37b4344137
- tests/test_security.py: Security test suite - Updated Jenkinsfile: SonarQube, Snyk, Bandit, Safety, Semgrep - test_requirements.txt: Security tool dependencies **Security Tools Added:** CODE QUALITY: - Pylint, Flake8, Black, Isort, MyPy - Vulture (dead code), Radon (complexity) STATIC SECURITY: - Bandit (Python SAST) - Safety (dependency vulnerabilities) - Semgrep (pattern matching) - Detect Secrets (hardcoded secrets) ADVANCED: - SonarQube quality gate - Snyk vulnerability scan - pip-audit, pip-check - pip-licenses (compliance) **Pipeline Stages:** 1. Code Quality: Linting (Pylint, Flake8, Black, Isort) 2. Security: Static Analysis (Bandit, Safety, Semgrep, Detect Secrets) 3. Security: SonarQube Quality Gate 4. Security: Snyk Vulnerability Scan 5. Unit Tests 6. Security Tests (test_security.py) 7. Integration Tests 8. Build 9. Deploy to Staging
59 lines
882 B
Plaintext
59 lines
882 B
Plaintext
# Test Dependencies
|
|
pytest>=7.0.0
|
|
pytest-cov>=4.0.0
|
|
pytest-mock>=3.10.0
|
|
responses>=0.23.0
|
|
httpx>=0.25.0
|
|
|
|
# Code Quality - Linting
|
|
flake8>=6.0.0
|
|
flake8-docstrings>=1.7.0
|
|
flake8-builtins>=2.0.0
|
|
flake8-comprehensions>=3.12.0
|
|
flake8-logging-format>=0.9.0
|
|
pylint>=2.17.0
|
|
black>=23.0.0
|
|
isort>=5.12.0
|
|
|
|
# Code Quality - Type Checking
|
|
mypy>=1.5.0
|
|
types-requests>=2.31.0
|
|
|
|
# Static Security Analysis
|
|
bandit>=1.7.0
|
|
safety>=2.3.0
|
|
semgrep>=1.40.0
|
|
detect-secrets>=1.4.0
|
|
|
|
# SAST/DAST Tools (CLI-based)
|
|
vulture>=2.7.0
|
|
pre-commit>=3.5.0
|
|
|
|
# Complexity Analysis
|
|
radon>=6.0.0
|
|
xenon>=1.0.0
|
|
|
|
# Documentation Quality
|
|
pydocstyle>=6.3.0
|
|
darglint>=1.8.0
|
|
|
|
# Dependency Analysis
|
|
pip-audit>=2.5.0
|
|
pip-check>=2.10.0
|
|
|
|
# License Compliance
|
|
pip-licenses>=4.0.0
|
|
|
|
# Coverage
|
|
coverage>=7.0.0
|
|
coveralls>=3.3.0
|
|
|
|
# Performance Testing
|
|
locust>=2.18.0
|
|
|
|
# API Testing
|
|
schemathesis>=3.18.0
|
|
|
|
# Docker Security
|
|
hadolint>=2.12.0
|