diff --git a/templates/gitlab-ci-python.yml b/templates/gitlab-ci-python.yml
index f5bab37172f47321d8522db53b02d20756cf8034..3ea790947f3d2bc32c64c20bf454f15e513cdf10 100644
--- a/templates/gitlab-ci-python.yml
+++ b/templates/gitlab-ci-python.yml
@@ -976,15 +976,15 @@ py-bandit:
     - |
       if [[ "$SONAR_HOST_URL" ]]
       then
-        _run bandit ${TRACE+--verbose} --exit-zero --format csv --output reports/py-bandit.bandit.csv ${BANDIT_ARGS}
+        _run bandit ${TRACE+--verbose} --exit-zero --exclude ./.cache --format csv --output reports/py-bandit.bandit.csv ${BANDIT_ARGS}
       fi
     # JSON (for DefectDojo)
     - |
       if [[ "$DEFECTDOJO_BANDIT_REPORTS" ]]
       then
-        _run bandit ${TRACE+--verbose} --exit-zero --format json --output reports/py-bandit.bandit.json ${BANDIT_ARGS}
+        _run bandit ${TRACE+--verbose} --exit-zero --exclude ./.cache --format json --output reports/py-bandit.bandit.json ${BANDIT_ARGS}
       fi
-    - _run bandit ${TRACE+--verbose} ${BANDIT_ARGS}
+    - _run bandit ${TRACE+--verbose} --exclude ./.cache ${BANDIT_ARGS}
   artifacts:
     when: always
     name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"