diff --git a/.zuul.yaml b/.zuul.yaml
index 71d9884e..af74b34b 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -18,6 +18,7 @@
             voting: false
         - airship-shipyard-tox-py35
         - airship-shipyard-pep8
+        - airship-shipyard-security-bandit
         - airship-shipyard-image
     gate:
       jobs:
@@ -30,14 +31,21 @@
         #       - ^releasenotes/.*$
         - airship-shipyard-tox-py35
         - airship-shipyard-pep8
+        - airship-shipyard-security-bandit
         - airship-shipyard-image
 
+- nodeset:
+    name: airship-shipyard-single-node
+    nodes:
+      - name: primary
+        label: ubuntu-xenial
+
 - job:
     name: airship-shipyard-linter
     description: |
       Lints all files by checking them for whitespace.
     run: tools/gate/playbooks/zuul-linter.yaml
-    nodeset: openstack-helm-single-node
+    nodeset: airship-shipyard-single-node
 
 - job:
     name: airship-shipyard-base
@@ -63,7 +71,7 @@
 - job:
     name: airship-shipyard-ubuntu
     parent: airship-shipyard-base
-    nodeset: openstack-helm-single-node
+    nodeset: airship-shipyard-single-node
 
 - job:
     name: airship-shipyard-tox-base
@@ -90,7 +98,7 @@
       Run tox-based tests for the Airship Shipyard project under
       cPython version 3.5.
     parent: airship-shipyard-tox-base
-    nodeset: openstack-helm-single-node
+    nodeset: airship-shipyard-single-node
     vars:
       tox_envlist: py35
 
@@ -100,10 +108,17 @@
       Run pep8 tests for the Airship Shipyard project under
       cPython version 3.5.
     parent: airship-shipyard-tox-base
-    nodeset: openstack-helm-single-node
+    nodeset: airship-shipyard-single-node
     vars:
       tox_envlist: pep8
 
+- job:
+    name: airship-shipyard-security-bandit
+    description: |
+      Run bandit code scans for the Airship Shipyard project
+    run: tools/gate/playbooks/security-bandit.yaml
+    nodeset: airship-shipyard-single-node
+
 - job:
     name: airship-shipyard-image-base
     description: |
@@ -127,4 +142,4 @@
     description: |
       Run shipyard-image build.
     parent: airship-shipyard-image-base
-    nodeset: openstack-helm-single-node
+    nodeset: airship-shipyard-single-node
diff --git a/Makefile b/Makefile
index 50103758..21016bb2 100644
--- a/Makefile
+++ b/Makefile
@@ -57,6 +57,10 @@ dry-run: clean
 .PHONY: docs
 docs: clean build_docs
 
+.PHONY: security
+security:
+	cd $(BUILD_CTX)/shipyard_airflow; tox -e bandit
+	cd $(BUILD_CTX)/shipyard_client; tox -e bandit
 
 .PHONY: tests
 tests:
diff --git a/tools/gate/playbooks/security-bandit.yaml b/tools/gate/playbooks/security-bandit.yaml
new file mode 100644
index 00000000..927ea05f
--- /dev/null
+++ b/tools/gate/playbooks/security-bandit.yaml
@@ -0,0 +1,20 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- hosts: primary
+  tasks:
+    - name: Execute the make target for security scanning
+      make:
+        chdir: "{{ zuul.project.src_dir }}"
+        target: security
+      register: result
+      failed_when: result.failed