diff --git a/oauth_example/as/as.py b/oauth_example/as/as.py
index 006bddd03..05cf1a65f 100755
--- a/oauth_example/as/as.py
+++ b/oauth_example/as/as.py
@@ -191,7 +191,7 @@ def application(self, environ, start_response):
 
 if __name__ == "__main__":
     import argparse
-    import shelve
+    import shelve  # nosec
     import importlib
 
     from cherrypy import wsgiserver
@@ -213,7 +213,7 @@ def application(self, environ, start_response):
     args = parser.parse_args()
 
     # Client data base
-    cdb = shelve.open("client_db", writeback=True)
+    cdb = shelve.open("client_db", writeback=True)  # nosec
 
     # Load the configuration file, which must be a python file
     # The default; first look for it in the directory from where this program
diff --git a/oidc_example/op1/oc_server.py b/oidc_example/op1/oc_server.py
index 464cacbcb..67462189d 100755
--- a/oidc_example/op1/oc_server.py
+++ b/oidc_example/op1/oc_server.py
@@ -479,7 +479,7 @@ def new_trace_log(self, key):
 
 if __name__ == '__main__':
     import argparse
-    import shelve
+    import shelve  # nosec
     import importlib
 
     from cherrypy import wsgiserver
@@ -502,7 +502,7 @@ def new_trace_log(self, key):
     args = parser.parse_args()
 
     # Client data base
-    cdb = shelve.open("client_db", writeback=True)
+    cdb = shelve.open("client_db", writeback=True)  # nosec
 
     sys.path.insert(0, ".")
     config = importlib.import_module(args.config)
diff --git a/src/oic/utils/client_management.py b/src/oic/utils/client_management.py
index a3a51250c..497677609 100755
--- a/src/oic/utils/client_management.py
+++ b/src/oic/utils/client_management.py
@@ -3,7 +3,7 @@
 import copy
 import json
 import os
-import shelve
+import shelve  # nosec
 import sys
 from builtins import input
 from typing import Any
@@ -49,7 +49,7 @@ class CDB(BaseClientDatabase):
     """Implementation of ClientDatabase with shelve."""
 
     def __init__(self, filename):
-        self.cdb = shelve.open(filename, writeback=True)
+        self.cdb = shelve.open(filename, writeback=True)  # nosec
         self.seed = rndstr(32).encode("utf-8")
 
     def __getitem__(self, item):
diff --git a/src/oic/utils/shelve_wrapper.py b/src/oic/utils/shelve_wrapper.py
index f94fbee20..98f4fba96 100644
--- a/src/oic/utils/shelve_wrapper.py
+++ b/src/oic/utils/shelve_wrapper.py
@@ -1,4 +1,4 @@
-import shelve
+import shelve  # nosec
 
 __author__ = "danielevertsson"
 
@@ -39,7 +39,7 @@ def __delitem__(self, key):
         db.__delitem__(key)
 
     def _reopen_database(self):
-        return shelve.open(self.filename, writeback=True)
+        return shelve.open(self.filename, writeback=True)  # nosec
 
 
 def open(filename):
diff --git a/tox.ini b/tox.ini
index 16e22e5dc..d775dcb16 100644
--- a/tox.ini
+++ b/tox.ini
@@ -28,7 +28,7 @@ commands =
     mypy --config-file mypy.ini src/ tests/
     black src/ tests/ --check -t py36
     python3 setup.py --quiet sdist
-#   bandit -a file -r src/ oauth_example/ oidc_example/
+    bandit -a file -r src/ oauth_example/ oidc_example/
     twine check dist/*
 
 [pep8]