From f57073333ddfbd7a296afe38b6bb12755c71a128 Mon Sep 17 00:00:00 2001
From: "Ian H. Pittwood" <pittwoodian@gmail.com>
Date: Mon, 13 May 2019 11:05:23 -0500
Subject: [PATCH] Adds Safety dependency vulnerability checks

This change adds dependency vulnerability checks into tox. These checks
are performed by the Safety package which checks requirements files
against a vulnerability database for any issues. If any vulnerabilities
are found, tox will fail its pep8 env.

Safety: https://pyup.io/safety/

Safety Repo: https://github.com/pyupio/safety

Safety Default Vulnerability DB: https://github.com/pyupio/safety-db

Depends on https://review.opendev.org/#/c/658133

Change-Id: Ief52dd664700374c0ebbb7a4ab1f64c9940abcde
---
 requirements.txt      | 2 +-
 test-requirements.txt | 3 ++-
 tox.ini               | 8 ++++++++
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index a8b1656..53f7d59 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -5,6 +5,6 @@ jsonschema==3.0.1
 openpyxl==2.5.4
 netaddr==0.7.19
 pyyaml==5.1
-requests==2.21.0
+requests==2.22.0
 
 git+https://opendev.org/airship/spyglass-plugin-xls.git#egg=spyglass-plugin-xls
diff --git a/test-requirements.txt b/test-requirements.txt
index b4a7d5e..81bb406 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -2,7 +2,8 @@
 yapf==0.27.0
 
 # Linting
-hacking>=1.1.0,<1.2.0 # Apache-2.0
+hacking>=1.1.0,<1.2.0  # Apache-2.0
 
 # Security
 bandit>=1.5.0
+safety>=1.8.5
diff --git a/tox.ini b/tox.ini
index 086b787..cc1f8a5 100644
--- a/tox.ini
+++ b/tox.ini
@@ -34,9 +34,17 @@ commands =
   yapf -dr {toxinidir}/spyglass {toxinidir}/setup.py
   flake8 {toxinidir}/spyglass
   bandit -r spyglass -n 5
+  safety check -r requirements.txt --bare
 whitelist_externals =
   bash
 
+[testenv:safety]
+deps =
+    safety
+commands =
+    safety check -r {toxinidir}/requirements.txt --full-report
+    safety check -r {toxinidir}/test-requirements.txt --full-report
+
 [testenv:bandit]
 deps =
     bandit