diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 995a8508..be4fee92 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -12,4 +12,13 @@
     rev: stable
     hooks:
     - id: black
-      language_version: python3.7
\ No newline at end of file
+      language_version: python3.7
+
+-   repo: local
+    hooks:
+    -   id: python-bandit-vulnerability-check
+        name: bandit
+        entry: bandit
+        args: ['--ini', 'tox.ini', '-r', 'consoleme']
+        language: system
+        pass_filenames: false
\ No newline at end of file
diff --git a/requirements-docs.txt b/requirements-docs.txt
index bf60d82f..71da2a48 100644
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@@ -82,7 +82,7 @@ pyyaml==5.1
 raven[flask]==6.10.0
 redis==3.2.1
 requests-toolbelt==0.9.1
-requests[security]==2.21.0
+requests[security]==2.22.0
 retrying==1.3.3
 s3transfer==0.2.0
 six==1.12.0
diff --git a/requirements-tests.in b/requirements-tests.in
index d624d4f7..d315cf7a 100644
--- a/requirements-tests.in
+++ b/requirements-tests.in
@@ -1,5 +1,6 @@
 # Run `make up-reqs` to update pinned dependencies in requirement text files
 
+bandit
 black
 coverage
 factory-boy
diff --git a/requirements-tests.txt b/requirements-tests.txt
index 95ceb652..c9850c3c 100644
--- a/requirements-tests.txt
+++ b/requirements-tests.txt
@@ -10,6 +10,7 @@ atomicwrites==1.3.0       # via pytest
 attrs==19.1.0             # via black, pytest
 aws-sam-translator==1.11.0  # via cfn-lint
 aws-xray-sdk==2.4.2       # via moto
+bandit==1.6.0
 black==19.3b0
 boto3==1.9.149            # via aws-sam-translator, moto
 boto==2.49.0              # via moto
@@ -30,6 +31,8 @@ faker==1.0.7
 flask==1.0.2              # via pytest-flask
 freezegun==0.3.11
 future==0.17.1            # via aws-xray-sdk, python-jose
+gitdb2==2.0.5             # via gitpython
+gitpython==2.1.11         # via bandit
 idna==2.8                 # via moto, requests
 itsdangerous==1.1.0       # via flask
 jinja2==2.10.1            # via flask, moto
@@ -44,6 +47,7 @@ mock==3.0.5               # via moto
 more-itertools==7.0.0     # via pytest
 moto==1.3.8
 nose==1.3.7
+pbr==5.2.0                # via stevedore
 pluggy==0.11.0            # via pytest
 py==1.8.0                 # via pytest
 pyasn1==0.4.5             # via rsa
@@ -61,7 +65,9 @@ requests==2.22.0          # via cfn-lint, docker, moto, requests-mock, responses
 responses==0.10.6         # via moto
 rsa==4.0                  # via python-jose
 s3transfer==0.2.0         # via boto3
-six==1.12.0               # via aws-sam-translator, cfn-lint, cryptography, docker, docker-pycreds, faker, freezegun, mock, moto, pytest, python-dateutil, python-jose, requests-mock, responses, websocket-client
+six==1.12.0               # via aws-sam-translator, bandit, cfn-lint, cryptography, docker, docker-pycreds, faker, freezegun, mock, moto, pytest, python-dateutil, python-jose, requests-mock, responses, stevedore, websocket-client
+smmap2==2.0.5             # via gitdb2
+stevedore==1.30.1         # via bandit
 text-unidecode==1.2       # via faker
 toml==0.10.0              # via black
 urllib3==1.24.3           # via botocore, requests
diff --git a/requirements.txt b/requirements.txt
index 66f4fd40..77a0e6f9 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -77,7 +77,7 @@ pyyaml==5.1
 raven[flask]==6.10.0
 redis==3.2.1
 requests-toolbelt==0.9.1  # via acme
-requests[security]==2.21.0
+requests[security]==2.22.0
 retrying==1.3.3
 s3transfer==0.2.0         # via boto3
 six==1.12.0