diff --git a/.github/workflows/lint_python.yml b/.github/workflows/lint_python.yml
index 7d28553..8601c62 100644
--- a/.github/workflows/lint_python.yml
+++ b/.github/workflows/lint_python.yml
@@ -11,9 +11,8 @@ jobs:
           cache-dependency-path: .github/workflows/lint_python.yml
       - run: pip install --upgrade pip wheel
         # TODO: remove setuptools installation when safety==2.4.0 is released
-      - run: pip install --upgrade bandit codespell
+      - run: pip install --upgrade codespell
                          mypy safety setuptools
-      - run: bandit --recursive --skip B101,B404,B603 .
       - run: codespell --ignore-words-list="commitish"
       - run: pip install --editable .
       - run: mypy --ignore-missing-imports --install-types --non-interactive .
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 9f21d4d..40e2f5d 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -16,6 +16,12 @@ repos:
       - id: isort
         args: [--add-import=from __future__ import annotations]
 
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1.7.5
+    hooks:
+    - id: bandit
+      args: ["--skip=B101,B404,B603"]
+
   - repo: https://github.com/PyCQA/flake8
     rev: 6.1.0
     hooks: