3 files changed, 11 insertions, 2 deletions

diff --git a/osprofiler/_utils.py b/osprofiler/_utils.py
index 4f839b6..82e3977 100644
--- a/osprofiler/_utils.py
+++ b/osprofiler/_utils.py
@@ -128,7 +128,7 @@ def signed_unpack(data, hmac_data, hmac_keys):
     for hmac_key in hmac_keys:
         try:
             user_hmac_data = generate_hmac(data, hmac_key)
-        except Exception:
+        except Exception:  # nosec
             pass
         else:
             if compare_digest(hmac_data, user_hmac_data):
diff --git a/test-requirements.txt b/test-requirements.txt
index 8ba925b..8e36aa8 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -9,3 +9,6 @@ testtools>=1.4.0
 
 oslosphinx>=2.5.0,!=3.4.0  # Apache-2.0
 sphinx>=1.1.2,!=1.2.0,!=1.3b1,<1.3
+
+# Bandit security code scanner
+bandit>=0.17.3 # Apache-2.0
\ No newline at end of file
diff --git a/tox.ini b/tox.ini
index 12e18de..204b9a4 100644
--- a/tox.ini
+++ b/tox.ini
@@ -17,7 +17,10 @@ commands = python setup.py testr --slowest --testr-args='{posargs}'
 distribute = false
 
 [testenv:pep8]
-commands = flake8
+commands =
+  flake8
+  # Run security linter
+  bandit -r osprofiler -n5
 distribute = false
 
 [testenv:venv]
@@ -30,6 +33,9 @@ commands = python setup.py testr --coverage --testr-args='{posargs}'
 changedir = doc/source
 commands = make html
 
+[testenv:bandit]
+commands = bandit -r osprofiler -n5
+
 [flake8]
 show-source = true
 builtins = _