ZUUL job template for bandit code scan

Creating zuul template file and job for settingup bandit code scan to be used by starlingX project. Story: 2007541 Task: 39488 Change-Id: I0182e997c2539a32ff1dd9975ffdeccf3e7ca0a0 Signed-off-by: Sharath Kumar K <sharath.kumar@intel.com>
2020-04-20 17:54:50 +02:00 · 2020-04-20 17:54:50 +02:00 · dfe9d39d49
commit dfe9d39d49
parent f66414c588
2 changed files with 26 additions and 0 deletions
--- a/zuul.d/jobs.yaml
+++ b/zuul.d/jobs.yaml
@ -34,3 +34,19 @@
    nodeset: centos-7
    run: playbooks/buildproject.yaml

+- job:
+    name: stx-tox-bandit-static-scan
+    parent: tox
+    description: |
+      Static code scan of .py files for unknown Severity HIGH issues
+    vars:
+      tox_envlist: bandit
+    files: .*\.py
+    irrelevant-files:
+      - ^test-requirements.txt$
+      - ^.*\.rst$
+      - ^doc/.*$
+      - ^releasenotes/.*$
+      - ^setup.cfg$
+      - ^tools/(?!bandit.yml).*$
+      - ^tox.ini$
--- a/zuul.d/project-templates.yaml
+++ b/zuul.d/project-templates.yaml
@ -69,3 +69,13 @@
            voting: false
        - stx-obs-build-opensuse:
            voting: false
+
+- project-template:
+    name: stx-bandit-jobs
+    description: |
+      Bandit code scanning jobs
+    check:
+      jobs:
+        - stx-tox-bandit-static-scan:
+            voting: false
+