diff --git a/tox.ini b/tox.ini
index 0d996c131da..f3b52ae4335 100644
--- a/tox.ini
+++ b/tox.ini
@@ -181,10 +181,11 @@ local-check-factory = neutron.hacking.checks.factory
 [testenv:bandit]
 basepython = python3
 # B104: Possible binding to all interfaces
-# B111: Execute with run_as_root=True identified, possible security issue
+# B303: blacklist calls: md5, sha1
 # B311: Standard pseudo-random generators are not suitable for security/cryptographic purpose
+# B604: any_other_function_with_shell_equals_true
 deps = -r{toxinidir}/test-requirements.txt
-commands = bandit -r neutron -x tests -n5 -s B104,B111,B311
+commands = bandit -r neutron -x tests -n5 -s B104,B303,B311,B604
 
 [testenv:bashate]
 basepython = python3