diff --git a/.travis.yml b/.travis.yml
index a2a0a128..8eff34cc 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -21,6 +21,10 @@ matrix:
       python: 3.6
     - env: TOX_ENV=check
       python: 3.6
+    - env: TOX_ENV=security
+      python: 3.7
+      dist: xenial
+      sudo: true
 install:
   - pip install -U tox
   - pip install codecov
diff --git a/sanic/config.py b/sanic/config.py
index 093e9661..42ea762e 100644
--- a/sanic/config.py
+++ b/sanic/config.py
@@ -80,7 +80,7 @@ class Config(dict):
         module.__file__ = filename
         try:
             with open(filename) as config_file:
-                exec(
+                exec(  # nosec
                     compile(config_file.read(), filename, "exec"),
                     module.__dict__,
                 )
diff --git a/setup.py b/setup.py
index 63413d0e..751f1549 100644
--- a/setup.py
+++ b/setup.py
@@ -112,7 +112,7 @@ if strtobool(os.environ.get("SANIC_NO_UVLOOP", "no")):
 
 extras_require = {
     "test": tests_require,
-    "dev": tests_require + ["aiofiles", "tox", "black", "flake8"],
+    "dev": tests_require + ["aiofiles", "tox", "black", "flake8", "bandit"],
     "docs": [
         "sphinx",
         "sphinx_rtd_theme",
diff --git a/tox.ini b/tox.ini
index 74cc4206..f4933e03 100644
--- a/tox.ini
+++ b/tox.ini
@@ -1,5 +1,5 @@
 [tox]
-envlist = py36, py37, {py36,py37}-no-ext, lint, check
+envlist = py36, py37, {py36,py37}-no-ext, lint, check, security
 
 [testenv]
 usedevelop = True
@@ -31,10 +31,11 @@ deps =
     flake8
     black
     isort
+    bandit
 
 commands =
     flake8 sanic
-    black --config ./.black.toml --check --verbose sanic
+    black --config ./.black.toml --check --verbose sanic/
     isort --check-only --recursive sanic
 
 [testenv:check]
@@ -47,3 +48,10 @@ commands =
 [pytest]
 filterwarnings =
     ignore:.*async with lock.* instead:DeprecationWarning
+
+[testenv:security]
+deps =
+    bandit
+
+commands =
+    bandit --recursive sanic --skip B404,B101 --exclude sanic/reloader_helpers.py
\ No newline at end of file