Remove bandit and safety

burningmantech · Mar 26, 2024 · 0e41f7b · 0e41f7b
1 parent 9ee414d
commit 0e41f7b
Show file tree

Hide file tree

Showing 9 changed files with 5 additions and 144 deletions.
diff --git a/.bandit b/.bandit
diff --git a/.coveragerc b/.coveragerc
@@ -6,9 +6,7 @@ source = ims
 [paths]
 source=
    src/ims
-   .tox/*/lib/python*/site-packages/ims
-   .tox/*/Lib/site-packages/ims
-   .tox/pypy*/site-packages/ims
+   .tox/py*/**/site-packages
 
 [report]
 exclude_lines =

diff --git a/.flake8 b/.flake8
@@ -76,6 +76,3 @@ extend-ignore =
 
     # End of list (allows last item to end with trailing ',')
     EOL
-
-# flake8-import-order: local module name space
-application-import-names = ims
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -9,21 +9,21 @@ updates:
     allow:
       - dependency-type: "all"
     schedule:
-      interval: weekly
+      interval: "weekly"
     open-pull-requests-limit: 10
     labels:
       - "Task"
 
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: weekly
+      interval: "weekly"
     labels:
       - "Task"
 
   - package-ecosystem: "docker"
     directory: "/"
     schedule:
-      interval: weekly
+      interval: "weekly"
     labels:
       - "Task"
diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml
@@ -103,99 +103,6 @@ jobs:
         run: tox run -e mypy
 
 
-  bandit:
-
-    name: Bandit (security static analyzer)
-
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-
-    steps:
-
-      - name: Harden CI
-        uses: step-security/harden-runner@v2.7.0
-        with:
-          disable-sudo: true
-          disable-file-monitoring: true
-          egress-policy: block
-          allowed-endpoints: >
-            api.github.com:443
-            files.pythonhosted.org:443
-            github.com:443
-            pypi.org:443
-
-      - name: Checkout source code
-        uses: actions/checkout@v4
-
-      - name: Install Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.12"
-
-      - name: System Python Information
-        uses: twisted/python-info-action@v1
-
-      - name: Set up Tox environment
-        run: |
-          pip install tox
-          tox run -e bandit --notest
-
-      - name: Tox Python Information
-        uses: twisted/python-info-action@v1
-        with:
-          python-path: .tox/bandit/*/python
-
-      - name: Run Bandit
-        run: tox run -e bandit
-
-
-  # safety:
-
-  #   name: Safety (dependency security checker)
-
-  #   runs-on: ubuntu-latest
-  #   timeout-minutes: 5
-
-  #   steps:
-
-  #     - name: Harden CI
-  #       uses: step-security/harden-runner@v2.7.0
-  #       with:
-  #         disable-sudo: true
-  #         disable-file-monitoring: true
-  #         egress-policy: block
-  #         allowed-endpoints: >
-  #           api.github.com:443
-  #           files.pythonhosted.org:443
-  #           github.com:443
-  #           pypi.org:443
-  #           pyup.io:443
-
-  #     - name: Checkout source code
-  #       uses: actions/checkout@v4
-
-  #     - name: Install Python
-  #       uses: actions/setup-python@v5
-  #       with:
-  #         python-version: "3.12"
-
-  #     - name: System Python Information
-  #       uses: twisted/python-info-action@v1
-
-  #     - name: Set up Tox environment
-  #       run: |
-  #         pip install tox
-  #         tox run -e safety --notest
-
-  #     - name: Tox Python Information
-  #       uses: twisted/python-info-action@v1
-  #       with:
-  #         python-path: .tox/safety/*/python
-
-  #     - name: Run Safety
-  #       run: tox run -e safety
-
-
   docs:
 
     name: Build documentation

diff --git a/MANIFEST.in b/MANIFEST.in
@@ -1,4 +1,3 @@
-include .bandit
 include .codecov.yml
 include .coveragerc
 include .dockerignore

diff --git a/requirements/requirements-bandit.txt b/requirements/requirements-bandit.txt
diff --git a/requirements/requirements-safety.txt b/requirements/requirements-safety.txt
diff --git a/tox.ini b/tox.ini
@@ -1,7 +1,7 @@
 [tox]
 
 envlist =
-    lint, mypy, bandit
+    lint, mypy
     test-py313
     coverage-py312
     coverage_report
@@ -149,43 +149,6 @@ commands =
     - coverage html
 
 
-##
-# Bandit security static analyzer
-##
-
-[testenv:bandit]
-
-description = run Bandit (security static analyzer)
-
-basepython = {[default]basepython}
-
-usedevelop = true
-skip_install = True
-
-deps =
-    -r requirements/requirements-bandit.txt
-
-commands =
-    bandit -c {toxinidir}/.bandit -r {posargs:src}
-
-
-##
-# Safety dependency security checker
-##
-
-[testenv:safety]
-
-description = run Safety (dependency security checker)
-
-basepython = {[default]basepython}
-
-deps =
-    -r requirements/requirements-safety.txt
-
-commands =
-    safety check
-
-
 ##
 # Documentation
 ##