diff --git a/neutron_lib/callbacks/registry.py b/neutron_lib/callbacks/registry.py
index 39d026f8a..5a7a6e61c 100644
--- a/neutron_lib/callbacks/registry.py
+++ b/neutron_lib/callbacks/registry.py
@@ -13,6 +13,7 @@
 import collections
 import inspect
 
+from neutron_lib._i18n import _
 from neutron_lib.callbacks import manager
 from neutron_lib.callbacks import priority_group
 
@@ -70,7 +71,9 @@ def receives(resource, events, priority=priority_group.PRIORITY_DEFAULT):
     @has_registry_receivers decorator to setup the __new__ method to
     actually register the instance methods after initialization.
     """
-    assert isinstance(events, (list, tuple, set)), 'events must be collection'
+    if not isinstance(events, (list, tuple, set)):
+        msg = _("'events' must be a collection (list, tuple, set)")
+        raise AssertionError(msg)
 
     def decorator(f):
         for e in events:
diff --git a/neutron_lib/db/api.py b/neutron_lib/db/api.py
index 26f0b278a..ea6aab9db 100644
--- a/neutron_lib/db/api.py
+++ b/neutron_lib/db/api.py
@@ -345,4 +345,7 @@ def _load_one_to_manys(session):
                 continue
             if relationship_attr.key not in state.dict:
                 getattr(new_object, relationship_attr.key)
-                assert relationship_attr.key in state.dict
+                if relationship_attr.key not in state.dict:
+                    msg = ("Relationship %s attributes must be loaded in db "
+                           "object %s" % (relationship_attr.key, state.dict))
+                    raise AssertionError(msg)
diff --git a/test-requirements.txt b/test-requirements.txt
index 7cbb692c0..b2318b1de 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -4,6 +4,7 @@
 
 hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0
 
+bandit>=1.1.0 # Apache-2.0
 coverage!=4.4,>=4.0 # Apache-2.0
 fixtures>=3.0.0 # Apache-2.0/BSD
 flake8-import-order==0.12 # LGPLv3
diff --git a/tox.ini b/tox.ini
index ac3b93f61..8bdd5795e 100644
--- a/tox.ini
+++ b/tox.ini
@@ -24,6 +24,7 @@ basepython = python3
 commands =
   flake8
   {toxinidir}/tools/check_samples.sh
+  {[testenv:bandit]commands}
 
 [testenv:releasenotes]
 basepython = python3
@@ -96,6 +97,11 @@ show-source = True
 exclude=.venv,.git,.tox,dist,doc,*lib/python*,*egg,build,tools
 import-order-style = pep8
 
+[testenv:bandit]
+# B104: Possible binding to all interfaces
+deps = -r{toxinidir}/test-requirements.txt
+commands = bandit -r neutron_lib -x tests -n5 -s B104
+
 [hacking]
 import_exceptions = neutron_lib._i18n
 local-check-factory = neutron_lib.hacking.checks._neutron_lib_factory