pre-commit: Integrate bandit

Run bandit check from per-commit so that the check is executed in pep8 job. Also remove requirements installed automatically by pre-commit from test-requirements. Change-Id: I45af8c47afb262882ebbee74ae52446fed741e26
2025-02-09 08:03:34 +09:00
parent 5f6fbaea56
commit dd0082c343
7 changed files with 14 additions and 10 deletions
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -34,6 +34,11 @@ repos:
      - id: hacking
        additional_dependencies: []
        exclude: '^(doc|releasenotes|tools)/.*$'
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1.7.6
+    hooks:
+      - id: bandit
+        args: ['-x', 'tests', '-s', 'B101,B311,B320']
  - repo: https://github.com/hhatto/autopep8
    rev: v2.3.1
    hooks:
@@ -54,4 +59,4 @@ repos:
  - repo: https://github.com/PyCQA/doc8
    rev: v1.1.2
    hooks:
-      - id: doc8
+      - id: doc8