Sorry for quoting the entire previous digest, twas a noob mistake. Thanks, -Travis
On 6/19/14, 11:22 AM, "[email protected]" <[email protected]> wrote: >Message: 33 >Date: Thu, 19 Jun 2014 11:21:24 -0700 >From: Travis McPeak <[email protected]> >To: "[email protected]" > <[email protected]> >Subject: Re: [openstack-dev] [OSSG] Best tool for simple security gate > checks >Message-ID: <cfc8760c.40eb%[email protected]> >Content-Type: text/plain; charset="Windows-1252" > >Hi all, > >In the OpenStack Security Group (OSSG) we?ve been kicking around the idea >of getting some simple non-blocking security-related gate tests going. >These tests would be designed to be simple and automated checks for >low-hanging fruit such as the use of ?Shell=True?. The main goal is to >have these be as noiseless as possible (a low rate of false positives). >The hope is that if these are useful and unobtrusive enough, when they >actually do fail, people will take note. > >We will start off small, with maybe one simple gate test, and expand later >if it proves to be useful. We plan to test heavily internally, and then >start requesting integration into projects later. > >My question is: what is the best tool for the job? I have heard Pylint >and Hacking mentioned. Are there any others? > >Thanks, > -Travis _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
