Adds Safety dependency vulnerability checks
This change adds dependency vulnerability checks into tox. These checks are performed by the Safety package which checks requirements files against a vulnerability database for any issues. If any vulnerabilities are found, tox will fail its pep8 env. Safety: https://pyup.io/safety/ Safety Repo: https://github.com/pyupio/safety Safety Default Vulnerability DB: https://github.com/pyupio/safety-db Depends on https://review.opendev.org/#/c/658133 Change-Id: Ief52dd664700374c0ebbb7a4ab1f64c9940abcde
This commit is contained in:
parent
a002e4203d
commit
f57073333d
|
@ -5,6 +5,6 @@ jsonschema==3.0.1
|
||||||
openpyxl==2.5.4
|
openpyxl==2.5.4
|
||||||
netaddr==0.7.19
|
netaddr==0.7.19
|
||||||
pyyaml==5.1
|
pyyaml==5.1
|
||||||
requests==2.21.0
|
requests==2.22.0
|
||||||
|
|
||||||
git+https://opendev.org/airship/spyglass-plugin-xls.git#egg=spyglass-plugin-xls
|
git+https://opendev.org/airship/spyglass-plugin-xls.git#egg=spyglass-plugin-xls
|
||||||
|
|
|
@ -2,7 +2,8 @@
|
||||||
yapf==0.27.0
|
yapf==0.27.0
|
||||||
|
|
||||||
# Linting
|
# Linting
|
||||||
hacking>=1.1.0,<1.2.0 # Apache-2.0
|
hacking>=1.1.0,<1.2.0 # Apache-2.0
|
||||||
|
|
||||||
# Security
|
# Security
|
||||||
bandit>=1.5.0
|
bandit>=1.5.0
|
||||||
|
safety>=1.8.5
|
||||||
|
|
8
tox.ini
8
tox.ini
|
@ -34,9 +34,17 @@ commands =
|
||||||
yapf -dr {toxinidir}/spyglass {toxinidir}/setup.py
|
yapf -dr {toxinidir}/spyglass {toxinidir}/setup.py
|
||||||
flake8 {toxinidir}/spyglass
|
flake8 {toxinidir}/spyglass
|
||||||
bandit -r spyglass -n 5
|
bandit -r spyglass -n 5
|
||||||
|
safety check -r requirements.txt --bare
|
||||||
whitelist_externals =
|
whitelist_externals =
|
||||||
bash
|
bash
|
||||||
|
|
||||||
|
[testenv:safety]
|
||||||
|
deps =
|
||||||
|
safety
|
||||||
|
commands =
|
||||||
|
safety check -r {toxinidir}/requirements.txt --full-report
|
||||||
|
safety check -r {toxinidir}/test-requirements.txt --full-report
|
||||||
|
|
||||||
[testenv:bandit]
|
[testenv:bandit]
|
||||||
deps =
|
deps =
|
||||||
bandit
|
bandit
|
||||||
|
|
Loading…
Reference in New Issue