diff --git a/.zuul.yaml b/.zuul.yaml
index 17f6011..c9ec30d 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -17,6 +17,16 @@
     check:
       jobs:
         - openstack-tox-pep8
+        - spyglass-plugin-xls-dependency-vulnerability-check
     gate:
       jobs:
         - openstack-tox-pep8
+        - spyglass-plugin-xls-dependency-vulnerability-check
+
+- job:
+    name: spyglass-plugin-xls-dependency-vulnerability-check
+    parent: openstack-tox
+    voting: false
+    timeout: 600
+    vars:
+      tox_envlist: safety
diff --git a/tox.ini b/tox.ini
index 8669f2f..9a2959c 100644
--- a/tox.ini
+++ b/tox.ini
@@ -35,13 +35,11 @@ commands =
   yapf -dr {toxinidir}/spyglass_plugin_xls {toxinidir}/setup.py {toxinidir}/tests
   flake8 {toxinidir}/spyglass_plugin_xls {toxinidir}/tests
   bandit -r spyglass_plugin_xls -n 5
-  safety check -r {toxinidir}/requirements.txt \
-               -r {toxinidir}/test-requirements.txt \
-               -r {toxinidir}/doc/requirements.txt --bare
 whitelist_externals =
   bash
 
 [testenv:safety]
+basepython = python3
 deps =
     safety
 commands =
@@ -50,6 +48,7 @@ commands =
     safety check -r {toxinidir}/doc/requirements.txt --full-report
 
 [testenv:bandit]
+basepython = python3
 deps =
     bandit
 commands = bandit -r spyglass_plugin_xls -n 5