On Thu, Jul 02, 2015 at 07:09:41PM +0000, Kelsey, Timothy John wrote: > Hello Stackers, > A few intrepid projects have started adopting Bandit, an automatic security > linter built by the security project, into their gate tests. This is very > rewarding to see for those of us who have worked on the project and people > with an interest in securing the OpenStack codebase. The list of (known) > adopters so far: > > - Keystone > - Keystone-client > - Barbican > - Anchor > - Sahara > - Magnum > > If you know of, or are involved in a project that’s using Bandit and isn’t on > our list then please let us know, it would be great to hear your feedback. If > you would like to begin using it then check out our wiki for instructions > here [1]. If you have no idea what this Bandit thing is then perhaps this > presentation from the Vancouver summit might be interesting to you [2]. A > Bandit gate job can be configured either as an experimental or none-voting > job, so if your interested in trying it out you can give it a go and decide > if its a good fit for your project before fully committing.
Hi, At Cinder we are adding [1] basic bandit configuration for high and medium severity results as a tox option, but not running it by default for now. Cheers, Gorka [1]: https://review.openstack.org/#/c/179568/ > > Bandit is regularly discussed in the Security Project IRC meetings and > feedback is very welcome. If you have questions or suggestions then feel free > to drop in or reply here. > > [1] https://wiki.openstack.org/wiki/Security/Projects/Bandit > [2] https://www.youtube.com/watch?v=hxbbpdUdU_k > > Many thanks > > -- > Tim Kelsey > OpenStack Security member > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: [email protected]?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
