Skip to content

Security Tools

provide.testkit.quality.security

Security analysis integration for provide-testkit.

Provides security vulnerability scanning using bandit and other security tools. Integrates with the quality framework for comprehensive security analysis.

Features: - Vulnerability scanning with bandit - Security issue reporting and classification - Integration with quality gates - Artifact management for CI/CD

Usage

Basic security scanning

def test_with_security(security_scanner): result = security_scanner.scan(path) assert result.passed

Security with quality gates

runner = QualityRunner() results = runner.run_with_gates(path, {"security": True})

Classes

SecurityFixture 

SecurityFixture(
    config: dict[str, Any] | None = None,
    artifact_dir: Path | None = None,
)

Bases: BaseQualityFixture

Pytest fixture for security scanning integration.

Initialize security fixture.

Parameters:

Name Type Description Default
config dict[str, Any] | None

Security scanner configuration

 None
artifact_dir Path | None

Directory for artifacts

 None
Source code in provide/testkit/quality/security/fixture.py 
24
25
26
27
28
29
30
31
32
def __init__(self, config: dict[str, Any] | None = None, artifact_dir: Path | None = None) -> None:
    """Initialize security fixture.

    Args:
        config: Security scanner configuration
        artifact_dir: Directory for artifacts
    """
    super().__init__(config, artifact_dir)
    self.scanner: SecurityScanner | None = None
Functions
setup 
setup() -> None

Setup security scanning.

Source code in provide/testkit/quality/security/fixture.py 
34
35
36
37
38
39
40
41
42
def setup(self) -> None:
    """Setup security scanning."""
    if not BANDIT_AVAILABLE:
        pytest.skip("Bandit not available")

    try:
        self.scanner = SecurityScanner(self.config)
    except Exception as e:
        pytest.skip(f"Failed to initialize security scanner: {e}")
teardown 
teardown() -> None

Cleanup security scanner.

Source code in provide/testkit/quality/security/fixture.py 
44
45
46
47
def teardown(self) -> None:
    """Cleanup security scanner."""
    # No cleanup needed for security scanner
    pass
scan 
scan(path: Path) -> dict[str, Any]

Perform security scan.

Parameters:

Name Type Description Default
path Path

Path to scan

 required

Returns:

Type Description
dict[str, Any]

Security scan results
Source code in provide/testkit/quality/security/fixture.py 
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
def scan(self, path: Path) -> dict[str, Any]:
    """Perform security scan.

    Args:
        path: Path to scan

    Returns:
        Security scan results
    """
    self.ensure_setup()
    if not self.scanner:
        return {"error": "Scanner not available"}

    result = self.scanner.analyze(path, artifact_dir=self.artifact_dir)
    self.add_result(result)
    return {
        "passed": result.passed,
        "score": result.score,
        "issues": result.details.get("total_issues", 0),
        "details": result.details,
    }
generate_report 
generate_report(format: str = 'terminal') -> str

Generate security report.

Parameters:

Name Type Description Default
format str

Report format (terminal, json)

 'terminal'

Returns:

Type Description
str

Formatted report
Source code in provide/testkit/quality/security/fixture.py 
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
def generate_report(self, format: str = "terminal") -> str:
    """Generate security report.

    Args:
        format: Report format (terminal, json)

    Returns:
        Formatted report
    """
    if not self.scanner:
        return "No security scanner available"

    results = self.get_results_by_tool()
    if "security" not in results:
        return "No security results available"

    return self.scanner.report(results["security"], format)

SecurityScanner 

SecurityScanner(config: dict[str, Any] | None = None)

Security vulnerability scanner using bandit and other tools.

Provides high-level interface for security analysis with automatic artifact management and integration with the quality framework.

Initialize security scanner.

Parameters:

Name Type Description Default
config dict[str, Any] | None

Security scanner configuration options

 None
Source code in provide/testkit/quality/security/scanner.py 
41
42
43
44
45
46
47
48
49
50
51
def __init__(self, config: dict[str, Any] | None = None) -> None:
    """Initialize security scanner.

    Args:
        config: Security scanner configuration options
    """
    if not BANDIT_AVAILABLE:
        raise QualityToolError("Bandit not available. Install with: pip install bandit", tool="security")

    self.config = config or {}
    self.artifact_dir: Path | None = None
Functions
analyze 
analyze(path: Path, **kwargs: Any) -> QualityResult

Run security analysis on the given path.

Parameters:

Name Type Description Default
path Path

Path to analyze

 required
**kwargs Any

Additional options including artifact_dir

 {}

Returns:

Type Description
QualityResult

QualityResult with security analysis data
Source code in provide/testkit/quality/security/scanner.py 
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
def analyze(self, path: Path, **kwargs: Any) -> QualityResult:
    """Run security analysis on the given path.

    Args:
        path: Path to analyze
        **kwargs: Additional options including artifact_dir

    Returns:
        QualityResult with security analysis data
    """
    self.artifact_dir = kwargs.get("artifact_dir", Path(".security"))
    start_time = time.time()

    try:
        # Run bandit security scan
        result = self._run_bandit_scan(path)
        result.execution_time = time.time() - start_time

        # Generate artifacts
        self._generate_artifacts(result)

        return result

    except Exception as e:
        return QualityResult(
            tool="security",
            passed=False,
            details={"error": str(e), "error_type": type(e).__name__},
            execution_time=time.time() - start_time,
        )
report 
report(
    result: QualityResult, format: str = "terminal"
) -> str

Generate report from QualityResult (implements QualityTool protocol).

Parameters:

Name Type Description Default
result QualityResult

Security result

 required
format str

Report format

 'terminal'

Returns:

Type Description
str

Formatted report
Source code in provide/testkit/quality/security/scanner.py 
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
def report(self, result: QualityResult, format: str = "terminal") -> str:
    """Generate report from QualityResult (implements QualityTool protocol).

    Args:
        result: Security result
        format: Report format

    Returns:
        Formatted report
    """
    if format == "terminal":
        return self._generate_text_report(result)
    elif format == "json":
        return json.dumps(
            {
                "tool": result.tool,
                "passed": result.passed,
                "score": result.score,
                "details": result.details,
            },
            indent=2,
        )
    else:
        return str(result.details)