diff --git a/ca/letsencrypt.go b/ca/letsencrypt.go
index 9c6bb21..06e931b 100644
--- a/ca/letsencrypt.go
+++ b/ca/letsencrypt.go
@@ -130,12 +130,12 @@ func GetLECertificateAndKey(email string, domains []string, httpPort string, tls
 
 	key, cert := letsencryptUser.RequestCertificate()
 
-	err := os.WriteFile("key", key, 0644)
+	err := os.WriteFile("key", key, 0600)
 	if err != nil {
 		logger.Fatalf("error writing file 'key': %+v", err)
 	}
 
-	err = os.WriteFile("cert", cert, 0644)
+	err = os.WriteFile("cert", cert, 0600)
 	if err != nil {
 		logger.Fatalf("error writing file 'cert': %+v", err)
 	}
diff --git a/cli/cli_unix.go b/cli/cli_unix.go
index 1429a36..26b737e 100644
--- a/cli/cli_unix.go
+++ b/cli/cli_unix.go
@@ -12,6 +12,9 @@ import (
 
 func RunCMD(cmd string) (string, error) {
 	cmdArray := strings.Split(cmd, " ")
+	// disable G204 (CWE-78): Subprocess launched with a potential tainted input or cmd arguments
+	// This is intended behaviour
+	// #nosec G204
 	cmdRun := exec.Command(cmdArray[0], cmdArray[1:]...)
 	var stdout, stderr bytes.Buffer
 	cmdRun.Stdout = &stdout
diff --git a/httpserver/filebased.go b/httpserver/filebased.go
index ff34212..b3a4e52 100644
--- a/httpserver/filebased.go
+++ b/httpserver/filebased.go
@@ -10,6 +10,8 @@ import (
 func (fs *FileServer) findSpecialFile(folder string) (configFile, error) {
 	var config configFile
 
+	// disable G304 (CWE-22): Potential file inclusion via variable
+	// #nosec G304
 	file, err := os.Open(folder)
 	if err != nil {
 		return config, err
@@ -24,6 +26,8 @@ func (fs *FileServer) findSpecialFile(folder string) (configFile, error) {
 		if fi.Name() == ".goshs" {
 			openFile := filepath.Join(file.Name(), fi.Name())
 
+			// disable G304 (CWE-22): Potential file inclusion via variable
+			// #nosec G304
 			configFileDisk, err := os.Open(openFile)
 			if err != nil {
 				return config, err
diff --git a/httpserver/handler.go b/httpserver/handler.go
index a04b36b..24e7d1a 100644
--- a/httpserver/handler.go
+++ b/httpserver/handler.go
@@ -120,7 +120,6 @@ func (fs *FileServer) handler(w http.ResponseWriter, req *http.Request) {
 
 	// Check if you are in a dir
 	// disable G304 (CWE-22): Potential file inclusion via variable
-	// as we want a file inclusion here
 	// #nosec G304
 	file, err := os.Open(open)
 	if os.IsNotExist(err) {
@@ -471,7 +470,10 @@ func (fs *FileServer) deleteFile(w http.ResponseWriter, req *http.Request) {
 	fileCleaned, _ := url.QueryUnescape(upath)
 	if strings.Contains(fileCleaned, "..") {
 		w.WriteHeader(500)
-		w.Write([]byte("Cannot delete file"))
+		_, err := w.Write([]byte("Cannot delete file"))
+		if err != nil {
+			logger.Errorf("error writing answer to client: %+v", err)
+		}
 	}
 
 	deletePath := filepath.Join(fs.Webroot, fileCleaned)
diff --git a/httpserver/server.go b/httpserver/server.go
index 63781a3..fa48785 100644
--- a/httpserver/server.go
+++ b/httpserver/server.go
@@ -53,7 +53,11 @@ func (fs *FileServer) Start(what string) {
 	if err != nil {
 		logger.Fatalf("Error binding to listener '%s': %+v", addr, err)
 	}
-	defer listener.Close()
+	defer func() {
+		if err := listener.Close(); err != nil {
+			logger.Errorf("error closing tcp listener: %+v", err)
+		}
+	}()
 
 	// construct server
 	server := http.Server{
diff --git a/httpserver/updown.go b/httpserver/updown.go
index 222b039..bb3defb 100644
--- a/httpserver/updown.go
+++ b/httpserver/updown.go
@@ -61,7 +61,6 @@ func (fs *FileServer) upload(w http.ResponseWriter, req *http.Request) {
 
 		// Create file to write to
 		// disable G304 (CWE-22): Potential file inclusion via variable
-		// as we want a file inclusion here
 		// #nosec G304
 		if _, err := os.Create(savepath); err != nil {
 			logger.Errorf("Not able to create file on disk")
@@ -71,11 +70,17 @@ func (fs *FileServer) upload(w http.ResponseWriter, req *http.Request) {
 		// Write file to disk 16MB at a time
 		buffer := make([]byte, 1<<24)
 
+		// disable G304 (CWE-22): Potential file inclusion via variable
+		// #nosec G304
 		osFile, err := os.OpenFile(savepath, os.O_WRONLY|os.O_CREATE, os.ModePerm)
 		if err != nil {
 			logger.Warnf("Error opening file: %+v", err)
 		}
-		defer osFile.Close()
+		defer func() {
+			if err := osFile.Close(); err != nil {
+				logger.Errorf("error closing file: %+v", err)
+			}
+		}()
 
 		for {
 			// Read file from post body
@@ -155,7 +160,6 @@ func (fs *FileServer) bulkDownload(w http.ResponseWriter, req *http.Request) {
 		}
 
 		// disable G304 (CWE-22): Potential file inclusion via variable
-		// as we want a file inclusion here
 		// #nosec G304
 		file, err := os.Open(filepath)
 		if err != nil {