Ratchet bandit checking down to medium severity

[mudpy.git] / tox.ini

diff --git a/tox.ini b/tox.ini
index de62e4e..ccf06a8 100644 (file)
--- a/tox.ini
+++ b/tox.ini
@@ -4,7 +4,7 @@
 
 [tox]
 minversion = 3.1
-envlist = dist, docs, flake8, yamllint, selftest_config, py3
+envlist = bandit, dist, docs, flake8, yamllint, selftest_config, py3
 skipsdist = True
 ignore_basepython_conflict = True
 
@@ -16,6 +16,11 @@ setenv =
     PYTHONWARNINGS=default::DeprecationWarning
 commands = mudpy_selftest mudpy/tests/fixtures/test_daemon.yaml
 
+[testenv:bandit]
+deps = bandit
+commands = bandit -ll -r mudpy -x mudpy/tests {posargs}
+usedevelop = False
+
 [testenv:demo]
 commands = mudpy {posargs}
 
@@ -29,18 +34,25 @@ commands =
     rm -fr dist
     python setup.py bdist_wheel sdist
     twine check dist/*
+usedevelop = False
 
 [testenv:docs]
 whitelist_externals = rm
-deps = -r{toxinidir}/doc/requirements.txt
+deps =
+    -r{toxinidir}/requirements.txt
+    -r{toxinidir}/doc/requirements.txt
 commands =
     rm -fr doc/build
     python setup.py sdist
     sphinx-build -W -d doc/build/doctrees -b html doc/source/ doc/build/html
+usedevelop = False
 
 [testenv:flake8]
-deps = flake8
+deps =
+    flake8
+    flake8-bugbear
 commands = flake8 {posargs}
+usedevelop = False
 
 [testenv:selftest_config]
 commands = mudpy_selftest etc/mudpy.yaml
@@ -48,6 +60,7 @@ commands = mudpy_selftest etc/mudpy.yaml
 [testenv:yamllint]
 deps = yamllint
 commands = yamllint --strict {posargs} .
+usedevelop = False
 
 [flake8]
 show-source = True