diff --git a/murano/common/xmlutils.py b/murano/common/xmlutils.py
index 1231a5902..7e3a78b2d 100644
--- a/murano/common/xmlutils.py
+++ b/murano/common/xmlutils.py
@@ -67,6 +67,7 @@ def safe_minidom_parse_string(xml_string):
 
     """
     try:
-        return minidom.parseString(xml_string, parser=ProtectedExpatParser())
+        return minidom.parseString(  # nosec
+            xml_string, parser=ProtectedExpatParser())  # nosec
     except sax.SAXParseException:
         raise expat.ExpatError()
diff --git a/tox.ini b/tox.ini
index eb9ffeaaf..63a7b88ac 100644
--- a/tox.ini
+++ b/tox.ini
@@ -25,6 +25,7 @@ commands = murano-test-runner {posargs}
 [testenv:pep8]
 commands =
     flake8 {posargs}
+    {[testenv:bandit]commands}
 
 [testenv:bandit]
 commands = bandit -c bandit.yaml -r murano -x tests -n 5 -ll