diff --git a/.bandit.yml b/.bandit.yml
new file mode 100644
index 0000000..46bab94
--- /dev/null
+++ b/.bandit.yml
@@ -0,0 +1,12 @@
+# Configuration file for the Bandit python security scanner
+# https://bandit.readthedocs.io/en/latest/config.html
+
+# Tests are first included by `tests`, and then excluded by `skips`.
+# If `tests` is empty, all tests are are considered included.
+
+tests:
+  #- B101
+  #- B102
+
+skips:
+  #- B101 # skip "assert used" check since assertions are required in pytests
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index fb12c99..2a03327 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -52,6 +52,8 @@ repos:
     rev: 2a1dbab
     hooks:
       - id: bandit
+        args:
+          - --config=.bandit.yml
   - repo: https://github.com/ambv/black
     rev: 19.3b0
     hooks: