diff --git a/.zuul.yaml b/.zuul.yaml
index 13481aa4..15681e1f 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -7,6 +7,7 @@
     check:
       jobs:
         - openstack-tox-linters
+        - py3-bandit
         - patch-tox-flake8
         - patch-tox-pylint
         - patch-tox-py27
@@ -18,6 +19,7 @@
     gate:
       jobs:
         - openstack-tox-linters
+        - py3-bandit
         - patch-tox-flake8
         - patch-tox-pylint
         - patch-tox-py27
@@ -27,6 +29,12 @@
         - patch-alarm-tox-py27
         - patch-alarm-tox-py36
 
+- job:
+    name: py3-bandit
+    parent: tox
+    vars:
+      tox_envlist: bandit
+
 - job:
     name: patch-tox-flake8
     parent: tox
diff --git a/cgcs-patch/cgcs-patch/tox.ini b/cgcs-patch/cgcs-patch/tox.ini
index ba9c568b..f44030de 100644
--- a/cgcs-patch/cgcs-patch/tox.ini
+++ b/cgcs-patch/cgcs-patch/tox.ini
@@ -53,6 +53,31 @@ commands = {[testenv:stestr]commands}
 basepython = python3.6
 commands = {[testenv:stestr]commands}
 
+[bandit]
+# B101: Test for use of assert
+# B104: Test for binding to all interfaces
+# B110: Try, Except, Pass detected.
+# B303: Use of insecure MD2, MD4, MD5, or SHA1 hash function.
+# B311: Standard pseudo-random generators are not suitable for security/cryptographic purposes
+# B314: Blacklisted calls to xml.etree.ElementTree
+# B318: Blacklisted calls to xml.dom.minidom
+# B404: Import of subprocess module
+# B405: import xml.etree
+# B408: import xml.minidom
+# B413: import pyCrypto
+# B506: Test for use of yaml load
+# B602: Test for use of popen with shell equals true
+# B603: Test for use of subprocess without shell equals true
+# B607: Test for starting a process with a partial path
+skips = B101,B104,B110,B303,B311,B314,B318,B404,B405,B408,B413,B506,B602,B603,B607
+exclude = tests
+
+[testenv:bandit]
+basepython = python3
+deps = -r{toxinidir}/test-requirements.txt
+        bandit
+commands = bandit --ini tox.ini -n 5 -r cgcs_patch
+
 [flake8]
 # ignore below errors , will fix flake8 errors in future
 # H101  Use TODO(NAME)
diff --git a/patch-alarm/patch-alarm/tox.ini b/patch-alarm/patch-alarm/tox.ini
index ed9063db..653c1183 100644
--- a/patch-alarm/patch-alarm/tox.ini
+++ b/patch-alarm/patch-alarm/tox.ini
@@ -54,6 +54,15 @@ commands = {[testenv:stestr]commands}
 basepython = python3.6
 commands = {[testenv:stestr]commands}
 
+[bandit]
+exclude = tests
+
+[testenv:bandit]
+basepython = python3
+deps = -r{toxinidir}/test-requirements.txt
+        bandit
+commands = bandit --ini tox.ini -n 5 -r patch_alarm
+
 [flake8]
 # ignore below errors , will fix flake8 errors in future
 # H102  Apache 2.0 license header not found
diff --git a/tox.ini b/tox.ini
index fe981dd8..d0a3d287 100644
--- a/tox.ini
+++ b/tox.ini
@@ -90,6 +90,16 @@ commands = {[testenv]commands}
            tox -c cgcs-patch/cgcs-patch -e py36
            tox -c patch-alarm/patch-alarm -e py36
 
+[testenv:bandit]
+basepython = python3
+commands = {[testenv]commands}
+           tox -c cgcs-patch/cgcs-patch -e bandit
+           tox -c patch-alarm/patch-alarm -e bandit
+deps = {[testenv]deps}
+recreate = True
+whitelist_externals = find
+                      tox
+
 [testenv:pylint]
 basepython = python2.7
 deps = {[testenv]deps}