diff --git a/.zuul.yaml b/.zuul.yaml
index 55c1a5e6ba..caac3c3004 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -22,6 +22,8 @@
             voting: false
         - trove-tox-fakemodetests
         - trove-tox-apiexamples
+        - trove-tox-bandit-baseline:
+            voting: false
     gate:
       queue: trove
       jobs:
@@ -331,3 +333,26 @@
     parent: openstack-tox-py27
     vars:
       tox_envlist: apiexamples
+
+- job:
+    name: trove-tox-bandit-baseline
+    parent: openstack-tox
+    timeout: 2400
+    vars:
+        tox_envlist: bandit-baseline
+    required-projects:
+        - openstack/requirements
+    irrelevant-files:
+        - ^.*\.rst$
+        - ^.*\.txt$
+        - ^api-ref/.*$
+        - ^apidocs/.*$
+        - ^contrib/.*$
+        - ^doc/.*$
+        - ^etc/.*$
+        - ^releasenotes/.*$
+        - ^setup.cfg$
+        - ^tools/.*$
+        - ^trove/hacking/.*$
+        - ^trove/tests/scenario/.*$
+        - ^trove/tests/unittests/.*$
diff --git a/tox.ini b/tox.ini
index 837eb2afdc..e224c6f825 100644
--- a/tox.ini
+++ b/tox.ini
@@ -100,6 +100,10 @@ commands = sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasen
 [testenv:bandit]
 commands = bandit -r trove -n5 -x tests
 
+[testenv:bandit-baseline]
+envdir = {toxworkdir}/bandit
+commands = bandit-baseline -r trove -n5 -x tests -ii -ll
+
 [testenv:install-guide]
 commands = sphinx-build -a -E -W -d install-guide/build/doctrees -b html install-guide/source install-guide/build/html