diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 71ccb46..e0078f8 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -21,3 +21,9 @@ repos:
     - id: mypy
       additional_dependencies: [types-PyYAML==6.0.12.1]
       exclude: tests
+
+- repo: https://github.com/PyCQA/bandit
+  rev: 1.7.4
+  hooks:
+    - id: bandit
+      exclude: tests
\ No newline at end of file
diff --git a/.travis.yml b/.travis.yml
index b750d54..fc8b9d4 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -8,6 +8,7 @@ script:
   - flake8 app_properties/
   - black --line-length 79 --check app_properties/
   - mypy app_properties/
+  - bandit app_properties/ -r
   - coverage run --source=app_properties -m pytest && coveralls
   - coverage report --fail-under=80
 
@@ -15,5 +16,6 @@ deploy:
   provider: pypi
   username: "__token__"
   password: $PYPI_API_TOKEN
+  skip_existing: true
   on:
     tags: true
diff --git a/README.md b/README.md
index fba84c5..a207dd6 100644
--- a/README.md
+++ b/README.md
@@ -7,6 +7,7 @@
 [![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)
 [![Checked with mypy](http://www.mypy-lang.org/static/mypy_badge.svg)](http://mypy-lang.org/)
 [![Imports: isort](https://img.shields.io/badge/%20imports-isort-%231674b1?style=flat&labelColor=ef8336)](https://pycqa.github.io/isort/)
+[![security: bandit](https://img.shields.io/badge/security-bandit-yellow.svg)](https://github.com/PyCQA/bandit)
 
 
 ## What is this
diff --git a/app_properties/config_handler.py b/app_properties/config_handler.py
index 4f33987..9c65338 100644
--- a/app_properties/config_handler.py
+++ b/app_properties/config_handler.py
@@ -51,7 +51,8 @@ def _get_config_file(self) -> pathlib.Path:
         return file
 
     def _get_yaml_config(self, text_content: str) -> dict:
-        return yaml.load(text_content, yaml.CSafeLoader)
+        # equivalent of yaml.safe_load() but faster
+        return yaml.load(text_content, yaml.CSafeLoader)  # nosec
 
     def _get_json_config(self, text_content: str) -> dict:
         return json.loads(text_content)
diff --git a/requirements.txt b/requirements.txt
index 79b059f..55f152c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,4 +1,5 @@
 attrs==22.1.0
+bandit==1.7.4
 black==22.10.0
 bleach==5.0.1
 build==0.9.0
@@ -14,6 +15,8 @@ docutils==0.19
 exceptiongroup==1.0.0
 filelock==3.8.0
 flake8==5.0.4
+gitdb==4.0.10
+GitPython==3.1.29
 identify==2.5.8
 idna==3.4
 importlib-metadata==5.0.0
@@ -27,6 +30,7 @@ mypy-extensions==0.4.3
 nodeenv==1.7.0
 packaging==21.3
 pathspec==0.10.2
+pbr==5.11.0
 pep517==0.13.0
 pkginfo==1.8.3
 platformdirs==2.5.2
@@ -45,6 +49,8 @@ requests-toolbelt==0.10.1
 rfc3986==2.0.0
 rich==12.6.0
 six==1.16.0
+smmap==5.0.0
+stevedore==4.1.1
 toml==0.10.2
 tomli==2.0.1
 twine==4.0.1