diff --git a/.zuul.yaml b/.zuul.yaml
index fddf5ec9..05cb8584 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -12,6 +12,7 @@
             voting: false
         - manila-ui-integration-tests:
             voting: false
+        - manila-ui-tox-bandit
     gate:
       jobs:
         - manila-ui-integration-tests:
@@ -87,3 +88,18 @@
       devstack_services:
         horizon: true
       tox_envlist: integration
+
+
+- job:
+  # Security testing for known issues
+    name: manila-ui-tox-bandit
+    parent: openstack-tox
+    timeout: 2400
+    vars:
+      tox_envlist: bandit
+    irrelevant-files:
+      - ^.*\.rst$
+      - ^doc/.*$
+      - ^manila-ui/tests/.*$
+      - ^releasenotes/.*$
+      - ^tox.ini$
diff --git a/manila_ui/dashboards/utils.py b/manila_ui/dashboards/utils.py
index 25eb0dec..a77e955d 100644
--- a/manila_ui/dashboards/utils.py
+++ b/manila_ui/dashboards/utils.py
@@ -96,7 +96,7 @@ def metadata_to_str(metadata, meta_visible_limit=4, text_length_limit=25):
     meta_str = "<br/>".join(meta)
     if len(metadata.keys()) > meta_visible_limit and meta_str[-3:] != "...":
         meta_str += '...'
-    return mark_safe(meta_str)
+    return mark_safe(meta_str)  # nosec B308
 
 
 def get_nice_security_service_type(security_service):
diff --git a/tox.ini b/tox.ini
index ac8be8f4..8d1e364b 100644
--- a/tox.ini
+++ b/tox.ini
@@ -31,6 +31,10 @@ commands =
   pip install {env:HORIZON_REPO:git+https://opendev.org/openstack/horizon}
   {[testenv]commands}
 
+[testenv:bandit]
+deps = bandit
+commands = bandit -r manila_ui -x manila_ui/tests/* -n5 -ll
+
 [testenv:integration]
 # Run integration tests only
 passenv = AVCONV_INSTALLED