diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index e286cac14..cf5ffa949 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -31,3 +31,10 @@ repos:
     - id: ruff
       args: ["--fix"]
     - id: ruff-format
+
+- repo: https://github.com/PyCQA/bandit
+  rev: 1.7.5
+  hooks:
+    - id: bandit
+      args: ["-c", "pyproject.toml"]
+      additional_dependencies: ["bandit[toml]"]
diff --git a/pyproject.toml b/pyproject.toml
index 7168ce445..9c8d99b84 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -166,36 +166,23 @@ report = { exclude_lines = [
 [tool.bandit]
 skips = ["B101", "B307", "B404", "B603"]
 
-[tool.isort]
-profile = "black"
-filter_files = true
-line_length = 88
-
-[tool.black]
-line-length = 88
-force-exclude = '''
-^/(
-  (
-      \.eggs
-    | \.git
-    | \.pytest_cache
-    | \.tox
-  )/
-)
-'''
-
 [tool.ruff]
 line-length = 88
 exclude = [
-    'jdocs',
-    '.tox',
     '.eggs',
+    '.git',
+    '.pytest_cache',
+    '.tox',
+    'jdocs',
     'build',
 ]
 ignore = [
     'E741', # ambiguous variable name
 ]
 extend-select = ['NPY']
+extend-include = ["*.ipynb"]
+
+[tool.ruff.lint.isort]
 
 [tool.ruff.extend-per-file-ignores]
 "romancal/associations/__init__.py" = ["E402"]