Merge "Add bandit for security static analysis testing"

test-requirements.txt

@@ -22,6 +22,7 @@ oslotest>=1.7.0 # Apache-2.0
 testrepository>=0.0.18
 testtools>=1.4.0
 tempest-lib>=0.6.1
+bandit>=0.10.1
 
 # vmwareapi driver specific dependencies
 oslo.vmware>=0.13.1 # Apache-2.0

tox.ini

@@ -119,6 +119,10 @@ commands =
   python setup.py build_sphinx
   bash -c '! find doc/ -type f -name *.json | xargs -t -n1 python -m json.tool 2>&1 > /dev/null | grep -B1 -v ^python'
 
+[testenv:bandit]
+deps = -r{toxinidir}/test-requirements.txt
+commands = bandit -c bandit.yaml -r nova -n 5 -ll
+
 [flake8]
 # E125 is deliberately excluded. See https://github.com/jcrocholl/pep8/issues/126
 # The rest of the ignores are TODOs