Peter Bittner

Alternatively, can we make Bandit a bit smarter in a way that it recognizes when `assert` is used in a test module, and _not_ warn about it?

I'd prefer to see a `[bandit]` section read from my `tox.ini` file, as do other tools (like pytest, flake8, behave, etc.), which can help to reduce clutter in Python projects....

@ericwb, can you explain what "distant future" is intended to mean? It sounds a bit like this request is meant to die slowly. Personally, I'd prefer to see: - either...

According to the source code there are two different files in play: 1. An INI-style confiiguration file (see [bandit.cli.main, lines 50+](https://github.com/PyCQA/bandit/blob/main/bandit/cli/main.py#L53-L73)), which defaults to `.bandit`. It handles the [general CLI...

@acdha As a side note, if you have a GitLab Ultimate license I recommend using GitLab's SAST integration. Their scanning container that has Bandit on board does a parsing and...

Can we merge these changes, so developers can have it easier finding information about how to configure Bandit?

Please, review and merge!

Rebased the PR to resolve conflicts after #868 was merged, yesterday. @ericwb Can you review and merge this PR, please?

@gdalmau Thanks for your approval! I rebased the PR and resolved the conflict that had been introduced since I opened it. Can you approve again, please? And maybe merge?

@ericwb @lukehinds @sigmavirus24 Could you approve and merge, please?