From cdfac67b60f4f20e7db407cddeebc3c707e494a9 Mon Sep 17 00:00:00 2001 From: Robert Bikar Date: Thu, 11 Apr 2024 16:02:09 +0200 Subject: [PATCH] Add bandit SAST check [RHELDST-18795] Added SAST check for this repository. --- .github/workflows/tox-test.yml | 24 ++++++++++++++++++++++++ tox.ini | 14 ++++++++++++++ 2 files changed, 38 insertions(+) diff --git a/.github/workflows/tox-test.yml b/.github/workflows/tox-test.yml index 8f17e9d..b28c4a3 100644 --- a/.github/workflows/tox-test.yml +++ b/.github/workflows/tox-test.yml @@ -59,3 +59,27 @@ jobs: token: ${{ secrets.CODECOV_TOKEN }} fail_ci_if_error: true verbose: true + bandit: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: "3.12" + - name: Install Tox + run: pip install tox + - name: Run Tox + run: tox -e bandit + bandit-exitzero: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: "3.12" + - name: Install Tox + run: pip install tox + - name: Run Tox + run: tox -e bandit-exitzero \ No newline at end of file diff --git a/tox.ini b/tox.ini index 0f19628..1e0aed5 100644 --- a/tox.ini +++ b/tox.ini @@ -50,3 +50,17 @@ max-line-length = 100 [pep8] max-line-length = 100 + +[testenv:bandit-exitzero] +deps= + bandit +commands= + # Skip B101 low severity assert warnings in the tests directory + bandit -r ./tests --severity-level low --exit-zero --skip B101 + bandit -r . -l --exclude './.tox,./tests' --exit-zero + +[testenv:bandit] +deps= + bandit +commands= + bandit -r . -ll --exclude './.tox' --confidence-level medium