Corrected documentation on configuration (PyCQA#868)

* .bandit is INI file * Describe how to make Bandit read an INI file * Remove descriptions about "profile" "Profile" is deprecated, legacy and undocumented. Note: decriptions about profile are still in man pages or help messages. * Revert "Remove descriptions about "profile"" This reverts commit c4b2d52.
shiftinv · Apr 24, 2022 · a2ac371 · a2ac371
1 parent cd26ded
commit a2ac371
Showing 1 changed file with 10 additions and 6 deletions.
diff --git a/doc/source/config.rst b/doc/source/config.rst
@@ -5,7 +5,7 @@ Configuration
 Bandit Settings
 ---------------
 
-Projects may include a YAML file named `.bandit` that specifies command line
+Projects may include an INI file named `.bandit` that specifies command line
 arguments that should be supplied for that project. The currently supported
 arguments are:
 
@@ -14,21 +14,25 @@ arguments are:
  - skips: comma separated list of tests to skip
  - tests: comma separated list of tests to run
 
-To use this, put a YAML file named `.bandit` in your project's directory.
+To use this, put an INI file named `.bandit` in your project's directory.
+Command line arguments must be in `[bandit]` section.
 For example:
 
 ::
 
+   [bandit]
    exclude: /test
 
 ::
 
-   tests:
-     - B101
-     - B102
-     - B301
+   [bandit]
+   tests = B101,B102,B301
 
 
+Note that Bandit will look for `.bandit` file only if it is invoked with `-r` option.
+If you do not use `-r` or the INI file's name is not `.bandit`, you can specify
+the file's path explicitly with `--ini` option.
+
 Exclusions
 ----------
 In the event that a line of code triggers a Bandit issue, but that the line