Adds Safety dependency vulnerability checks

This change adds dependency vulnerability checks into tox. These checks are performed by the Safety package which checks requirements files against a vulnerability database for any issues. If any vulnerabilities are found, tox will fail its pep8 env. Safety: https://pyup.io/safety/ Safety Repo: https://github.com/pyupio/safety Safety Default Vulnerability DB: https://github.com/pyupio/safety-db Change-Id: I70a10ecb01836373888bd87aa27953515accd4c4
2019-06-03 12:40:49 -05:00 · 2019-06-03 12:40:49 -05:00 · 122e746df5
commit 122e746df5
parent b18c4c0093
2 changed files with 9 additions and 0 deletions
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -13,3 +13,4 @@ hacking==1.1.0

 # Security
 bandit==1.6.0
+safety==1.8.5
--- a/tox.ini
+++ b/tox.ini
@ -35,6 +35,7 @@ deps =
 commands =
  bash -c "{toxinidir}/tools/gate/whitespace-linter.sh"
  bandit -r pegleg -n 5
+  safety check -r requirements.txt --bare
  flake8 {toxinidir}/pegleg
 whitelist_externals =
  bash
@ -53,6 +54,13 @@ whitelist_externals =
 basepython = python3
 commands = bandit -r pegleg -n 5

+[testenv:safety]
+deps =
+    safety
+commands =
+    safety check -r {toxinidir}/requirements.txt --full-report
+    safety check -r {toxinidir}/test-requirements.txt --full-report
+
 [testenv:cover]
 basepython = python3
 deps =