diff --git a/.zuul.yaml b/.zuul.yaml
index 47ced40d..a99ba8fd 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -4,10 +4,14 @@
       jobs:
         - openstack-tox-linters
         - stx-tox-pylint
+        - utilities-ceph-manager-tox-bandit
+        - utilities-ceph-client-tox-bandit
     gate:
       jobs:
         - openstack-tox-linters
         - stx-tox-pylint
+        - utilities-ceph-manager-tox-bandit
+        - utilities-ceph-client-tox-bandit
     post:
       jobs:
         - stx-utilities-upload-git-mirror
@@ -35,6 +39,30 @@
         secret: stx-utilities-github-secret
         pass-to-parent: true
 
+- job:
+    name: utilities-ceph-manager-tox-bandit
+    parent: tox
+    description: |
+      Run bandit test for utilities ceph-mananger
+    nodeset: ubuntu-bionic
+    files:
+      - ./ceph/ceph-manager/ceph-manager/*
+    vars:
+      tox_envlist: bandit
+      tox_extra_args: -c ./ceph/ceph-manager/ceph-manager/tox.ini
+
+- job:
+    name: utilities-ceph-client-tox-bandit
+    parent: tox
+    description: |
+      Run bandit test for utilities python-cephclient
+    nodeset: ubuntu-bionic
+    files:
+      - ./ceph/python-cephclient/python-cephclient/*
+    vars:
+      tox_envlist: bandit
+      tox_extra_args: -c ./ceph/python-cephclient/python-cephclient/tox.ini
+
 - secret:
     name: stx-utilities-github-secret
     data:
diff --git a/ceph/ceph-manager/ceph-manager/test-requirements.txt b/ceph/ceph-manager/ceph-manager/test-requirements.txt
index 1fdf2056..92f7ee41 100644
--- a/ceph/ceph-manager/ceph-manager/test-requirements.txt
+++ b/ceph/ceph-manager/ceph-manager/test-requirements.txt
@@ -2,9 +2,10 @@
 # of appearance. Changing the order has an impact on the overall integration
 # process, which may cause wedges in the gate later.
 
+bandit;python_version>="3.0"
 mock
 flake8
 eventlet
 pytest
 oslo.log
-oslo.i18n
\ No newline at end of file
+oslo.i18n
diff --git a/ceph/ceph-manager/ceph-manager/tox.ini b/ceph/ceph-manager/ceph-manager/tox.ini
index cad30d50..7b9b1b8b 100644
--- a/ceph/ceph-manager/ceph-manager/tox.ini
+++ b/ceph/ceph-manager/ceph-manager/tox.ini
@@ -22,3 +22,18 @@ commands =
 
 [flake8]
 exclude = .venv,.git,.tox,dist,doc,etc,*glance/locale*,*lib/python*,*egg,build
+
+[bandit]
+# The following bandit tests are being skipped:
+# B104 file contains only comments (ie: license)
+# B110: Try, Except, Pass detected.
+#
+# Note: 'skips' entry cannot be split across multiple lines
+#
+skips = B104,B110
+exclude = tests
+
+[testenv:bandit]
+basepython = python3
+deps = -r{toxinidir}/test-requirements.txt
+commands = bandit --ini tox.ini -n 5 -r ceph_manager
diff --git a/ceph/python-cephclient/python-cephclient/test-requirements.txt b/ceph/python-cephclient/python-cephclient/test-requirements.txt
index 7f573334..b0f91765 100644
--- a/ceph/python-cephclient/python-cephclient/test-requirements.txt
+++ b/ceph/python-cephclient/python-cephclient/test-requirements.txt
@@ -2,5 +2,6 @@
 # of appearance. Changing the order has an impact on the overall integration
 # process, which may cause wedges in the gate later.
 
+bandit;python_version>="3.0"
 flake8
 pytest
diff --git a/ceph/python-cephclient/python-cephclient/tox.ini b/ceph/python-cephclient/python-cephclient/tox.ini
index c948b756..8be67d0d 100644
--- a/ceph/python-cephclient/python-cephclient/tox.ini
+++ b/ceph/python-cephclient/python-cephclient/tox.ini
@@ -1,12 +1,12 @@
 [tox]
 envlist = py27,pep8
 skipsdist = True
-toxworkdir = /tmp/{env:USER}_ceph_manager_tox
+toxworkdir = /tmp/{env:USER}_python_cephclient_tox
 
 [testenv]
 setenv = VIRTUAL_ENV={envdir}
 usedevelop = True
-install_command = pip install --no-binary --upgrade --force-reinstall {opts} {packages}
+install_command = pip install -U --force-reinstall {opts} {packages}
 deps = -r{toxinidir}/test-requirements.txt
 commands = py.test {posargs}
 whitelist_externals = bash
@@ -17,3 +17,19 @@ commands =
 
 [flake8]
 exclude = .venv,.git,.tox,dist,doc,*lib/python*,*egg,build
+
+[bandit]
+# The following bandit tests are being skipped:
+# B101: Test for use of assert
+# B404: Import of subprocess modul
+# B602: Test for use of popen with shell equals true
+#
+# Note: 'skips' entry cannot be split across multiple lines
+#
+skips = B101,B404,B602
+exclude = tests
+
+[testenv:bandit]
+basepython = python3
+deps = -r{toxinidir}/test-requirements.txt
+commands = bandit --ini tox.ini -n 5 -r cephclient
diff --git a/tox.ini b/tox.ini
index dad3985f..30fc61c9 100644
--- a/tox.ini
+++ b/tox.ini
@@ -98,3 +98,7 @@ commands = pylint {posargs}                                          \
 commands =
     {[testenv:bashate]commands}
     {[testenv:flake8]commands}
+
+[testenv:bandit]
+basepython = python3
+description = Dummy environment to allow bandit to be run in subdir tox