diff --git a/bundler/bundler.go b/bundler/bundler.go
index b5b2fbc56..733e60cfc 100644
--- a/bundler/bundler.go
+++ b/bundler/bundler.go
@@ -399,10 +399,7 @@ func isSelfSigned(cert *x509.Certificate) bool {
 }
 
 func isChainRootNode(cert *x509.Certificate) bool {
-	if isSelfSigned(cert) {
-		return true
-	}
-	return false
+	return isSelfSigned(cert)
 }
 
 func (b *Bundler) verifyChain(chain []*fetchedIntermediate) bool {
diff --git a/config/config.go b/config/config.go
index f97d64698..438276f69 100644
--- a/config/config.go
+++ b/config/config.go
@@ -19,6 +19,7 @@ import (
 	"github.com/cloudflare/cfssl/helpers"
 	"github.com/cloudflare/cfssl/log"
 	ocspConfig "github.com/cloudflare/cfssl/ocsp/config"
+
 	// empty import of zlint/v3 required to have lints registered.
 	_ "github.com/zmap/zlint/v3"
 	"github.com/zmap/zlint/v3/lint"
@@ -296,7 +297,7 @@ func (p *SigningProfile) populate(cfg *Config) error {
 
 	if p.AuthRemote.AuthKeyName != "" {
 		log.Debug("match auth remote key in profile to auth_keys section")
-		if key, ok := cfg.AuthKeys[p.AuthRemote.AuthKeyName]; ok == true {
+		if key, ok := cfg.AuthKeys[p.AuthRemote.AuthKeyName]; ok {
 			if key.Type == "standard" {
 				p.RemoteProvider, err = auth.New(key.Key, nil)
 				if err != nil {
@@ -441,11 +442,7 @@ func (p *Signing) NeedsRemoteSigner() bool {
 		}
 	}
 
-	if p.Default.RemoteServer != "" {
-		return true
-	}
-
-	return false
+	return p.Default.RemoteServer != ""
 }
 
 // NeedsLocalSigner returns true if one of the profiles doe not have a remote set
@@ -456,11 +453,7 @@ func (p *Signing) NeedsLocalSigner() bool {
 		}
 	}
 
-	if p.Default.RemoteServer == "" {
-		return true
-	}
-
-	return false
+	return p.Default.RemoteServer == ""
 }
 
 // Usages parses the list of key uses in the profile, translating them
@@ -559,7 +552,7 @@ func (p *SigningProfile) hasLocalConfig() bool {
 		p.OCSP != "" ||
 		p.ExpiryString != "" ||
 		p.BackdateString != "" ||
-		p.CAConstraint.IsCA != false ||
+		p.CAConstraint.IsCA ||
 		!p.NotBefore.IsZero() ||
 		!p.NotAfter.IsZero() ||
 		p.NameWhitelistString != "" ||
diff --git a/csr/csr.go b/csr/csr.go
index e8d899285..c88a16c07 100644
--- a/csr/csr.go
+++ b/csr/csr.go
@@ -311,16 +311,11 @@ func getHosts(cert *x509.Certificate) []string {
 	for _, ip := range cert.IPAddresses {
 		hosts = append(hosts, ip.String())
 	}
-	for _, dns := range cert.DNSNames {
-		hosts = append(hosts, dns)
-	}
-	for _, email := range cert.EmailAddresses {
-		hosts = append(hosts, email)
-	}
+	hosts = append(hosts, cert.DNSNames...)
+	hosts = append(hosts, cert.EmailAddresses...)
 	for _, uri := range cert.URIs {
 		hosts = append(hosts, uri.String())
 	}
-
 	return hosts
 }
 
@@ -504,8 +499,6 @@ func appendCAInfoToCSR(reqConf *CAConfig, csr *x509.CertificateRequest) error {
 
 // appendCAInfoToCSR appends user-defined extension to a CSR
 func appendExtensionsToCSR(extensions []pkix.Extension, csr *x509.CertificateRequest) error {
-	for _, extension := range extensions {
-		csr.ExtraExtensions = append(csr.ExtraExtensions, extension)
-	}
+	csr.ExtraExtensions = append(csr.ExtraExtensions, extensions...)
 	return nil
 }
diff --git a/helpers/derhelpers/derhelpers.go b/helpers/derhelpers/derhelpers.go
index 561691be2..8fe25aad5 100644
--- a/helpers/derhelpers/derhelpers.go
+++ b/helpers/derhelpers/derhelpers.go
@@ -34,13 +34,13 @@ func ParsePrivateKeyDER(keyDER []byte) (key crypto.Signer, err error) {
 		}
 	}
 
-	switch generalKey.(type) {
+	switch generalKey := generalKey.(type) {
 	case *rsa.PrivateKey:
-		return generalKey.(*rsa.PrivateKey), nil
+		return generalKey, nil
 	case *ecdsa.PrivateKey:
-		return generalKey.(*ecdsa.PrivateKey), nil
+		return generalKey, nil
 	case ed25519.PrivateKey:
-		return generalKey.(ed25519.PrivateKey), nil
+		return generalKey, nil
 	}
 
 	// should never reach here
diff --git a/helpers/helpers.go b/helpers/helpers.go
index 5ab26bfb1..3b4dfe724 100644
--- a/helpers/helpers.go
+++ b/helpers/helpers.go
@@ -123,10 +123,7 @@ func ValidExpiry(c *x509.Certificate) bool {
 		maxMonths = 120
 	}
 
-	if MonthsValid(c) > maxMonths {
-		return false
-	}
-	return true
+	return MonthsValid(c) <= maxMonths
 }
 
 // SignatureString returns the TLS signature string corresponding to
diff --git a/helpers/testsuite/testing_helpers.go b/helpers/testsuite/testing_helpers.go
index a6f7c6513..a1de2a36e 100644
--- a/helpers/testsuite/testing_helpers.go
+++ b/helpers/testsuite/testing_helpers.go
@@ -352,7 +352,7 @@ func cleanCLIOutput(CLIOutput []byte, item string) (cleanedOutput []byte, err er
 	eligibleSearchIndex := strings.Index(outputString, "{")
 	outputString = outputString[eligibleSearchIndex:]
 	// Make sure the item is present in the output.
-	if strings.Index(outputString, itemString) == -1 {
+	if !strings.Contains(outputString, itemString) {
 		return nil, errors.New("Item " + item + " not found in CLI Output")
 	}
 	// We add 2 for the [:"] that follows the item
diff --git a/initca/initca.go b/initca/initca.go
index 0ba8f715d..54e051260 100644
--- a/initca/initca.go
+++ b/initca/initca.go
@@ -158,7 +158,7 @@ func NewFromSigner(req *csr.CertificateRequest, priv crypto.Signer) (cert, csrPE
 		}
 
 		policy.Default.CAConstraint.MaxPathLen = req.CA.PathLength
-		if req.CA.PathLength != 0 && req.CA.PathLenZero == true {
+		if req.CA.PathLength != 0 && req.CA.PathLenZero {
 			log.Infof("ignore invalid 'pathlenzero' value")
 		} else {
 			policy.Default.CAConstraint.MaxPathLenZero = req.CA.PathLenZero