From 068b6e193b18588fc02bb3d849ba9d36ac1ada74 Mon Sep 17 00:00:00 2001
From: Tin Lam <tin@irrational.io>
Date: Sun, 20 Aug 2017 11:49:18 -0500
Subject: [PATCH] Add bandit target to shipyard

This patch set adds [testenv:bandit] target to the shipyard project
to allow CICD to perform necessary static code analysis on the
shipyard project.

Change-Id: I748c52bc90ce667c891f15d018df2c01ea9ec351
---
 test-requirements.txt | 3 +++
 tox.ini               | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/test-requirements.txt b/test-requirements.txt
index 57cb50c7..891fe4f7 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -7,3 +7,6 @@ psycopg2==2.7.3
 
 # Linting
 flake8==3.3.0
+
+# Security scanning
+bandit>=1.1.0 # Apache-2.0
\ No newline at end of file
diff --git a/tox.ini b/tox.ini
index 5ae783bc..db59bd4c 100644
--- a/tox.ini
+++ b/tox.ini
@@ -13,6 +13,9 @@ commands=
 [testenv:pep8]
 commands = flake8 {posargs}
 
+[testenv:bandit]
+commands = bandit -r shipyard_airflow -x tests -n 5
+
 [flake8]
 # NOTE(Bryan Strassner) ignoring F841 because of the airflow example pattern
 #     of naming variables even if they aren't used for DAGs and Operators.