diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 07917d34..10f19c51 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -23,3 +23,8 @@ repos:
     hooks:
       - id: hacking
         additional_dependencies: []
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1.7.6
+    hooks:
+      - id: bandit
+        args: ['-x', 'tests']
diff --git a/test-requirements.txt b/test-requirements.txt
index 430238d0..f637ba37 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -1,10 +1,6 @@
-hacking>=6.1.0,<6.2.0 # Apache-2.0
 oslotest>=3.2.0 # Apache-2.0
 pifpaf>=0.10.0 # Apache-2.0
-# Bandit security code scanner
-bandit>=1.7.0,<1.8.0 # Apache-2.0
 stestr>=2.0.0 # Apache-2.0
-pre-commit>=2.6.0 # MIT
 pymemcache>=3.5.0 # Apache-2.0
 python-binary-memcached>=0.29.0 # MIT
 python-memcached>=1.56 # PSF
diff --git a/tox.ini b/tox.ini
index e5f5af8f..9874b3fd 100644
--- a/tox.ini
+++ b/tox.ini
@@ -20,11 +20,10 @@ commands =
   pifpaf -e OSLO_CACHE_TEST run {env:PIFPAF_DAEMON} -- stestr run --slowest
 
 [testenv:pep8]
-deps = {[testenv]deps}
+deps =
+  pre-commit
 commands =
   pre-commit run -a
-  # Run security linter
-  bandit -r oslo_cache -x tests -n5
 
 [testenv:venv]
 commands = {posargs}