Support for pyproject.toml as config file format

[a-recknagel]

PEP 518 specifies a config format that can be exploited by dev tools through designated sections, given their pyPI domain. The toml format is very basic and should allow a simple 1 to 1 mapping of the existing config, since it is more on the minimal side. Given the following .bandit file:

[bandit]
targets: src
skips: B101,B110

Its section in a pyproject.toml would look like this:

[tool.bandit]
targets = ["src"]
skips = ["B101", "B110"]

The sole gain of supporting this would be to reduce the amount of additional config files needed for using bandit in a python project that uses PEP 518 in some way from 1 to 0.

---

Discussions on other tools regarding the same issue:

• Support for pyproject.toml python/mypy#5205
• implement support for PEP-518 - the tool.pytest key in pyproject.toml pytest-dev/pytest#1556
• Allow configuration via pyproject.toml nedbat/coveragepy#664

[ericwb]

Note, there is a PR in progress: #401

[a-recknagel]

Thanks for pointing it out, I only searched the issues. Since it just extends the yaml config (that I wasn't even aware of), it should handle the example I proposed and much more, so it would close this issue satisfactorily.

[moon-bits]

@ericwb I'm sorry to say that: But this is getting ridiculous.

There is a pending PR #401 since October 2018, and you waste the time of the poor guy that still maintains the branch to keep it free from merge conflicts.

Just merge it and please don't block it unnecessarily. We wait since 2 years for that feature that has been already implemented.

[derek-miller]

Any update here? Can you either merge the PR or reject it? Nearly all other linting related packages have support for pyproject.toml at this point and a shame users still need to use multiple configuration files for a solved problem.

[grizz]

Seriously... please? :)

[kasium]

Guys, this feature is really requested. We have already a finished PR by @orsinium. Can you please finally decide on this?
@ericwb can you please have a look?

[kasium]

Thanks a lot! Can you please publish a new release so that users can actually use it?

[WayneLambert]

Like others, I agree that it would be really great if a new release was on PyPI so that the Python community can benefit from the work that @orsinium and the other contributors/maintainers have done.

[PabloLec]

Same here, given the age of the last release and the number of updates pending I think a new version should already be out.

[orsinium]

I did the PR 4 Hacktoberfest's ago, since then I have changed 3 cities, 2 countries, and 4 jobs, built a house, created 50+ small projects. So, be patient and just don't make expectations about the release date 😉

[PabloLec]

Ok, I guess I'll focus on building a house too and come back later 😉