Merge pull request #4034 from freedomofpress/ci-security-checks

CI: Add back static analysis and checking Python dependencies for CVEs
freedomofpress · Jan 15, 2019 · e693f1f · e693f1f
2 parents 2f9267f + 6d3da96
commit e693f1f
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -112,6 +112,19 @@ jobs:
             cd journalist_gui
             xvfb-run -a pipenv run python3 test_gui.py
 
+  static-analysis-and-no-known-cves:
+    machine:
+      enabled: true
+    steps:
+      - checkout
+      - run:
+          name: Check Python dependencies for CVEs
+          command: make safety
+
+      - run:
+          name: Run static security testing on source code
+          command: make bandit
+
   staging-test-with-rebase:
     machine:
       enabled: true
@@ -149,6 +162,7 @@ workflows:
       - tests
       - admin-tests
       - updater-gui-tests
+      - static-analysis-and-no-known-cves
       - staging-test-with-rebase:
           requires:
             - lint