diff --git a/test-requirements.txt b/test-requirements.txt
index 8bf9550..bb687d2 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -24,3 +24,6 @@ tempest>=14.0.0 # Apache-2.0
 
 # Functional tests.
 requests!=2.12.2,!=2.13.0,>=2.10.0 # Apache-2.0
+
+# Bandit security scanning
+bandit>=1.1.0 # Apache-2.0
diff --git a/tox.ini b/tox.ini
index 64df0a8..e9a676b 100644
--- a/tox.ini
+++ b/tox.ini
@@ -44,6 +44,9 @@ commands =
 whitelist_externals =
     bash
 
+[testenv:bandit]
+commands = bandit -r valet -x tests -n 5 -l
+
 [flake8]
 filename = *.py
 show-source = true