diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index c890e8df..5725b7e8 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -22,6 +22,15 @@ jobs:
           jupyter: true
           version: "24.3"
 
+  bandit:
+    needs: black
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+    steps:
+      - name: Perform Bandit Analysis
+        uses: PyCQA/bandit-action@v1
+
   test-spec-conda:
     runs-on: ubuntu-latest
     strategy:
diff --git a/pyproject.toml b/pyproject.toml
index 91cd2cbc..a0d9161c 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -53,3 +53,6 @@ exclude = [
 
 [tool.coverage.report]
 exclude_also = ["if TYPE_CHECKING:", "assert_never\\("]
+
+[tool.bandit.assert_used]
+skips = ['./tests/']