diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000..85377ed
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,30 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: trailing-whitespace
+      # Replaces or checks mixed line ending
+      - id: mixed-line-ending
+        args: ['--fix', 'lf']
+        exclude: '.*\.(svg)$'
+      # Forbid files which have a UTF-8 byte-order marker
+      - id: check-byte-order-marker
+      # Checks that non-binary executables have a proper shebang
+      - id: check-executables-have-shebangs
+      # Check for files that contain merge conflict strings.
+      - id: check-merge-conflict
+      # Check for debugger imports and py37+ breakpoint()
+      # calls in python source
+      - id: debug-statements
+      - id: check-yaml
+        files: .*\.(yaml|yml)$
+  - repo: https://opendev.org/openstack/hacking
+    rev: 7.0.0
+    hooks:
+      - id: hacking
+        additional_dependencies: []
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1.7.10
+    hooks:
+      - id: bandit
+        args: ['-x', 'tests']
diff --git a/test-requirements.txt b/test-requirements.txt
index fc6082c..04b760e 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -1,6 +1,3 @@
-hacking>=6.1.0,<6.2.0 # Apache-2.0
 oslotest>=3.2.0 # Apache-2.0
-# Bandit security code scanner
-bandit>=1.7.0,<1.8.0 # Apache-2.0
 stestr>=2.0.0 # Apache-2.0
 coverage>=4.0 # Apache-2.0
diff --git a/tox.ini b/tox.ini
index 5df9975..bffa34f 100644
--- a/tox.ini
+++ b/tox.ini
@@ -15,10 +15,10 @@ commands =
   stestr run --slowest {posargs}
 
 [testenv:pep8]
-deps = {[testenv]deps}
+deps =
+  pre-commit
 commands =
-  flake8
-  bandit -r oslo_metrics -x tests -n5
+  pre-commit run -a
 
 [testenv:venv]
 commands = {posargs}