diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
new file mode 100644
index 0000000000..723347913a
--- /dev/null
+++ b/.github/workflows/pre-commit.yml
@@ -0,0 +1,14 @@
+name: pre-commit
+
+on:
+  pull_request:
+  push:
+    branches: [master]
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: actions/setup-python@v2
+    - uses: pre-commit/action@v2.0.0
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000000..51a095222b
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,9 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+repos:
+-   repo: https://github.com/PyCQA/bandit
+    rev: '1.7.0'
+    hooks:
+    -   id: bandit
+        pass_filenames: false
+        args: ["-r", "dpctl", "-lll"]
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 74a47f54fa..60d97c39ac 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -15,7 +15,6 @@ Run before each commit: `clang-format -style=file -i dpctl-capi/include/*.h dpct
 
 ### Python code style
 
-
 We use [black](https://black.readthedocs.io/en/stable/) code formatter.
 
 - Revision: `20.8b1` or branch `stable`.
@@ -88,6 +87,18 @@ Every Python and Cython file should only include the following license header:
 ```
 The copyright year should be updated every calendar year.
 
+## Security
+
+### Bandit
+
+We use [Bandit](https://github.com/PyCQA/bandit) to find common security issues in Python code.
+
+Install: `pip install bandit`
+
+- Revision: `1.7.0`
+
+Run before each commit: `bandit -r dpctl -lll`
+
 ## Code Coverage
 
 Implement python, cython and c++ file coverage using `coverage` and `llvm-cov` packages on Linux.