From 122e746df58c91768e9c43e69a93d7e87a96a693 Mon Sep 17 00:00:00 2001
From: "Ian H. Pittwood" <pittwoodian@gmail.com>
Date: Mon, 3 Jun 2019 12:40:49 -0500
Subject: [PATCH] Adds Safety dependency vulnerability checks

This change adds dependency vulnerability checks into tox. These checks
are performed by the Safety package which checks requirements files
against a vulnerability database for any issues. If any vulnerabilities
are found, tox will fail its pep8 env.

Safety: https://pyup.io/safety/

Safety Repo: https://github.com/pyupio/safety

Safety Default Vulnerability DB: https://github.com/pyupio/safety-db

Change-Id: I70a10ecb01836373888bd87aa27953515accd4c4
---
 test-requirements.txt | 1 +
 tox.ini               | 8 ++++++++
 2 files changed, 9 insertions(+)

diff --git a/test-requirements.txt b/test-requirements.txt
index a47deb4a..efb2c712 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -13,3 +13,4 @@ hacking==1.1.0
 
 # Security
 bandit==1.6.0
+safety==1.8.5
diff --git a/tox.ini b/tox.ini
index b6f08495..5fae3583 100644
--- a/tox.ini
+++ b/tox.ini
@@ -35,6 +35,7 @@ deps =
 commands =
   bash -c "{toxinidir}/tools/gate/whitespace-linter.sh"
   bandit -r pegleg -n 5
+  safety check -r requirements.txt --bare
   flake8 {toxinidir}/pegleg
 whitelist_externals =
   bash
@@ -53,6 +54,13 @@ whitelist_externals =
 basepython = python3
 commands = bandit -r pegleg -n 5
 
+[testenv:safety]
+deps =
+    safety
+commands =
+    safety check -r {toxinidir}/requirements.txt --full-report
+    safety check -r {toxinidir}/test-requirements.txt --full-report
+
 [testenv:cover]
 basepython = python3
 deps =