diff --git a/cmd/server/handler.go b/cmd/server/handler.go
index 2280438924b..8fcfbacf5e6 100644
--- a/cmd/server/handler.go
+++ b/cmd/server/handler.go
@@ -301,6 +301,7 @@ func serve(d driver.Driver, cmd *cobra.Command, wg *sync.WaitGroup, handler http
 	var srv = graceful.WithDefaults(&http.Server{
 		Addr:    address,
 		Handler: handler,
+		// #nosec G402 - This is a false positive because we use graceful.WithDefaults which sets the correct TLS settings.
 		TLSConfig: &tls.Config{
 			Certificates: cert,
 		},
diff --git a/cmd/token_user.go b/cmd/token_user.go
index 0382410b408..6002477f420 100644
--- a/cmd/token_user.go
+++ b/cmd/token_user.go
@@ -33,6 +33,8 @@ import (
 	"strings"
 	"time"
 
+	"github.com/ory/graceful"
+
 	"github.com/ory/hydra/cmd/cli"
 
 	"github.com/julienschmidt/httprouter"
@@ -173,10 +175,11 @@ and success.`,
 			cmdx.Must(err, "Unable to generate RSA key pair: %s", err)
 			cert, err := tlsx.CreateSelfSignedTLSCertificate(key)
 			cmdx.Must(err, "Unable to generate self-signed TLS Certificate: %s", err)
+			// #nosec G402 - This is a false positive because we use graceful.WithDefaults which sets the correct TLS settings.
 			tlsc = &tls.Config{Certificates: []tls.Certificate{*cert}}
 		}
 
-		server := &http.Server{Addr: fmt.Sprintf(":%d", port), Handler: r, TLSConfig: tlsc}
+		server := graceful.WithDefaults(&http.Server{Addr: fmt.Sprintf(":%d", port), Handler: r, TLSConfig: tlsc})
 		var shutdown = func() {
 			time.Sleep(time.Second * 1)
 			ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
diff --git a/consent/manager_memory.go b/consent/manager_memory.go
index 8ed57a34af2..f68486a839b 100644
--- a/consent/manager_memory.go
+++ b/consent/manager_memory.go
@@ -194,10 +194,12 @@ func (m *MemoryManager) HandleConsentRequest(ctx context.Context, challenge stri
 
 func (m *MemoryManager) VerifyAndInvalidateConsentRequest(ctx context.Context, verifier string) (*HandledConsentRequest, error) {
 	m.m["consentRequests"].RLock()
-	for _, c := range m.consentRequests {
+	for k := range m.consentRequests {
+		c := m.consentRequests[k]
 		if c.Verifier == verifier {
 			m.m["handledConsentRequests"].RLock()
-			for _, h := range m.handledConsentRequests {
+			for kk := range m.handledConsentRequests {
+				h := m.handledConsentRequests[kk]
 				if h.Challenge == c.Challenge {
 					m.m["consentRequests"].RUnlock()
 					m.m["handledConsentRequests"].RUnlock()
@@ -433,10 +435,12 @@ func (m *MemoryManager) HandleLoginRequest(ctx context.Context, challenge string
 
 func (m *MemoryManager) VerifyAndInvalidateLoginRequest(ctx context.Context, verifier string) (*HandledLoginRequest, error) {
 	m.m["authRequests"].RLock()
-	for _, c := range m.authRequests {
+	for k := range m.authRequests {
+		c := m.authRequests[k]
 		if c.Verifier == verifier {
 			m.m["handledAuthRequests"].RLock()
-			for _, h := range m.handledAuthRequests {
+			for kk := range m.handledAuthRequests {
+				h := m.handledAuthRequests[kk]
 				if h.Challenge == c.Challenge {
 					m.m["handledAuthRequests"].RUnlock()
 					m.m["authRequests"].RUnlock()
@@ -547,7 +551,8 @@ func (m *MemoryManager) RejectLogoutRequest(ctx context.Context, challenge strin
 
 func (m *MemoryManager) VerifyAndInvalidateLogoutRequest(ctx context.Context, verifier string) (*LogoutRequest, error) {
 	m.m["logoutRequests"].RLock()
-	for _, c := range m.logoutRequests {
+	for k := range m.logoutRequests {
+		c := m.logoutRequests[k]
 		if c.Verifier == verifier {
 			m.m["logoutRequests"].RUnlock()
 
diff --git a/internal/fosite_store.go b/internal/fosite_store.go
index 114923f226b..2d98ab4a463 100644
--- a/internal/fosite_store.go
+++ b/internal/fosite_store.go
@@ -26,6 +26,7 @@ func AddFositeExamples(r driver.Registry) {
 			Scope:         "fosite,openid,photos,offline",
 		},
 	} {
+		// #nosec G601
 		if err := r.ClientManager().CreateClient(context.Background(), &c); err != nil {
 			panic(err)
 		}
diff --git a/jwk/manager_memory.go b/jwk/manager_memory.go
index 043d7098e8e..dd89d0c4f5e 100644
--- a/jwk/manager_memory.go
+++ b/jwk/manager_memory.go
@@ -68,7 +68,8 @@ func (m *MemoryManager) AddKey(ctx context.Context, set string, key *jose.JSONWe
 }
 
 func (m *MemoryManager) AddKeySet(ctx context.Context, set string, keys *jose.JSONWebKeySet) error {
-	for _, key := range keys.Keys {
+	for k := range keys.Keys {
+		key := keys.Keys[k]
 		if err := m.AddKey(ctx, set, &key); err != nil {
 			return err
 		}