Luke Hinds

Is there a related issue to this to help us get some insight into what this fixes or how to test the change?

yes please @e0ne

Nice idea. Would it give a generic example, or try to amend and suggest the flagged line of code from the project being scanned?

sounds rationale to me @andreas-h , is this a patch you would like to work on?

`bandit.yaml` is commonly used in OpenStack, but as it stands its ultimately up to the user by means of the `-c` arg. Having said that, I am not strongly opposed...

I have no recollection of there ever been a default, its always been None as far as I remember: https://github.com/PyCQA/bandit/blob/094a2d46374e71c2c3f5aa505acbc3014f4896f3/bandit/cli/main.py#L174

ok, if someone can make a patch making `bandit.yml` the default, please go ahead. But it's imperative we keep the `-e` arg present for those who have already implemented their...

Good idea, I like it Do you plan to work on this @mkbhanda ?

No need to have it right away @mkbhanda - I have assigned to you and if any problems, just comment or unassign yourself. thanks in advance for your contribution(s).

want to take this one on @davidak ?