diff --git a/cookiecutter.json b/cookiecutter.json
index 4c354f7..e9d6d3b 100644
--- a/cookiecutter.json
+++ b/cookiecutter.json
@@ -14,6 +14,7 @@
     "version": "0.0.1-dev",
 
     "use_black_formatter": "n",
+    "use_bandit_sec_scan": "n",
     "use_spellcheck": "n",
 
     "ci": "{% if cookiecutter.vs|lower == 'github' %}azure{% else %}jenkins{% endif %}",
diff --git a/{{cookiecutter.project_name}}/requirements_dev.txt b/{{cookiecutter.project_name}}/requirements_dev.txt
index 7ef5e3e..c0f18f9 100644
--- a/{{cookiecutter.project_name}}/requirements_dev.txt
+++ b/{{cookiecutter.project_name}}/requirements_dev.txt
@@ -24,6 +24,9 @@ tox==3.12.1
 {% if cookiecutter.use_black_formatter|lower == "y" -%}
 pytest-black==0.3.7
 {% endif %}
+{% if cookiecutter.use_bandit_sec_scan|lower == "y" -%}
+pytest-bandit==0.5.1
+{% endif %}
 {% if cookiecutter.use_spellcheck|lower == "y" -%}
 pyenchant==2.0.0
 {% endif %}
\ No newline at end of file
diff --git a/{{cookiecutter.project_name}}/setup.cfg b/{{cookiecutter.project_name}}/setup.cfg
index 3d563ec..6d57379 100644
--- a/{{cookiecutter.project_name}}/setup.cfg
+++ b/{{cookiecutter.project_name}}/setup.cfg
@@ -26,6 +26,10 @@ test = pytest
 addopts = -s -vv --cov-report xml:build/coverage.xml --cov-report term --cov-branch --cov {{ cookiecutter.project_slug }} --junitxml=build/test_results.xml{% if cookiecutter.use_black_formatter|lower == "y" %} --black{% endif %}
 testpaths = tests{% if cookiecutter.use_black_formatter|lower == "y" %} {{ cookiecutter.project_slug }} {% endif %}
 collect_ignore = ['setup.py']
+{% if cookiecutter.use_bandit_sec_scan|lower == "y" -%}
+bandit_targets = {{ cookiecutter.project_slug }}
+bandit_recurse = true
+{% endif %}
 
 [coverage:report]
 show_missing = true