diff --git a/.github/workflows/bandit-code-scan.yml b/.github/workflows/bandit-code-scan.yml
deleted file mode 100644
index 76a5c6a..0000000
--- a/.github/workflows/bandit-code-scan.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-name: "Bandit Code Scan"
-
-on:
-  push:
-    branches: [ main ]
-  pull_request:
-    branches: [ main ]
-  # Allow manual triggering
-  workflow_dispatch:
-
-jobs:
-  analyze:
-    runs-on: ubuntu-latest
-    permissions:
-      security-events: write
-    steps:
-      - name: Perform Bandit Analysis
-        uses: PyCQA/bandit-action@v1
-        with:
-          configfile: ${{github.workspace}}/pyproject.toml
diff --git a/.github/workflows/test-code.yml b/.github/workflows/test-code.yml
index 10b7f21..9798fbf 100644
--- a/.github/workflows/test-code.yml
+++ b/.github/workflows/test-code.yml
@@ -44,5 +44,7 @@ jobs:
         uses: paambaati/codeclimate-action@v9.0.0
         env:
           CC_TEST_REPORTER_ID: ${{secrets.CC_TEST_REPORTER_ID}}
-        with:
-          debug: true
+
+      - name: "Bandit Code Scan"
+        if: always()
+        run: poetry run bandit -c pyproject.toml -r -l .
diff --git a/pyproject.toml b/pyproject.toml
index 439aba7..7d680ed 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -35,7 +35,7 @@ indent-style = "space"
 skip-magic-trailing-comma = false
 
 [tool.mypy]
-python_version = "3.12.3"
+python_version = "3.12"
 plugins = ['pydantic.mypy']
 strict = true
 ignore_missing_imports = true
@@ -78,7 +78,6 @@ bandit = {version = "1.8.*", extras = ["toml"]}
 
 [tool.bandit]
 exclude_dirs = ["tests"]
-skips = ["B101"]  # https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
 
 [build-system]
 requires = ["poetry-core"]