diff --git a/.github/workflows/bandit.yml b/.github/workflows/bandit.yml
index 43068ef..2b803c6 100644
--- a/.github/workflows/bandit.yml
+++ b/.github/workflows/bandit.yml
@@ -38,13 +38,13 @@ jobs:
           # Github token of the repository (automatically created by Github)
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information.
           # File or directory to run bandit on
-          # path: # optional, default is .
-          # Report only issues of a given severity level or higher. Can be LOW, MEDIUM, or HIGH. Default is UNDEFINED (everything)
-          # level: # optional, default is UNDEFINED
-          # Report only issues of a given confidence level or higher. Can be LOW, MEDIUM, or HIGH. Default is UNDEFINED (everything)
-          # confidence: # optional, default is UNDEFINED
+          path: ./src/dataanalysistoolkit # optional, default is .
+          # Report only issues of a given severity level or higher. Can be LOW, MEDIUM, or HIGH. Optional default is UNDEFINED (everything)
+          level: MEDIUM
+          # Report only issues of a given confidence level or higher. Can be LOW, MEDIUM, or HIGH. Optional default is UNDEFINED (everything)
+          confidence: LOW
           # comma-separated list of paths (glob patterns supported) to exclude from scan (note that these are in addition to the excluded paths provided in the config file) (default: .svn,CVS,.bzr,.hg,.git,__pycache__,.tox,.eggs,*.egg)
-          # excluded_paths: # optional, default is DEFAULT
+          excluded_paths: tests/ # optional, default is DEFAULT
           # comma-separated list of test IDs to skip
           # skips: # optional, default is DEFAULT
           # path to a .bandit file that supplies command line arguments