diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index ab98cceb8..598569460 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -31,6 +31,10 @@ coverage:
     - coverage run manage.py test
     - coverage report
   stage: test
+bandit:
+  script:
+    - bandit -r passbook
+  stage: test
 
 # package-3.5:
 #   before_script:
diff --git a/passbook/oauth_client/clients.py b/passbook/oauth_client/clients.py
index c1aee0a2f..06b109664 100644
--- a/passbook/oauth_client/clients.py
+++ b/passbook/oauth_client/clients.py
@@ -19,7 +19,7 @@ class BaseOAuthClient:
 
     _session = None
 
-    def __init__(self, source, token=''):
+    def __init__(self, source, token=''): # nosec
         self.source = source
         self.token = token
         self._session = Session()
@@ -238,7 +238,7 @@ class OAuth2Client(BaseOAuthClient):
         return 'oauth-client-{0}-request-state'.format(self.source.name)
 
 
-def get_client(source, token=''):
+def get_client(source, token=''): # nosec
     "Return the API client for the given source."
     cls = OAuth2Client
     if source.request_token_url:
diff --git a/passbook/oauth_client/views/core.py b/passbook/oauth_client/views/core.py
index 0de069cae..6b607766b 100644
--- a/passbook/oauth_client/views/core.py
+++ b/passbook/oauth_client/views/core.py
@@ -152,18 +152,7 @@ class OAuthCallback(OAuthClientMixin, View):
     # pylint: disable=unused-argument
     def get_or_create_user(self, source, access, info):
         "Create a shell auth.User."
-        digest = hashlib.sha1(smart_bytes(access)).digest()
-        # Base 64 encode to get below 30 characters
-        # Removed padding characters
-        username = force_text(base64.urlsafe_b64encode(digest)).replace('=', '')
-        # pylint: disable=invalid-name
-        User = get_user_model() # noqa
-        kwargs = {
-            User.USERNAME_FIELD: username,
-            'email': '',
-            'password': None
-        }
-        return User.objects.create_user(**kwargs)
+        raise NotImplementedError()
 
     # pylint: disable=unused-argument
     def get_user_id(self, source, info):
diff --git a/requirements-dev.txt b/requirements-dev.txt
index 580118189..a7653434d 100644
--- a/requirements-dev.txt
+++ b/requirements-dev.txt
@@ -9,4 +9,5 @@ django-debug-toolbar
 pycodestyle<2.4.0,>=2.0.0
 bumpversion
 unittest-xml-reporting
-autopep8
\ No newline at end of file
+autopep8
+bandit
\ No newline at end of file