From 605a82680d2d264ee625c48d9564b0061daac8bc Mon Sep 17 00:00:00 2001
From: "Brian S. Stephan" <bss@incorporeal.org>
Date: Thu, 18 Jun 2020 17:39:34 -0500
Subject: [PATCH] add bandit and flake8 plugins to tox, remove redundant deps

---
 tox.ini | 26 +++++++++++++++-----------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/tox.ini b/tox.ini
index c5eec13..67b5151 100644
--- a/tox.ini
+++ b/tox.ini
@@ -4,22 +4,13 @@
 # and then run "tox" from this directory.
 
 [tox]
-envlist = py37,lint
+envlist = py37,security,lint
 
 [testenv]
 # build a wheel and test it
 wheel = true
 wheel_build_env = build
 
-deps =
-    flake8
-    flake8-docstrings
-    pytest
-    pytest-cov
-commands =
-    flake8
-    pytest --cov={envsitepackagesdir}/incorporealcms/
-
 # whitelist commands we need
 whitelist_externals = ln
 
@@ -38,15 +29,28 @@ commands =
     coverage report -m --fail-under=80
     ln -sf {distdir} dist
 
+[testenv:security]
+# run security checks
+#
+# again it seems the most valuable here to run against the packaged code
+deps =
+    bandit
+commands =
+    bandit {envsitepackagesdir}/incorporealcms/ -r
+
 [testenv:lint]
 # run style checks
 skip_install = true
 deps =
     flake8
+    flake8-blind-except
+    flake8-builtins
     flake8-docstrings
+    flake8-executable
+    flake8-logging-format
 commands =
     flake8
-    - flake8 --disable-noqa --select=E,W,F,C,D
+    - flake8 --disable-noqa --select=E,W,F,C,D,A,G,B
 
 [flake8]
 max-line-length = 120