diff --git a/test-requirements.txt b/test-requirements.txt
index 4fbc26156a..262eaade78 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -1,7 +1,7 @@
 # Hacking already pins down pep8, pyflakes and flake8
 hacking>=6.1.0,<6.2.0 # Apache-2.0
 
-bandit>=1.1.0 # Apache-2.0
+bandit>=1.8.1 # Apache-2.0
 coverage>=4.0 # Apache-2.0
 ddt>=1.4.1 # MIT
 fixtures>=3.0.0 # Apache-2.0/BSD
diff --git a/tox.ini b/tox.ini
index ff3a47fcbd..2a266ab8ec 100644
--- a/tox.ini
+++ b/tox.ini
@@ -33,12 +33,11 @@ commands =
     # B310: Audit url open for permitted schemes
     # B311: Standard pseudo-random generators are not suitable for security/cryptographic purposes
     # B404: Import of subprocess module
-    # B410: Import of lxml module
     # B504: Test for SSL use with no version specified
     # B506: Test for use of yaml load
     # B603: Test for use of subprocess with shell equals true
     # B607: Test for starting a process with a partial path
-    bandit -r heat -x tests --skip B101,B104,B107,B110,B310,B311,B404,B410,B504,B506,B603,B607
+    bandit -r heat -x tests --skip B101,B104,B107,B110,B310,B311,B404,B504,B506,B603,B607
     doc8 {posargs}
 
 [testenv:venv]