pre-commit: Integrate bandit

Run bandit check from per-commit so that the check is executed in pep8 job. Also remove requirements installed automatically by pre-commit from test-requirements. Change-Id: I45af8c47afb262882ebbee74ae52446fed741e26
2025-02-09 08:03:34 +09:00
parent 5f6fbaea56
commit dd0082c343
7 changed files with 14 additions and 10 deletions
--- a/tox.ini
+++ b/tox.ini
@@ -110,8 +110,10 @@ deps = -r{toxinidir}/doc/requirements.txt
 commands = sphinx-build -a -W -E -d releasenotes/build/doctrees --keep-going -b html releasenotes/source releasenotes/build/html

 [testenv:bandit]
-deps = -r{toxinidir}/test-requirements.txt
-commands = bandit -r watcher -x watcher/tests/* -n5 -ll
+skip_install = true
+deps = {[testenv:pep8]deps}
+commands =
+    pre-commit run --all-files --show-diff-on-failure bandit

 [flake8]
 filename = *.py,app.wsgi