diff --git a/bandit/cli/baseline.py b/bandit/cli/baseline.py
index b9bce8916..0d65185b3 100644
--- a/bandit/cli/baseline.py
+++ b/bandit/cli/baseline.py
@@ -15,7 +15,7 @@
 import logging
 import os
 import shutil
-import subprocess
+import subprocess  # nosec: B404
 import sys
 import tempfile
 
@@ -101,7 +101,7 @@ def main():
             bandit_command = ["bandit"] + step["args"]
 
             try:
-                output = subprocess.check_output(bandit_command)
+                output = subprocess.check_output(bandit_command)  # nosec: B603
             except subprocess.CalledProcessError as e:
                 output = e.output
                 return_code = e.returncode
diff --git a/bandit/core/utils.py b/bandit/core/utils.py
index 32d9d4965..7fb775305 100644
--- a/bandit/core/utils.py
+++ b/bandit/core/utils.py
@@ -62,7 +62,6 @@ def get_func_name(node):
 
 
 def get_qual_attr(node, aliases):
-    prefix = ""
     if isinstance(node, ast.Attribute):
         try:
             val = deepgetattr(node, "value.id")
@@ -73,7 +72,7 @@ def get_qual_attr(node, aliases):
         except Exception:
             # NOTE(tkelsey): degrade gracefully when we can't get the fully
             # qualified name for an attr, just return its base name.
-            pass
+            prefix = ""
 
         return f"{prefix}.{node.attr}"
     else:
diff --git a/bandit/formatters/xml.py b/bandit/formatters/xml.py
index 36352f046..6e196d92f 100644
--- a/bandit/formatters/xml.py
+++ b/bandit/formatters/xml.py
@@ -35,7 +35,7 @@
 """
 import logging
 import sys
-from xml.etree import ElementTree as ET
+from xml.etree import ElementTree as ET  # nosec: B405
 
 from bandit.core import docs_utils
 
diff --git a/bandit/plugins/general_bind_all_interfaces.py b/bandit/plugins/general_bind_all_interfaces.py
index 4659167af..58b840e86 100644
--- a/bandit/plugins/general_bind_all_interfaces.py
+++ b/bandit/plugins/general_bind_all_interfaces.py
@@ -43,7 +43,7 @@
 @test.checks("Str")
 @test.test_id("B104")
 def hardcoded_bind_all_interfaces(context):
-    if context.string_val == "0.0.0.0":
+    if context.string_val == "0.0.0.0":  # nosec: B104
         return bandit.Issue(
             severity=bandit.MEDIUM,
             confidence=bandit.MEDIUM,
diff --git a/bandit/plugins/general_hardcoded_tmp.py b/bandit/plugins/general_hardcoded_tmp.py
index 53f8cd137..2855c9c6d 100644
--- a/bandit/plugins/general_hardcoded_tmp.py
+++ b/bandit/plugins/general_hardcoded_tmp.py
@@ -59,7 +59,7 @@
 
 def gen_config(name):
     if name == "hardcoded_tmp_directory":
-        return {"tmp_dirs": ["/tmp", "/var/tmp", "/dev/shm"]}
+        return {"tmp_dirs": ["/tmp", "/var/tmp", "/dev/shm"]}  # nosec: B108
 
 
 @test.takes_config
@@ -69,7 +69,7 @@ def hardcoded_tmp_directory(context, config):
     if config is not None and "tmp_dirs" in config:
         tmp_dirs = config["tmp_dirs"]
     else:
-        tmp_dirs = ["/tmp", "/var/tmp", "/dev/shm"]
+        tmp_dirs = ["/tmp", "/var/tmp", "/dev/shm"]  # nosec: B108
 
     if any(context.string_val.startswith(s) for s in tmp_dirs):
         return bandit.Issue(