diff --git a/tox.ini b/tox.ini
index 4ba977cf..ae1cf711 100644
--- a/tox.ini
+++ b/tox.ini
@@ -1,5 +1,5 @@
 [tox]
-envlist = flake8, black, py27, py3
+envlist = bandit, flake8, black, py27, py3
 
 [testenv:flake8]
 deps =
@@ -8,6 +8,14 @@ whitelist_externals = sh
 commands =
     sh -c "flake8 pungi pungi_utils setup.py tests/*py"
 
+[testenv:bandit]
+basepython = python3
+skip_install = true
+deps = bandit
+commands =
+    bandit -r -ll pungi pungi_utils
+ignore_outcome = True
+
 [testenv:black]
 basepython = python3
 whitelist_externals = sh