Add config via setup.cfg

Hey Joe - thanks for the input. I can go digging, but can you point more specifically to an example of what you're referring to?

Hi Jamie,

thanks for the quick response.

My point is:

Currently you have to define a `.bandit` file to configure the runtime environment.
Most linters like isort, flake8 or even test runners like py.test support configuration via a `setup.cfg` file.
If should be fairly simple, you just need to look for the `[bandit]` configuration in the `setup.cfg` file.

Similar to `pbr` if you will so, you can configure `pbr` in the `setup.cfg`

Let me know if I can clarify anything.

Cheers,
Joe

Hi Joe,

The reason we chose not to use setup.cfg is because nested '.bandit' or 'setup.cfg' files mess us up. We didn't want to get into complicated hierarchy rules, and sometimes projects have other projects in subdirectories. We thought having this file called '.bandit' implies more intent to use this just for Bandit and so we can safely ignore other files like 'setup.cfg'.

Does this make sense?

Hi Tavis,

partly, do you see a security risk or is it just the additional effort?

Cheers,
Joe