Move bandit config to pyproject.toml

[gesta81]

move bandit config to pyproject.toml (otherwise it's a bit hidden in .pre-commit-config.yaml)

[tschm]

I am not sure about moving stuff out of .pre-commit-config.yaml. .pre-commit-config.yaml is part or can be part of the sync business by rhiza. We have currently no access or control over pyproject.toml. Would be interesting to get that...
@HarryCampion?

[gesta81]

I am not sure about moving stuff out of .pre-commit-config.yaml. .pre-commit-config.yaml is part or can be part of the sync business by rhiza. We have currently no access or control over pyproject.toml. Would be interesting to get that... @HarryCampion?

An alternative would be bandit.toml (similar to ruff.toml)

[tschm]

Yes, bandit.toml is a lot more in the spirit of rhiza. I know it's quite controversial to have all those little config files but they have a point!

[HarryCampion]

Not sure about another config file in the repo to manage, I think I prefer utilising the pyproject.toml (with the exception of ruff). We can add clear documentation on how to customise.

I think we can likely support both

https://bandit.readthedocs.io/en/latest/config.html

[tschm]

what happens if .pre-commit-config.yml points to pyproject.toml but pyproject.toml has no segment [tool.bandit]?