From e490764985f8683acfc205008535e89386c14656 Mon Sep 17 00:00:00 2001
From: Haibo Lin <hlin@redhat.com>
Date: Apr 07 2022 06:03:57 +0000
Subject: Involve bandit


JIRA: RHELCMP-8562
Signed-off-by: Haibo Lin <hlin@redhat.com>

---

diff --git a/tox.ini b/tox.ini
index 4ba977c..ae1cf71 100644
--- a/tox.ini
+++ b/tox.ini
@@ -1,5 +1,5 @@
 [tox]
-envlist = flake8, black, py27, py3
+envlist = bandit, flake8, black, py27, py3
 
 [testenv:flake8]
 deps =
@@ -8,6 +8,14 @@ whitelist_externals = sh
 commands =
     sh -c "flake8 pungi pungi_utils setup.py tests/*py"
 
+[testenv:bandit]
+basepython = python3
+skip_install = true
+deps = bandit
+commands =
+    bandit -r -ll pungi pungi_utils
+ignore_outcome = True
+
 [testenv:black]
 basepython = python3
 whitelist_externals = sh