diff --git a/test-requirements.txt b/test-requirements.txt index 149b7995876..1f69b94702b 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -17,9 +17,6 @@ psycopg2>=2.8.5 # LGPL/ZPL SQLAlchemy-Utils>=0.37.8 # BSD License testtools>=2.4.0 # MIT -# bandit is not included in upper-constraints, -# so we need to pin it here to a known working version -bandit==1.6.0 # Apache-2.0 doc8>=0.8.1 # Apache-2.0 mypy>=0.942 # MIT moto>=1.3.15 # Apache-2.0 diff --git a/tox.ini b/tox.ini index 9fa315187f2..96671721886 100644 --- a/tox.ini +++ b/tox.ini @@ -148,9 +148,11 @@ commands = python {toxinidir}/tools/generate_driver_list.py [testenv:bandit] deps = -r{toxinidir}/test-requirements.txt + bandit==1.6.0 commands = bandit -r cinder -n5 -x cinder/tests/* -ll [testenv:bandit-baseline] +deps = bandit==1.6.0 envdir = {toxworkdir}/bandit commands = bandit-baseline -r cinder -n5 -x cinder/tests/* -ii -ll