On 03/07/2015 09:39, "Gorka Eguileor" <[email protected]> wrote:
>On Thu, Jul 02, 2015 at 07:09:41PM +0000, Kelsey, Timothy John wrote: >> Hello Stackers, >> A few intrepid projects have started adopting Bandit, an automatic >>security linter built by the security project, into their gate tests. >>This is very rewarding to see for those of us who have worked on the >>project and people with an interest in securing the OpenStack codebase. >>The list of (known) adopters so far: >> >> - Keystone >> - Keystone-client >> - Barbican >> - Anchor >> - Sahara >> - Magnum >> >> If you know of, or are involved in a project that¹s using Bandit and >>isn¹t on our list then please let us know, it would be great to hear >>your feedback. If you would like to begin using it then check out our >>wiki for instructions here [1]. If you have no idea what this Bandit >>thing is then perhaps this presentation from the Vancouver summit might >>be interesting to you [2]. A Bandit gate job can be configured either as >>an experimental or none-voting job, so if your interested in trying it >>out you can give it a go and decide if its a good fit for your project >>before fully committing. > >Hi, > >At Cinder we are adding [1] basic bandit configuration for high and >medium severity results as a tox option, but not running it by default >for now. > >Cheers, >Gorka Thanks for letting us know Gorka, I¹m pleased bandit is on the Cinder radar. I hope it¹s working out for you, please reach out if you have any suggestions or concerns with the tool. > >[1]: https://review.openstack.org/#/c/179568/ > >> >> Bandit is regularly discussed in the Security Project IRC meetings and >>feedback is very welcome. If you have questions or suggestions then feel >>free to drop in or reply here. >> >> [1] https://wiki.openstack.org/wiki/Security/Projects/Bandit >> [2] https://www.youtube.com/watch?v=hxbbpdUdU_k >> >> Many thanks >> >> -- >> Tim Kelsey >> OpenStack Security member >> >> >>_________________________________________________________________________ >>_ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: >>[email protected]?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >__________________________________________________________________________ >OpenStack Development Mailing List (not for usage questions) >Unsubscribe: [email protected]?subject:unsubscribe >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
