[openstack-dev] [Security][Bandit] Bandit gate usage
Kelsey, Timothy John
tim.kelsey at hp.com
Fri Jul 3 16:17:25 UTC 2015
On 03/07/2015 09:39, "Gorka Eguileor" <geguileo at redhat.com> wrote:
>On Thu, Jul 02, 2015 at 07:09:41PM +0000, Kelsey, Timothy John wrote:
>> Hello Stackers,
>> A few intrepid projects have started adopting Bandit, an automatic
>>security linter built by the security project, into their gate tests.
>>This is very rewarding to see for those of us who have worked on the
>>project and people with an interest in securing the OpenStack codebase.
>>The list of (known) adopters so far:
>>
>> - Keystone
>> - Keystone-client
>> - Barbican
>> - Anchor
>> - Sahara
>> - Magnum
>>
>> If you know of, or are involved in a project that¹s using Bandit and
>>isn¹t on our list then please let us know, it would be great to hear
>>your feedback. If you would like to begin using it then check out our
>>wiki for instructions here [1]. If you have no idea what this Bandit
>>thing is then perhaps this presentation from the Vancouver summit might
>>be interesting to you [2]. A Bandit gate job can be configured either as
>>an experimental or none-voting job, so if your interested in trying it
>>out you can give it a go and decide if its a good fit for your project
>>before fully committing.
>
>Hi,
>
>At Cinder we are adding [1] basic bandit configuration for high and
>medium severity results as a tox option, but not running it by default
>for now.
>
>Cheers,
>Gorka
Thanks for letting us know Gorka, I¹m pleased bandit is on the Cinder
radar. I hope it¹s working out for you, please reach out if you have any
suggestions or concerns with the tool.
>
>[1]: https://review.openstack.org/#/c/179568/
>
>>
>> Bandit is regularly discussed in the Security Project IRC meetings and
>>feedback is very welcome. If you have questions or suggestions then feel
>>free to drop in or reply here.
>>
>> [1] https://wiki.openstack.org/wiki/Security/Projects/Bandit
>> [2] https://www.youtube.com/watch?v=hxbbpdUdU_k
>>
>> Many thanks
>>
>> --
>> Tim Kelsey
>> OpenStack Security member
>>
>>
>>_________________________________________________________________________
>>_
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe:
>>OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>__________________________________________________________________________
>OpenStack Development Mailing List (not for usage questions)
>Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
More information about the OpenStack-dev
mailing list