diff --git a/.travis.yml b/.travis.yml
index b1f9830..8442942 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -20,7 +20,7 @@ before_script:
   - find . -name "*.py" -exec python3 -m py_compile '{}' \;
   - find . -name "*.py" -exec pylint '{}' + || if [ $? -eq 1 ]; then echo "you fail"; fi
   - find . -name "*.py" -exec python3 -m mccabe --min 3 '{}' + || if [ $? -eq 1 ]; then echo "you fail"; fi
-  - bandit -r .
+  - bandit -r --ini bandit.ini
 
 script:
   - docker build -t="registry.kmlabz.com/unstablevortex/webshop:$TRAVIS_BUILD_NUMBER" . && docker push "registry.kmlabz.com/unstablevortex/webshop:$TRAVIS_BUILD_NUMBER"
diff --git a/bandit.ini b/bandit.ini
new file mode 100644
index 0000000..efb26cf
--- /dev/null
+++ b/bandit.ini
@@ -0,0 +1,4 @@
+[bandit]
+exclude = src/tests/
+recursive = true
+targets = src/
\ No newline at end of file
diff --git a/requirements-dev.txt b/requirements-dev.txt
index 55b033e..81da515 100644
--- a/requirements-dev.txt
+++ b/requirements-dev.txt
@@ -1 +1,2 @@
-pytest
\ No newline at end of file
+pytest
+bandit
diff --git a/src/tests/test_access_allowed.py b/src/tests/test_access_allowed.py
index 56d812a..357a8f4 100644
--- a/src/tests/test_access_allowed.py
+++ b/src/tests/test_access_allowed.py
@@ -15,4 +15,6 @@ def test_login_required(client):
 
     r = client.get('/content/caff/1')
 
-    assert r.status_code == 302
\ No newline at end of file
+    assert r.status_code == 302
+
+    # TODO Test eache endpoint with an anonymus, registered and admin user
\ No newline at end of file
diff --git a/src/utils/config.py b/src/utils/config.py
index fdd7f86..0aa6d62 100644
--- a/src/utils/config.py
+++ b/src/utils/config.py
@@ -46,6 +46,6 @@ class Config:
     # Some constant configured stuff configs
     SQLALCHEMY_TRACK_MODIFICATIONS = False
     SECURITY_REGISTERABLE = True
-    SECURITY_PASSWORD_HASH = "bcrypt"
+    SECURITY_PASSWORD_HASH = "bcrypt"  # nosec - THIS IS NOT A PASSWORD YOU STUPID
     MINIO_PREVIEW_BUCKET_NAME = "previews"
     MINIO_CAFF_BUCKET_NAME = "caff"