diff --git a/bandit.yaml b/bandit.yaml
index b4f54bd9..d9547f5c 100644
--- a/bandit.yaml
+++ b/bandit.yaml
@@ -36,6 +36,7 @@ profiles:
     ShellInjection:
         include:
             - subprocess_popen_with_shell_equals_true
+            - subprocess_without_shell_equals_true
             - any_other_function_with_shell_equals_true
             - start_process_with_a_shell
             - start_process_with_no_shell
diff --git a/bandit/plugins/injection_shell.py b/bandit/plugins/injection_shell.py
index e0bfcddc..e10bb79b 100644
--- a/bandit/plugins/injection_shell.py
+++ b/bandit/plugins/injection_shell.py
@@ -29,6 +29,14 @@ def subprocess_popen_with_shell_equals_true(context, config):
                    context.call_args_string)
 
 
+@takes_config('shell_injection')
+@checks('Call')
+def subprocess_without_shell_equals_true(context, config):
+    if config and context.call_function_name_qual in config['subprocess']:
+        if not context.check_call_arg_value('shell', 'True'):
+            return (bandit.INFO, 'subprocess call without a subshell.')
+
+
 @takes_config('shell_injection')
 @checks('Call')
 def any_other_function_with_shell_equals_true(context, config):
diff --git a/tests/test_functional.py b/tests/test_functional.py
index 636aab0a..680ace60 100644
--- a/tests/test_functional.py
+++ b/tests/test_functional.py
@@ -190,7 +190,7 @@ class FunctionalTests(unittest.TestCase):
 
     def test_subprocess_shell(self):
         '''Test for `subprocess.Popen` with `shell=True`.'''
-        self.check_example('subprocess_shell.py', info=2, warn=1, error=5)
+        self.check_example('subprocess_shell.py', info=7, warn=1, error=5)
 
     def test_urlopen(self):
         '''Test for dangerous URL opening.'''
@@ -198,11 +198,11 @@ class FunctionalTests(unittest.TestCase):
 
     def test_utils_shell(self):
         '''Test for `utils.execute*` with `shell=True`.'''
-        self.check_example('utils-shell.py', info=0, error=4)
+        self.check_example('utils-shell.py', info=1, error=4)
 
     def test_wildcard_injection(self):
         '''Test for wildcard injection in shell commands.'''
-        self.check_example('wildcard-injection.py', info=2, error=8)
+        self.check_example('wildcard-injection.py', info=6, error=8)
 
     def test_yaml(self):
         '''Test for `yaml.load`.'''