diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 0c150c7..1bb4077 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -46,3 +46,9 @@ repos:
           - flake8-comprehensions==3.10.0
           - flake8-debugger==4.1.2
           - flake8-string-format==0.3.0
+  - repo: https://github.com/pycqa/bandit
+    rev: 1.7.4
+    hooks:
+      - id: bandit
+        args: [-c, pyproject.toml]
+        additional_dependencies: ["toml"]
diff --git a/pyproject.toml b/pyproject.toml
index c18fef5..3d9c7bf 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -81,3 +81,7 @@ disable = [
 [tool.pylint.variables]
 dummy-variables-rgx = "_+$|(_[a-zA-Z0-9_]*[a-zA-Z0-9]+?$)|dummy|^ignored_|^unused_"
 ignored-argument-names = "_.*|^ignored_|^unused_|args|kwargs"
+
+[tool.bandit]
+exclude_dirs = ["tests"]
+skips = ["B101"]
diff --git a/src/pytest_servers/s3.py b/src/pytest_servers/s3.py
index 413446b..4fe19a9 100644
--- a/src/pytest_servers/s3.py
+++ b/src/pytest_servers/s3.py
@@ -1,7 +1,7 @@
 import os
 import re
 import shlex
-import subprocess
+import subprocess  # nosec B404
 
 import pytest
 import requests
@@ -29,7 +29,7 @@ def start(self):
         try:
             # should fail since we didn't start server yet
             r = requests.get(self.endpoint_url, timeout=5)
-        except:  # noqa: E722, B001 # pylint: disable=bare-except
+        except:  # noqa: E722, B001 # nosec B110 # pylint: disable=bare-except
             pass
         else:
             if r.ok:
@@ -38,7 +38,7 @@ def start(self):
         # Making sure random warnings don't mess up our stderr parsing.
         env = {**os.environ, "PYTHONWARNINGS": "ignore"}
 
-        self.proc = subprocess.Popen(
+        self.proc = subprocess.Popen(  # nosec B603
             shlex.split(
                 "moto_server s3 -p 0",  # get a random port
             ),
diff --git a/src/pytest_servers/utils.py b/src/pytest_servers/utils.py
index a5af44a..56af6cd 100644
--- a/src/pytest_servers/utils.py
+++ b/src/pytest_servers/utils.py
@@ -30,7 +30,7 @@ def wait_until(pred, timeout: float, pause: float = 0.1):
 
 
 def random_string(n: int = 6):
-    return "".join(random.choices(string.ascii_lowercase, k=n))
+    return "".join(random.choices(string.ascii_lowercase, k=n))  # nosec B311
 
 
 @pytest.fixture(scope="session")