diff --git a/.bandit b/.bandit
new file mode 100644
index 00000000000..77d920ac2ce
--- /dev/null
+++ b/.bandit
@@ -0,0 +1,2 @@
+[bandit]
+exclude: salt/ext/tornado/*
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index e57ef8a03ef..1bcc4af5de5 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1144,6 +1144,31 @@ repos:
         additional_dependencies: [black==19.10b0]
   # <---- Code Formatting --------------------------------------------------------------------------------------------
 
+  # ----- Security -------------------------------------------------------------------------------------------------->
+  - repo: https://github.com/PyCQA/bandit
+    rev: "1.7.0"
+    hooks:
+      - id: bandit
+        alias: bandit-salt
+        name: Run bandit against Salt
+        args: [--silent, -lll]
+        exclude: >
+            (?x)^(
+                templates/.*|
+                salt/ext/.*|
+                tests/.*
+            )$
+  - repo: https://github.com/PyCQA/bandit
+    rev: "1.7.0"
+    hooks:
+      - id: bandit
+        alias: bandit-tests
+        name: Run bandit against the test suite
+        args: [--silent, -lll]
+        files: ^tests/.*
+        exclude: ^tests/minionswarm\.py
+  # <---- Security ---------------------------------------------------------------------------------------------------
+
   # ----- Pre-Commit ------------------------------------------------------------------------------------------------>
   - repo: https://github.com/saltstack/mirrors-nox
     rev: v2020.8.22