diff --git a/test-requirements-bandit.txt b/test-requirements-bandit.txt
new file mode 100644
index 0000000000..6a5a0a98de
--- /dev/null
+++ b/test-requirements-bandit.txt
@@ -0,0 +1 @@
+bandit==0.10.0
diff --git a/tox.ini b/tox.ini
index ba714d38e0..2453e140a1 100644
--- a/tox.ini
+++ b/tox.ini
@@ -26,7 +26,7 @@ commands = flake8
 commands = {posargs}
 
 [testenv:bandit]
-deps = bandit~=0.10.0
+deps = -r{toxinidir}/test-requirements-bandit.txt
 commands = bandit -c bandit.yaml -r magnum -n5 -p magnum_conservative
 
 [testenv:cover]