diff --git a/.golangci.yml b/.golangci.yml
index 287031352d9..6df18105dde 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -13,6 +13,7 @@ linters:
     - errcheck
     - gofmt
     - goimports
+    - gosec
     - gosimple
     - govet
     - ineffassign
diff --git a/block/manager.go b/block/manager.go
index 40899fcfae8..ed24f870f9e 100644
--- a/block/manager.go
+++ b/block/manager.go
@@ -482,7 +482,7 @@ func (m *Manager) publishBlock(ctx context.Context) error {
 		block = m.executor.CreateBlock(newHeight, lastCommit, lastHeaderHash, m.lastState)
 		m.logger.Debug("block info", "num_tx", len(block.Data.Txs))
 
-		commit, err := m.getCommit(block.Header)
+		commit, err = m.getCommit(block.Header)
 		if err != nil {
 			return err
 		}
@@ -496,7 +496,6 @@ func (m *Manager) publishBlock(ctx context.Context) error {
 
 	// Apply the block but DONT commit
 	newState, responses, err := m.executor.ApplyBlock(ctx, m.lastState, block)
-
 	if err != nil {
 		return err
 	}
diff --git a/da/mock/mock.go b/da/mock/mock.go
index e3121c7e17b..c9f22a886a7 100644
--- a/da/mock/mock.go
+++ b/da/mock/mock.go
@@ -144,6 +144,6 @@ func getKey(daHeight uint64, height uint64) ds.Key {
 }
 
 func (m *DataAvailabilityLayerClient) updateDAHeight() {
-	blockStep := rand.Uint64()%10 + 1
+	blockStep := rand.Uint64()%10 + 1 //nolint:gosec
 	atomic.AddUint64(&m.daHeight, blockStep)
 }
diff --git a/da/test/da_test.go b/da/test/da_test.go
index d6638d0894d..cc5e6b55e77 100644
--- a/da/test/da_test.go
+++ b/da/test/da_test.go
@@ -165,7 +165,7 @@ func startMockGRPCServ(t *testing.T) *grpc.Server {
 func startMockCelestiaNodeServer(t *testing.T) *cmock.Server {
 	t.Helper()
 	httpSrv := cmock.NewServer(mockDaBlockTime, test.NewLogger(t))
-	l, err := net.Listen("tcp4", ":26658")
+	l, err := net.Listen("tcp4", "127.0.0.1:26658")
 	if err != nil {
 		t.Fatal("failed to create listener for mock celestia-node RPC server", "error", err)
 	}
@@ -209,10 +209,10 @@ func doTestRetrieve(t *testing.T, dalc da.DataAvailabilityLayerClient) {
 	blocks := make(map[*types.Block]uint64)
 
 	for i := uint64(0); i < 100; i++ {
-		b := getRandomBlock(i, rand.Int()%20)
+		b := getRandomBlock(i, rand.Int()%20) //nolint:gosec
 		resp := dalc.SubmitBlock(ctx, b)
 		assert.Equal(da.StatusSuccess, resp.Code, resp.Message)
-		time.Sleep(time.Duration(rand.Int63() % mockDaBlockTime.Milliseconds()))
+		time.Sleep(time.Duration(rand.Int63() % mockDaBlockTime.Milliseconds())) //nolint:gosec
 
 		countAtHeight[resp.DAHeight]++
 		blocks[b] = resp.DAHeight
@@ -270,12 +270,12 @@ func getRandomBlock(height uint64, nTxs int) *types.Block {
 }
 
 func getRandomTx() types.Tx {
-	size := rand.Int()%100 + 100
+	size := rand.Int()%100 + 100 //nolint:gosec
 	return types.Tx(getRandomBytes(size))
 }
 
 func getRandomBytes(n int) []byte {
 	data := make([]byte, n)
-	_, _ = rand.Read(data)
+	_, _ = rand.Read(data) //nolint:gosec
 	return data
 }
diff --git a/mempool/v1/mempool_bench_test.go b/mempool/v1/mempool_bench_test.go
index 196be620d7f..702367250f2 100644
--- a/mempool/v1/mempool_bench_test.go
+++ b/mempool/v1/mempool_bench_test.go
@@ -13,7 +13,7 @@ import (
 
 func BenchmarkTxMempool_CheckTx(b *testing.B) {
 	txmp := setup(b, 10000)
-	rng := rand.New(rand.NewSource(time.Now().UnixNano()))
+	rng := rand.New(rand.NewSource(time.Now().UnixNano())) //nolint:gosec
 
 	b.ResetTimer()
 
diff --git a/mempool/v1/mempool_test.go b/mempool/v1/mempool_test.go
index 1e4ef09ed12..7ba48447f35 100644
--- a/mempool/v1/mempool_test.go
+++ b/mempool/v1/mempool_test.go
@@ -110,7 +110,7 @@ func checkTxs(t *testing.T, txmp *TxMempool, numTxs int, peerID uint16) []testTx
 	txs := make([]testTx, numTxs)
 	txInfo := mempool.TxInfo{SenderID: peerID}
 
-	rng := rand.New(rand.NewSource(time.Now().UnixNano()))
+	rng := rand.New(rand.NewSource(time.Now().UnixNano())) //nolint:gosec
 
 	for i := 0; i < numTxs; i++ {
 		prefix := make([]byte, 20)
@@ -405,7 +405,7 @@ func TestTxMempool_ReapMaxTxs(t *testing.T) {
 func TestTxMempool_CheckTxExceedsMaxSize(t *testing.T) {
 	txmp := setup(t, 0)
 
-	rng := rand.New(rand.NewSource(time.Now().UnixNano()))
+	rng := rand.New(rand.NewSource(time.Now().UnixNano())) //nolint:gosec
 	tx := make([]byte, txmp.config.MaxTxBytes+1)
 	_, err := rng.Read(tx)
 	require.NoError(t, err)
@@ -422,7 +422,7 @@ func TestTxMempool_CheckTxExceedsMaxSize(t *testing.T) {
 func TestTxMempool_CheckTxSamePeer(t *testing.T) {
 	txmp := setup(t, 100)
 	peerID := uint16(1)
-	rng := rand.New(rand.NewSource(time.Now().UnixNano()))
+	rng := rand.New(rand.NewSource(time.Now().UnixNano())) //nolint:gosec
 
 	prefix := make([]byte, 20)
 	_, err := rng.Read(prefix)
@@ -437,7 +437,7 @@ func TestTxMempool_CheckTxSamePeer(t *testing.T) {
 func TestTxMempool_CheckTxSameSender(t *testing.T) {
 	txmp := setup(t, 100)
 	peerID := uint16(1)
-	rng := rand.New(rand.NewSource(time.Now().UnixNano()))
+	rng := rand.New(rand.NewSource(time.Now().UnixNano())) //nolint:gosec
 
 	prefix1 := make([]byte, 20)
 	_, err := rng.Read(prefix1)
@@ -458,7 +458,7 @@ func TestTxMempool_CheckTxSameSender(t *testing.T) {
 
 func TestTxMempool_ConcurrentTxs(t *testing.T) {
 	txmp := setup(t, 100)
-	rng := rand.New(rand.NewSource(time.Now().UnixNano()))
+	rng := rand.New(rand.NewSource(time.Now().UnixNano())) //nolint:gosec
 	checkTxDone := make(chan struct{})
 
 	var wg sync.WaitGroup
@@ -635,7 +635,7 @@ func TestTxMempool_CheckTxPostCheckError(t *testing.T) {
 				return testCase.err
 			}
 			txmp := setup(t, 0, WithPostCheck(postCheckFn))
-			rng := rand.New(rand.NewSource(time.Now().UnixNano()))
+			rng := rand.New(rand.NewSource(time.Now().UnixNano())) //nolint:gosec
 			tx := make([]byte, txmp.config.MaxTxBytes-1)
 			_, err := rng.Read(tx)
 			require.NoError(t, err)
diff --git a/node/full.go b/node/full.go
index 5a6dd0601f4..cb5e0e57742 100644
--- a/node/full.go
+++ b/node/full.go
@@ -84,7 +84,7 @@ type FullNode struct {
 	cancel context.CancelFunc
 }
 
-// NewNode creates new Rollkit node.
+// newFullNode creates a new Rollkit full node.
 func newFullNode(
 	ctx context.Context,
 	conf config.NodeConfig,
@@ -392,7 +392,6 @@ func createAndStartIndexerService(
 	eventBus *tmtypes.EventBus,
 	logger log.Logger,
 ) (*txindex.IndexerService, txindex.TxIndexer, indexer.BlockIndexer, error) {
-
 	var (
 		txIndexer    txindex.TxIndexer
 		blockIndexer indexer.BlockIndexer
diff --git a/node/full_client_test.go b/node/full_client_test.go
index da92c890aee..4d2a09b3787 100644
--- a/node/full_client_test.go
+++ b/node/full_client_test.go
@@ -759,13 +759,13 @@ func getRandomBlockWithProposer(height uint64, nTxs int, proposerAddr []byte) *t
 }
 
 func getRandomTx() types.Tx {
-	size := rand.Int()%100 + 100
+	size := rand.Int()%100 + 100 //nolint:gosec
 	return types.Tx(getRandomBytes(size))
 }
 
 func getRandomBytes(n int) []byte {
 	data := make([]byte, n)
-	_, _ = rand.Read(data)
+	_, _ = crand.Read(data)
 	return data
 }
 
diff --git a/node/full_node_integration_test.go b/node/full_node_integration_test.go
index 1e7f43d6669..4edb46abc23 100644
--- a/node/full_node_integration_test.go
+++ b/node/full_node_integration_test.go
@@ -76,7 +76,7 @@ func TestAggregatorMode(t *testing.T) {
 				return
 			default:
 				node.incomingTxCh <- &p2p.GossipMessage{Data: []byte(time.Now().String()), From: pid}
-				time.Sleep(time.Duration(mrand.Uint32()%20) * time.Millisecond)
+				time.Sleep(time.Duration(mrand.Uint32()%20) * time.Millisecond) //nolint:gosec
 			}
 		}
 	}()
diff --git a/rpc/server.go b/rpc/server.go
index 8e6b2c132b8..a235288f599 100644
--- a/rpc/server.go
+++ b/rpc/server.go
@@ -113,7 +113,10 @@ func (s *Server) startRPC() error {
 
 func (s *Server) serve(listener net.Listener, handler http.Handler) error {
 	s.Logger.Info("serving HTTP", "listen address", listener.Addr())
-	s.server = http.Server{Handler: handler}
+	s.server = http.Server{
+		Handler:           handler,
+		ReadHeaderTimeout: time.Second * 2,
+	}
 	if s.config.TLSCertFile != "" && s.config.TLSKeyFile != "" {
 		return s.server.ServeTLS(listener, s.config.CertFile(), s.config.KeyFile())
 	}
diff --git a/store/store_test.go b/store/store_test.go
index e2d73cd8632..a2902def927 100644
--- a/store/store_test.go
+++ b/store/store_test.go
@@ -224,13 +224,13 @@ func getRandomBlock(height uint64, nTxs int) *types.Block {
 }
 
 func getRandomTx() types.Tx {
-	size := rand.Int()%100 + 100
+	size := rand.Int()%100 + 100 //nolint:gosec
 	return types.Tx(getRandomBytes(size))
 }
 
 func getRandomBytes(n int) []byte {
 	data := make([]byte, n)
-	_, _ = rand.Read(data)
+	_, _ = rand.Read(data) //nolint:gosec
 	return data
 }
 
diff --git a/types/serialization.go b/types/serialization.go
index dbf17451aa1..7206d9f2515 100644
--- a/types/serialization.go
+++ b/types/serialization.go
@@ -289,7 +289,8 @@ func byteSlicesToTxs(bytes [][]byte) Txs {
 func evidenceToProto(evidence EvidenceData) []*abci.Evidence {
 	var ret []*abci.Evidence
 	for _, e := range evidence.Evidence {
-		for _, ae := range e.ABCI() {
+		for i := range e.ABCI() {
+			ae := e.ABCI()[i]
 			ret = append(ret, &ae)
 		}
 	}