diff --git a/ooi/wsgi/__init__.py b/ooi/wsgi/__init__.py
index 8aae506..ba48995 100644
--- a/ooi/wsgi/__init__.py
+++ b/ooi/wsgi/__init__.py
@@ -39,7 +39,7 @@ LOG = logging.getLogger(__name__)
 
 occi_opts = [
     config.cfg.StrOpt('ooi_listen',
-                      default="0.0.0.0",
+                      default="0.0.0.0",  # nosec
                       help='The IP address on which the OCCI (ooi) API '
                            'will listen.'),
     config.cfg.IntOpt('ooi_listen_port',
diff --git a/test-requirements.txt b/test-requirements.txt
index abb1590..bb2c6fb 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -1,4 +1,5 @@
-hacking>=0.9.2,<0.10
+hacking>=0.9.2,<0.10a
+bandit>=1.1.0 # Apache-2.0
 coverage>=3.6
 fixtures>=0.3.14
 python-subunit>=0.0.18
diff --git a/tox.ini b/tox.ini
index e34b6e1..b4fa8d5 100644
--- a/tox.ini
+++ b/tox.ini
@@ -29,7 +29,17 @@ commands =
 
 
 [testenv:pep8]
-commands = flake8
+commands = 
+  flake8
+  # Run security linter
+  # B110: except: pass
+  # B410: importing etree
+  bandit -r ooi -x tests -s B110,B410
+
+[testenv:bandit]
+# NOTE(browne): This is required for the integration test job of the bandit
+# project. Please do not remove.
+commands = bandit -r ooi -x tests -s B110,B410
 
 [testenv:venv]
 commands = {posargs}