From 61a989452789a628d54848fd1379ef4afcdce67c Mon Sep 17 00:00:00 2001
From: Grant Murphy <grant.murphy@hpe.com>
Date: Tue, 1 Mar 2016 15:23:51 -0800
Subject: [PATCH] Add bandit baseline to tox

Bandit baseline will check the last commit to see if
it introduced any new security problems.

Details of how bandit can be configured for the gate are
documented here:

https://wiki.openstack.org/wiki/Security/Projects/Bandit#Gate_Testing_with_Bandit

Change-Id: I791d897c4efe00bc4c0fd3b9d249e561eeb82acb
Partial-Bug: #1552002
---
 test-requirements.txt | 1 +
 tox.ini               | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/test-requirements.txt b/test-requirements.txt
index e6e46fc5a0..13fab87da6 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -14,3 +14,4 @@ testresources>=0.2.4 # Apache-2.0/BSD
 WebTest>=2.0 # MIT
 doc8 # Apache-2.0
 reno>=0.1.1 # Apache2
+bandit>=0.17.3 # Apache-2.0
diff --git a/tox.ini b/tox.ini
index d88bf72afb..165f884d5a 100644
--- a/tox.ini
+++ b/tox.ini
@@ -54,6 +54,10 @@ commands =
     find . -type f -name "*.pyc" -delete
     python -m unittest specs-tests.test_titles
 
+
+[testenv:bandit]
+commands = bandit-baseline -r octavia -ll -ii
+
 [flake8]
 # Ignoring O321 because it's unnecessarily restricting use of json package.
 # jsonutils version doesn't add additional value