearance. Changing the order has an impact on the overall integration
|
|
# process, which may cause wedges in the gate later.
|
|
hacking<0.11,>=0.10.2 # Apache-2.0
|
|
|
|
coverage>=3.6 # Apache-2.0
|
|
discover # BSD
|
|
python-barbicanclient>=4.0.0 # Apache-2.0
|
|
python-subunit>=0.0.18 # Apache-2.0/BSD
|
|
sphinx!=1.2.0,!=1.3b1,<1.3,>=1.1.2 # BSD
|
|
oslosphinx!=3.4.0,>=2.5.0 # Apache-2.0
|
|
oslotest>=1.10.0 # Apache-2.0
|
|
testrepository>=0.0.18 # Apache-2.0/BSD
|
|
testscenarios>=0.4 # Apache-2.0/BSD
|
|
testtools>=1.4.0 # MIT
|
|
bandit>=1.0.1 # Apache-2.0
|