From 33a431ef43924ba3103860a6aa7ae443f39a4c24 Mon Sep 17 00:00:00 2001
From: Nicol <idraghic@cisco.com>
Date: Wed, 5 Oct 2022 13:21:14 +0300
Subject: [PATCH] Update go version to 1.19 (#829)

* ci: Update go version to 1.19

Signed-off-by: Nicol Draghici <idraghic@cisco.com>

* ci: Fix lint issues

Signed-off-by: Nicol Draghici <idraghic@cisco.com>

* ci: Added needprivileges to lint, made needprivileges pass lint

Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
Signed-off-by: Nicol Draghici <idraghic@cisco.com>

Signed-off-by: Nicol Draghici <idraghic@cisco.com>
Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
Co-authored-by: Catalin Hofnar <catalin.hofnar@gmail.com>
---
 .github/workflows/benchmark.yaml             |   2 +-
 .github/workflows/branch-cov.yml             |   2 +-
 .github/workflows/ci-cd.yml                  |   3 +-
 .github/workflows/cloc.yml                   |   2 +-
 .github/workflows/cluster.yaml               |   6 +-
 .github/workflows/codeql-analysis.yml        |   2 +-
 .github/workflows/ecosystem-tools.yaml       |   2 +-
 .github/workflows/golangci-lint.yaml         |   6 +-
 .github/workflows/gqlgen.yaml                |   2 +-
 .github/workflows/license.yaml               |   2 +-
 .github/workflows/oci-conformance-action.yml |   4 +-
 .github/workflows/tls.yaml                   |   2 +-
 Dockerfile                                   |   2 +-
 Dockerfile-conformance                       |   2 +-
 Dockerfile-minimal                           |   2 +-
 Dockerfile-zb                                |   2 +-
 Dockerfile-zxp                               |   2 +-
 Makefile                                     |   2 +-
 cmd/zb/helper.go                             |   4 +-
 cmd/zb/main_test.go                          |   2 +-
 cmd/zb/perf.go                               |  18 +--
 examples/metrics/Dockerfile                  |   2 +-
 examples/metrics/Dockerfile-minimal          |   2 +-
 examples/metrics/Dockerfile-zxp              |   2 +-
 go.mod                                       |   2 +-
 golangcilint.yaml                            |   2 +-
 pkg/api/authn.go                             |   2 +-
 pkg/api/authz.go                             |   6 +-
 pkg/api/config/config.go                     |   6 +-
 pkg/api/config/config_elevated_test.go       |   1 -
 pkg/api/controller.go                        |  21 ++--
 pkg/api/controller_test.go                   | 110 +++++++++----------
 pkg/api/errors.go                            |   4 +-
 pkg/api/ldap.go                              |   7 +-
 pkg/api/regexp.go                            |   5 +-
 pkg/api/routes.go                            |  10 +-
 pkg/api/routes_test.go                       |  30 ++---
 pkg/api/session.go                           |   2 +-
 pkg/cli/client.go                            |   4 +-
 pkg/cli/client_elevated_test.go              |   8 +-
 pkg/cli/cve_cmd.go                           |   2 +-
 pkg/cli/cve_cmd_test.go                      |   4 +-
 pkg/cli/extensions_test.go                   |   2 +-
 pkg/cli/image_cmd_test.go                    |   8 +-
 pkg/cli/root.go                              |   4 +-
 pkg/cli/searcher.go                          |   6 +-
 pkg/cli/service.go                           |  18 +--
 pkg/cli/stress_test.go                       |   2 +-
 pkg/compliance/v1_0_0/check.go               |  10 +-
 pkg/compliance/v1_0_0/check_test.go          |   2 +-
 pkg/debug/swagger/swagger.go                 |   2 +-
 pkg/debug/swagger/swagger_disabled.go        |   2 +-
 pkg/exporter/api/exporter.go                 |  18 ++-
 pkg/extensions/extension_search.go           |   2 +-
 pkg/extensions/lint/lint_test.go             |   4 +-
 pkg/extensions/monitoring/extension.go       |  16 +--
 pkg/extensions/monitoring/minimal.go         |   4 +-
 pkg/extensions/monitoring/minimal_client.go  |   2 +-
 pkg/extensions/search/common/common.go       |   9 +-
 pkg/extensions/search/common/common_test.go  |  12 +-
 pkg/extensions/search/common/oci_layout.go   |   6 +-
 pkg/extensions/search/cve/cve_test.go        |   6 +-
 pkg/extensions/search/cve/trivy/scanner.go   |   2 +-
 pkg/extensions/search/digest/digest_test.go  |   4 +-
 pkg/extensions/search/resolver.go            |  14 ++-
 pkg/extensions/search/schema.resolvers.go    |   2 +-
 pkg/extensions/sync/on_demand.go             |   2 +-
 pkg/extensions/sync/sync.go                  |   2 +-
 pkg/extensions/sync/utils.go                 |   2 +-
 pkg/log/log.go                               |   2 +-
 pkg/requestcontext/context.go                |   2 +-
 pkg/storage/common.go                        |  18 ++-
 pkg/storage/local/local.go                   |  12 +-
 pkg/storage/local/local_elevated_test.go     |   6 +-
 pkg/storage/local/local_test.go              |  16 +--
 pkg/storage/s3/s3.go                         |   4 +-
 pkg/storage/s3/s3_test.go                    |   2 +-
 pkg/storage/scrub.go                         |   2 +-
 pkg/storage/storage.go                       |   2 +-
 pkg/storage/storage_test.go                  |   6 +-
 pkg/test/mocks/storage_driver_mock.go        |   2 +-
 stacker-conformance.yaml                     |   2 +-
 stacker-zb.yaml                              |   2 +-
 stacker-zxp.yaml                             |   2 +-
 stacker.yaml                                 |   2 +-
 test/blackbox/pushpull.bats                  |  20 ++--
 86 files changed, 294 insertions(+), 274 deletions(-)

diff --git a/.github/workflows/benchmark.yaml b/.github/workflows/benchmark.yaml
index 136356de..faf4706d 100644
--- a/.github/workflows/benchmark.yaml
+++ b/.github/workflows/benchmark.yaml
@@ -17,7 +17,7 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-go@v3
         with:
-          go-version: 1.18.x
+          go-version: 1.19.x
       # Run benchmark with `go test -bench` and stores the output to a file
       - name: Run benchmark
         run: make BENCH_OUTPUT=ci-cd run-bench
diff --git a/.github/workflows/branch-cov.yml b/.github/workflows/branch-cov.yml
index 56417712..38fa629a 100644
--- a/.github/workflows/branch-cov.yml
+++ b/.github/workflows/branch-cov.yml
@@ -21,7 +21,7 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-go@v3
         with:
-          go-version: 1.18.x
+          go-version: 1.19.x
       - name: Install dependencies
         run: |
           cd $GITHUB_WORKSPACE
diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index ef965298..3496f135 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -43,10 +43,11 @@ jobs:
           - 4563-4599:4563-4599
           - 9090:8080
     steps:
+
       - name: Install go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.18.x
+          go-version: 1.19.x
       - name: Check out source code
         uses: actions/checkout@v3
       - name: Cache go dependencies
diff --git a/.github/workflows/cloc.yml b/.github/workflows/cloc.yml
index 1d011566..ba0bc76d 100644
--- a/.github/workflows/cloc.yml
+++ b/.github/workflows/cloc.yml
@@ -20,7 +20,7 @@ jobs:
       - name: Install go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.18.x
+          go-version: 1.19.x
       - name: Check out source code
         uses: actions/checkout@v3
       - name: Install dependencies
diff --git a/.github/workflows/cluster.yaml b/.github/workflows/cluster.yaml
index 334404ba..34784464 100644
--- a/.github/workflows/cluster.yaml
+++ b/.github/workflows/cluster.yaml
@@ -30,7 +30,7 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-go@v3
         with:
-          go-version: 1.18.x
+          go-version: 1.19.x
       - name: Install dependencies
         run: |
           cd $GITHUB_WORKSPACE
@@ -109,8 +109,8 @@ jobs:
             ./bin/zot-linux-amd64 serve test/cluster/config-minio3.json &
             sleep 10
             # run tests
-            skopeo --debug copy --format=oci --dest-tls-verify=false docker://ghcr.io/project-zot/golang:1.18 docker://localhost:8080/golang:1.18
-            skopeo --debug copy --src-tls-verify=false docker://localhost:8080/golang:1.18 oci:golang:1.18
+            skopeo --debug copy --format=oci --dest-tls-verify=false docker://ghcr.io/project-zot/golang:1.19 docker://localhost:8080/golang:1.19
+            skopeo --debug copy --src-tls-verify=false docker://localhost:8080/golang:1.19 oci:golang:1.19
             echo "{\"name\":\"foo\",\"value\":\"bar\"}" > config.json
             echo "hello world" > artifact.txt
             oras push --plain-http localhost:8080/hello-artifact:v2 \
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 3c2aa3f0..39796dbb 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -48,7 +48,7 @@ jobs:
     - name: Install go
       uses: actions/setup-go@v3
       with:
-        go-version: 1.18.x
+        go-version: 1.19.x
 
     - name: Install dependencies
       run: |
diff --git a/.github/workflows/ecosystem-tools.yaml b/.github/workflows/ecosystem-tools.yaml
index d6ccd376..7a833ab4 100644
--- a/.github/workflows/ecosystem-tools.yaml
+++ b/.github/workflows/ecosystem-tools.yaml
@@ -19,7 +19,7 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-go@v3
         with:
-          go-version: 1.18.x
+          go-version: 1.19.x
       - name: Install dependencies
         run: |
           cd $GITHUB_WORKSPACE
diff --git a/.github/workflows/golangci-lint.yaml b/.github/workflows/golangci-lint.yaml
index fb030d10..b7ba6b7f 100644
--- a/.github/workflows/golangci-lint.yaml
+++ b/.github/workflows/golangci-lint.yaml
@@ -18,20 +18,20 @@ jobs:
     steps:
       - uses: actions/setup-go@v3
         with:
-          go-version: '1.18'
+          go-version: '1.19'
       - uses: actions/checkout@v3
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3
         with:
           # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
-          version: v1.46.2
+          version: v1.49.0
 
           # Optional: working directory, useful for monorepos
           # working-directory: somedir
 
           # Optional: golangci-lint command line arguments.
           # args: --issues-exit-code=0
-          args: --config ./golangcilint.yaml --enable-all --build-tags debug,sync,scrub,search,metrics,ui_base,containers_image_openpgp,lint ./cmd/... ./pkg/...
+          args: --config ./golangcilint.yaml --enable-all --build-tags debug,needprivileges,sync,scrub,search,metrics,ui_base,containers_image_openpgp,lint ./cmd/... ./pkg/...
 
           # Optional: show only new issues if it's a pull request. The default value is `false`.
           # only-new-issues: true
diff --git a/.github/workflows/gqlgen.yaml b/.github/workflows/gqlgen.yaml
index c799d64f..450a4053 100644
--- a/.github/workflows/gqlgen.yaml
+++ b/.github/workflows/gqlgen.yaml
@@ -23,7 +23,7 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-go@v3
         with:
-          go-version: 1.18.x
+          go-version: 1.19.x
       - name: Install dependencies
         run: |
           cd $GITHUB_WORKSPACE
diff --git a/.github/workflows/license.yaml b/.github/workflows/license.yaml
index 7f886355..b4044c7c 100644
--- a/.github/workflows/license.yaml
+++ b/.github/workflows/license.yaml
@@ -21,7 +21,7 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-go@v3
         with:
-          go-version: 1.18.x
+          go-version: 1.19.x
       - name: Install go-licenses
         run: go install github.com/google/go-licenses@latest
       - name: Check for forbidden licenses
diff --git a/.github/workflows/oci-conformance-action.yml b/.github/workflows/oci-conformance-action.yml
index 2918e424..253a7ffe 100644
--- a/.github/workflows/oci-conformance-action.yml
+++ b/.github/workflows/oci-conformance-action.yml
@@ -20,10 +20,10 @@ jobs:
     runs-on: ubuntu-latest
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
-    - name: Install go 1.18
+    - name: Install go 1.19
       uses: actions/setup-go@v3
       with:
-        go-version: 1.18.x
+        go-version: 1.19.x
     - name: Checkout this PR 
       uses: actions/checkout@v3
     - name: Start zot server
diff --git a/.github/workflows/tls.yaml b/.github/workflows/tls.yaml
index cf70ed26..52ff544a 100644
--- a/.github/workflows/tls.yaml
+++ b/.github/workflows/tls.yaml
@@ -21,7 +21,7 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-go@v3
         with:
-          go-version: 1.18.x
+          go-version: 1.19.x
       - name: Install dependencies
         run: |
           cd $GITHUB_WORKSPACE
diff --git a/Dockerfile b/Dockerfile
index 53716c90..e21de669 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,7 +1,7 @@
 # ---
 # Stage 1: Install certs, build binary, create default config file
 # ---
-FROM ghcr.io/project-zot/golang:1.18 AS builder
+FROM ghcr.io/project-zot/golang:1.19 AS builder
 ARG COMMIT
 ARG OS
 ARG ARCH
diff --git a/Dockerfile-conformance b/Dockerfile-conformance
index 89e5e76d..6a57b1c1 100644
--- a/Dockerfile-conformance
+++ b/Dockerfile-conformance
@@ -1,7 +1,7 @@
 # ---
 # Stage 1: Install certs, build binary, create default config file
 # ---
-FROM ghcr.io/project-zot/golang:1.18 AS builder
+FROM ghcr.io/project-zot/golang:1.19 AS builder
 ARG COMMIT
 RUN apt-get update && apt-get install -y git make ca-certificates
 RUN mkdir -p /go/src/github.com/project-zot/zot
diff --git a/Dockerfile-minimal b/Dockerfile-minimal
index e9da9912..8b48e0be 100644
--- a/Dockerfile-minimal
+++ b/Dockerfile-minimal
@@ -1,7 +1,7 @@
 # ---
 # Stage 1: Install certs, build binary, create default config file
 # ---
-FROM ghcr.io/project-zot/golang:1.18 AS builder
+FROM ghcr.io/project-zot/golang:1.19 AS builder
 ARG COMMIT
 ARG OS
 ARG ARCH
diff --git a/Dockerfile-zb b/Dockerfile-zb
index df0423b1..2f912df7 100644
--- a/Dockerfile-zb
+++ b/Dockerfile-zb
@@ -1,7 +1,7 @@
 # ---
 # Stage 1: Install certs, build binary, create default config file
 # ---
-FROM ghcr.io/project-zot/golang:1.18 AS builder
+FROM ghcr.io/project-zot/golang:1.19 AS builder
 ARG COMMIT
 ARG OS
 ARG ARCH
diff --git a/Dockerfile-zxp b/Dockerfile-zxp
index 9c83b886..3b5df56f 100644
--- a/Dockerfile-zxp
+++ b/Dockerfile-zxp
@@ -1,7 +1,7 @@
 # ---
 # Stage 1: Build binary, create default config file
 # ---
-FROM ghcr.io/project-zot/golang:1.18 AS builder
+FROM ghcr.io/project-zot/golang:1.19 AS builder
 ARG COMMIT
 ARG OS
 ARG ARCH
diff --git a/Makefile b/Makefile
index 89214588..d660d3f1 100644
--- a/Makefile
+++ b/Makefile
@@ -9,7 +9,7 @@ TOOLSDIR := $(shell pwd)/hack/tools
 PATH := bin:$(TOOLSDIR)/bin:$(PATH)
 STACKER := $(shell which stacker)
 GOLINTER := $(TOOLSDIR)/bin/golangci-lint
-GOLINTER_VERSION := v1.46.2
+GOLINTER_VERSION := v1.49.0
 NOTATION := $(TOOLSDIR)/bin/notation
 HELM := $(TOOLSDIR)/bin/helm
 ORAS := $(TOOLSDIR)/bin/oras
diff --git a/cmd/zb/helper.go b/cmd/zb/helper.go
index d4364ab1..cd93fbf3 100644
--- a/cmd/zb/helper.go
+++ b/cmd/zb/helper.go
@@ -901,7 +901,7 @@ func getRandomSize(probabilityRange []float64) (int, int) {
 	return size, idx
 }
 
-// nolint:gosec
+//nolint:gosec
 func flipFunc(probabilityRange []float64) int {
 	mrand.Seed(time.Now().UTC().UnixNano())
 	toss := mrand.Float64()
@@ -935,7 +935,7 @@ func normalizeProbabilityRange(pbty []float64) []float64 {
 	return npd
 }
 
-func loadOrStore(statusRequests *sync.Map, key string, value int) int {
+func loadOrStore(statusRequests *sync.Map, key string, value int) int { //nolint:unparam
 	val, _ := statusRequests.LoadOrStore(key, value)
 
 	intValue, ok := val.(int)
diff --git a/cmd/zb/main_test.go b/cmd/zb/main_test.go
index b0224066..4507fccb 100644
--- a/cmd/zb/main_test.go
+++ b/cmd/zb/main_test.go
@@ -1,4 +1,4 @@
-package main // nolint:testpackage // separate binary
+package main //nolint:testpackage // separate binary
 
 import (
 	"testing"
diff --git a/cmd/zb/perf.go b/cmd/zb/perf.go
index 8f4fd744..f27c907a 100644
--- a/cmd/zb/perf.go
+++ b/cmd/zb/perf.go
@@ -42,10 +42,10 @@ const (
 	TLSHandshakeTimeout  = 10 * time.Second
 )
 
-// nolint:gochecknoglobals
+//nolint:gochecknoglobals
 var blobHash map[string]godigest.Digest = map[string]godigest.Digest{}
 
-// nolint:gochecknoglobals // used only in this test
+//nolint:gochecknoglobals // used only in this test
 var statusRequests sync.Map
 
 func setup(workingDir string) {
@@ -99,7 +99,7 @@ func setup(workingDir string) {
 
 		digest, err := godigest.FromReader(fhandle)
 		if err != nil {
-			log.Fatal(err) // nolint:gocritic // file closed on exit
+			log.Fatal(err) //nolint:gocritic // file closed on exit
 		}
 
 		blobHash[fname] = digest
@@ -200,7 +200,7 @@ type manifestStruct struct {
 	manifestBySizeHash map[int](map[string]string)
 }
 
-// nolint:gochecknoglobals // used only in this test
+//nolint:gochecknoglobals // used only in this test
 var cicdSummary = []cicdTestSummary{}
 
 func printStats(requests int, summary *statsSummary, outFmt string) {
@@ -271,7 +271,7 @@ type testFunc func(
 	client *resty.Client,
 ) error
 
-// nolint:gosec
+//nolint:gosec
 func GetCatalog(
 	workdir, url, repo string,
 	requests int,
@@ -444,7 +444,7 @@ func Pull(
 		config.size = largeBlob
 
 		// Push large blob
-		// nolint: ineffassign, staticcheck, wastedassign
+		//nolint: ineffassign, staticcheck, wastedassign
 		manifestBySize, repos, err = pushMonolithImage(workdir, url, trepo, repos, config, client)
 		if err != nil {
 			return err
@@ -537,7 +537,7 @@ type testConfig struct {
 	mixedSize, mixedType bool
 }
 
-var testSuite = []testConfig{ // nolint:gochecknoglobals // used only in this test
+var testSuite = []testConfig{ //nolint:gochecknoglobals // used only in this test
 	{
 		name:             "Get Catalog",
 		tfunc:            GetCatalog,
@@ -777,7 +777,7 @@ func getRandomClientIPs(auth string, url string, ips []string) (*resty.Client, e
 		log.Fatal(err)
 	}
 
-	// nolint: gosec
+	//nolint: gosec
 	if parsedURL.Scheme == secureProtocol {
 		client.SetTLSClientConfig(&tls.Config{InsecureSkipVerify: true})
 	}
@@ -787,7 +787,7 @@ func getRandomClientIPs(auth string, url string, ips []string) (*resty.Client, e
 
 // getIPsFromCIDR returns a list of ips given a cidr.
 func getIPsFromCIDR(cidr string, maxIPs int) ([]string, error) {
-	// nolint:varnamelen
+	//nolint:varnamelen
 	ip, ipnet, err := net.ParseCIDR(cidr)
 	if err != nil {
 		return nil, err
diff --git a/examples/metrics/Dockerfile b/examples/metrics/Dockerfile
index c9113f70..1239a18c 100644
--- a/examples/metrics/Dockerfile
+++ b/examples/metrics/Dockerfile
@@ -1,7 +1,7 @@
 # ---
 # Stage 1: Install certs, build binary, create default config file
 # ---
-FROM ghcr.io/project-zot/golang:1.18 AS builder
+FROM ghcr.io/project-zot/golang:1.19 AS builder
 RUN mkdir -p /go/src/github.com/project-zot/zot
 WORKDIR /go/src/github.com/project-zot/zot
 COPY . .
diff --git a/examples/metrics/Dockerfile-minimal b/examples/metrics/Dockerfile-minimal
index dec0c5dd..d05d5606 100644
--- a/examples/metrics/Dockerfile-minimal
+++ b/examples/metrics/Dockerfile-minimal
@@ -1,7 +1,7 @@
 # ---
 # Stage 1: Install certs, build binary, create default config file
 # ---
-FROM ghcr.io/project-zot/golang:1.18 AS builder
+FROM ghcr.io/project-zot/golang:1.19 AS builder
 RUN mkdir -p /go/src/github.com/project-zot/zot
 WORKDIR /go/src/github.com/project-zot/zot
 COPY . .
diff --git a/examples/metrics/Dockerfile-zxp b/examples/metrics/Dockerfile-zxp
index adf7cce6..ebe35685 100644
--- a/examples/metrics/Dockerfile-zxp
+++ b/examples/metrics/Dockerfile-zxp
@@ -1,7 +1,7 @@
 # ---
 # Stage 1: Build binary, create default config file
 # ---
-FROM ghcr.io/project-zot/golang:1.18 AS builder
+FROM ghcr.io/project-zot/golang:1.19 AS builder
 RUN mkdir -p /go/src/github.com/project-zot/zot
 WORKDIR /go/src/github.com/project-zot/zot
 COPY . .
diff --git a/go.mod b/go.mod
index 9d63b776..7924b7c2 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module zotregistry.io/zot
 
-go 1.18
+go 1.19
 
 require (
 	github.com/99designs/gqlgen v0.17.20
diff --git a/golangcilint.yaml b/golangcilint.yaml
index 7380c09a..4bca74d6 100644
--- a/golangcilint.yaml
+++ b/golangcilint.yaml
@@ -5,7 +5,7 @@ run:
 
 linters:
   enable-all: true
-  disable: funlen,gocognit,exhaustivestruct,paralleltest,forbidigo,ireturn,wrapcheck,exhaustive,maintidx,exhaustruct
+  disable: funlen,gocognit,exhaustivestruct,paralleltest,forbidigo,ireturn,wrapcheck,exhaustive,maintidx,exhaustruct,nosnakecase,interfacer,structcheck,varcheck,deadcode,ifshort,golint,scopelint,maligned,rowserrcheck,sqlclosecheck
 
 linters-settings:
   dupl:
diff --git a/pkg/api/authn.go b/pkg/api/authn.go
index aa9a0a26..ab859a50 100644
--- a/pkg/api/authn.go
+++ b/pkg/api/authn.go
@@ -91,7 +91,7 @@ func noPasswdAuth(realm string, config *config.Config) mux.MiddlewareFunc {
 	}
 }
 
-// nolint:gocyclo  // we use closure making this a complex subroutine
+//nolint:gocyclo  // we use closure making this a complex subroutine
 func basicAuthHandler(ctlr *Controller) mux.MiddlewareFunc {
 	realm := ctlr.Config.HTTP.Realm
 	if realm == "" {
diff --git a/pkg/api/authz.go b/pkg/api/authz.go
index aa8b9011..bf13e444 100644
--- a/pkg/api/authz.go
+++ b/pkg/api/authz.go
@@ -217,13 +217,13 @@ func AuthzHandler(ctlr *Controller) mux.MiddlewareFunc {
 
 			// will return only repos on which client is authorized to read
 			if request.RequestURI == fmt.Sprintf("%s%s", constants.RoutePrefix, constants.ExtCatalogPrefix) {
-				next.ServeHTTP(response, request.WithContext(ctx))
+				next.ServeHTTP(response, request.WithContext(ctx)) //nolint:contextcheck
 
 				return
 			}
 
 			if strings.Contains(request.RequestURI, constants.ExtSearchPrefix) {
-				next.ServeHTTP(response, request.WithContext(ctx))
+				next.ServeHTTP(response, request.WithContext(ctx)) //nolint:contextcheck
 
 				return
 			}
@@ -255,7 +255,7 @@ func AuthzHandler(ctlr *Controller) mux.MiddlewareFunc {
 			if !can {
 				authzFail(response, ctlr.Config.HTTP.Realm, ctlr.Config.HTTP.Auth.FailDelay)
 			} else {
-				next.ServeHTTP(response, request.WithContext(ctx))
+				next.ServeHTTP(response, request.WithContext(ctx)) //nolint:contextcheck
 			}
 		})
 	}
diff --git a/pkg/api/config/config.go b/pkg/api/config/config.go
index 79b5ad87..8a0ff050 100644
--- a/pkg/api/config/config.go
+++ b/pkg/api/config/config.go
@@ -13,9 +13,9 @@ import (
 )
 
 var (
-	Commit     string // nolint: gochecknoglobals
-	BinaryType string // nolint: gochecknoglobals
-	GoVersion  string // nolint: gochecknoglobals
+	Commit     string //nolint: gochecknoglobals
+	BinaryType string //nolint: gochecknoglobals
+	GoVersion  string //nolint: gochecknoglobals
 )
 
 type StorageConfig struct {
diff --git a/pkg/api/config/config_elevated_test.go b/pkg/api/config/config_elevated_test.go
index 3b1a0b0c..c7953e32 100644
--- a/pkg/api/config/config_elevated_test.go
+++ b/pkg/api/config/config_elevated_test.go
@@ -8,7 +8,6 @@ import (
 	"testing"
 
 	. "github.com/smartystreets/goconvey/convey"
-
 	"zotregistry.io/zot/pkg/api/config"
 )
 
diff --git a/pkg/api/controller.go b/pkg/api/controller.go
index 2ed6c4ed..e3ffa818 100644
--- a/pkg/api/controller.go
+++ b/pkg/api/controller.go
@@ -21,7 +21,6 @@ import (
 	"zotregistry.io/zot/errors"
 	"zotregistry.io/zot/pkg/api/config"
 	ext "zotregistry.io/zot/pkg/extensions"
-	"zotregistry.io/zot/pkg/extensions/lint"
 	"zotregistry.io/zot/pkg/extensions/monitoring"
 	"zotregistry.io/zot/pkg/log"
 	"zotregistry.io/zot/pkg/scheduler"
@@ -31,7 +30,8 @@ import (
 )
 
 const (
-	idleTimeout = 120 * time.Second
+	idleTimeout       = 120 * time.Second
+	readHeaderTimeout = 5 * time.Second
 )
 
 type Controller struct {
@@ -162,14 +162,15 @@ func (c *Controller) Run(reloadCtx context.Context) error {
 	monitoring.SetServerInfo(c.Metrics, c.Config.Commit, c.Config.BinaryType, c.Config.GoVersion,
 		c.Config.DistSpecVersion)
 
-	// nolint: contextcheck
+	//nolint: contextcheck
 	_ = NewRouteHandler(c)
 
 	addr := fmt.Sprintf("%s:%s", c.Config.HTTP.Address, c.Config.HTTP.Port)
 	server := &http.Server{
-		Addr:        addr,
-		Handler:     c.Router,
-		IdleTimeout: idleTimeout,
+		Addr:              addr,
+		Handler:           c.Router,
+		IdleTimeout:       idleTimeout,
+		ReadHeaderTimeout: readHeaderTimeout,
 	}
 	c.Server = server
 
@@ -264,7 +265,7 @@ func (c *Controller) InitImageStore(reloadCtx context.Context) error {
 		var defaultStore storage.ImageStore
 		if c.Config.Storage.StorageDriver == nil {
 			// false positive lint - linter does not implement Lint method
-			// nolint: typecheck
+			//nolint:typecheck
 			defaultStore = local.NewImageStore(c.Config.Storage.RootDirectory,
 				c.Config.Storage.GC, c.Config.Storage.GCDelay,
 				c.Config.Storage.Dedupe, c.Config.Storage.Commit, c.Log, c.Metrics, linter,
@@ -291,7 +292,7 @@ func (c *Controller) InitImageStore(reloadCtx context.Context) error {
 			}
 
 			// false positive lint - linter does not implement Lint method
-			// nolint: typecheck
+			//nolint: typecheck
 			defaultStore = s3.NewImageStore(rootDir, c.Config.Storage.RootDirectory,
 				c.Config.Storage.GC, c.Config.Storage.GCDelay, c.Config.Storage.Dedupe,
 				c.Config.Storage.Commit, c.Log, c.Metrics, linter, store)
@@ -326,7 +327,7 @@ func (c *Controller) InitImageStore(reloadCtx context.Context) error {
 }
 
 func (c *Controller) getSubStore(subPaths map[string]config.StorageConfig,
-	linter *lint.Linter,
+	linter storage.Lint,
 ) (map[string]storage.ImageStore, error) {
 	imgStoreMap := make(map[string]storage.ImageStore, 0)
 
@@ -398,7 +399,7 @@ func (c *Controller) getSubStore(subPaths map[string]config.StorageConfig,
 			}
 
 			// false positive lint - linter does not implement Lint method
-			// nolint: typecheck
+			//nolint: typecheck
 			subImageStore[route] = s3.NewImageStore(rootDir, storageConfig.RootDirectory,
 				storageConfig.GC, storageConfig.GCDelay,
 				storageConfig.Dedupe, storageConfig.Commit, c.Log, c.Metrics, linter, store,
diff --git a/pkg/api/controller_test.go b/pkg/api/controller_test.go
index 564a2104..c3a3ccd4 100644
--- a/pkg/api/controller_test.go
+++ b/pkg/api/controller_test.go
@@ -601,7 +601,7 @@ func TestInterruptedBlobUpload(t *testing.T) {
 		blob := make([]byte, 50*1024*1024)
 		digest := godigest.FromBytes(blob).String()
 
-		// nolint: dupl
+		//nolint: dupl
 		Convey("Test interrupt PATCH blob upload", func() {
 			resp, err := client.R().Post(baseURL + "/v2/" + AuthorizedNamespace + "/blobs/uploads/")
 			So(err, ShouldBeNil)
@@ -703,7 +703,7 @@ func TestInterruptedBlobUpload(t *testing.T) {
 			So(resp.StatusCode(), ShouldEqual, http.StatusNotFound)
 		})
 
-		// nolint: dupl
+		//nolint: dupl
 		Convey("Test interrupt PUT blob upload", func() {
 			resp, err := client.R().Post(baseURL + "/v2/" + AuthorizedNamespace + "/blobs/uploads/")
 			So(err, ShouldBeNil)
@@ -4115,7 +4115,7 @@ func TestRouteFailures(t *testing.T) {
 		// so path routing is bypassed
 
 		Convey("List tags", func() {
-			request, _ := http.NewRequestWithContext(context.TODO(), "GET", baseURL, nil)
+			request, _ := http.NewRequestWithContext(context.TODO(), http.MethodGet, baseURL, nil)
 			mux.SetURLVars(request, map[string]string{})
 			response := httptest.NewRecorder()
 
@@ -4126,7 +4126,7 @@ func TestRouteFailures(t *testing.T) {
 			So(resp, ShouldNotBeNil)
 			So(resp.StatusCode, ShouldEqual, http.StatusNotFound)
 
-			request, _ = http.NewRequestWithContext(context.TODO(), "GET", baseURL, nil)
+			request, _ = http.NewRequestWithContext(context.TODO(), http.MethodGet, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{"name": "foo"})
 			response = httptest.NewRecorder()
 
@@ -4137,7 +4137,7 @@ func TestRouteFailures(t *testing.T) {
 			So(resp, ShouldNotBeNil)
 			So(resp.StatusCode, ShouldEqual, http.StatusNotFound)
 
-			request, _ = http.NewRequestWithContext(context.TODO(), "GET", baseURL, nil)
+			request, _ = http.NewRequestWithContext(context.TODO(), http.MethodGet, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{"name": "foo"})
 			qparm := request.URL.Query()
 			qparm.Add("n", "a")
@@ -4151,7 +4151,7 @@ func TestRouteFailures(t *testing.T) {
 			So(resp, ShouldNotBeNil)
 			So(resp.StatusCode, ShouldEqual, http.StatusBadRequest)
 
-			request, _ = http.NewRequestWithContext(context.TODO(), "GET", baseURL, nil)
+			request, _ = http.NewRequestWithContext(context.TODO(), http.MethodGet, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{"name": "foo"})
 			qparm = request.URL.Query()
 			qparm.Add("n", "abc")
@@ -4165,7 +4165,7 @@ func TestRouteFailures(t *testing.T) {
 			So(resp, ShouldNotBeNil)
 			So(resp.StatusCode, ShouldEqual, http.StatusBadRequest)
 
-			request, _ = http.NewRequestWithContext(context.TODO(), "GET", baseURL, nil)
+			request, _ = http.NewRequestWithContext(context.TODO(), http.MethodGet, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{"name": "foo"})
 			qparm = request.URL.Query()
 			qparm.Add("n", "a")
@@ -4180,7 +4180,7 @@ func TestRouteFailures(t *testing.T) {
 			So(resp, ShouldNotBeNil)
 			So(resp.StatusCode, ShouldEqual, http.StatusBadRequest)
 
-			request, _ = http.NewRequestWithContext(context.TODO(), "GET", baseURL, nil)
+			request, _ = http.NewRequestWithContext(context.TODO(), http.MethodGet, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{"name": "foo"})
 			qparm = request.URL.Query()
 			qparm.Add("n", "0")
@@ -4194,7 +4194,7 @@ func TestRouteFailures(t *testing.T) {
 			So(resp, ShouldNotBeNil)
 			So(resp.StatusCode, ShouldEqual, http.StatusNotFound)
 
-			request, _ = http.NewRequestWithContext(context.TODO(), "GET", baseURL, nil)
+			request, _ = http.NewRequestWithContext(context.TODO(), http.MethodGet, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{"name": "foo"})
 			qparm = request.URL.Query()
 			qparm.Add("n", "1")
@@ -4209,7 +4209,7 @@ func TestRouteFailures(t *testing.T) {
 			So(resp, ShouldNotBeNil)
 			So(resp.StatusCode, ShouldEqual, http.StatusNotFound)
 
-			request, _ = http.NewRequestWithContext(context.TODO(), "GET", baseURL, nil)
+			request, _ = http.NewRequestWithContext(context.TODO(), http.MethodGet, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{"name": "foo"})
 			qparm = request.URL.Query()
 			qparm.Add("n", "1")
@@ -4224,7 +4224,7 @@ func TestRouteFailures(t *testing.T) {
 			So(resp, ShouldNotBeNil)
 			So(resp.StatusCode, ShouldEqual, http.StatusNotFound)
 
-			request, _ = http.NewRequestWithContext(context.TODO(), "GET", baseURL, nil)
+			request, _ = http.NewRequestWithContext(context.TODO(), http.MethodGet, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{"name": "foo"})
 			qparm = request.URL.Query()
 			qparm.Add("n", "1")
@@ -4242,7 +4242,7 @@ func TestRouteFailures(t *testing.T) {
 		})
 
 		Convey("Check manifest", func() {
-			request, _ := http.NewRequestWithContext(context.TODO(), "HEAD", baseURL, nil)
+			request, _ := http.NewRequestWithContext(context.TODO(), http.MethodHead, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{})
 			response := httptest.NewRecorder()
 
@@ -4253,7 +4253,7 @@ func TestRouteFailures(t *testing.T) {
 			So(resp, ShouldNotBeNil)
 			So(resp.StatusCode, ShouldEqual, http.StatusNotFound)
 
-			request, _ = http.NewRequestWithContext(context.TODO(), "HEAD", baseURL, nil)
+			request, _ = http.NewRequestWithContext(context.TODO(), http.MethodHead, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{"name": "foo"})
 			response = httptest.NewRecorder()
 
@@ -4264,7 +4264,7 @@ func TestRouteFailures(t *testing.T) {
 			So(resp, ShouldNotBeNil)
 			So(resp.StatusCode, ShouldEqual, http.StatusNotFound)
 
-			request, _ = http.NewRequestWithContext(context.TODO(), "HEAD", baseURL, nil)
+			request, _ = http.NewRequestWithContext(context.TODO(), http.MethodHead, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{"name": "foo", "reference": ""})
 			response = httptest.NewRecorder()
 
@@ -4277,7 +4277,7 @@ func TestRouteFailures(t *testing.T) {
 		})
 
 		Convey("Get manifest", func() {
-			request, _ := http.NewRequestWithContext(context.TODO(), "GET", baseURL, nil)
+			request, _ := http.NewRequestWithContext(context.TODO(), http.MethodGet, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{})
 			response := httptest.NewRecorder()
 
@@ -4288,7 +4288,7 @@ func TestRouteFailures(t *testing.T) {
 			So(resp, ShouldNotBeNil)
 			So(resp.StatusCode, ShouldEqual, http.StatusNotFound)
 
-			request, _ = http.NewRequestWithContext(context.TODO(), "GET", baseURL, nil)
+			request, _ = http.NewRequestWithContext(context.TODO(), http.MethodGet, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{"name": "foo"})
 			response = httptest.NewRecorder()
 
@@ -4299,7 +4299,7 @@ func TestRouteFailures(t *testing.T) {
 			So(resp, ShouldNotBeNil)
 			So(resp.StatusCode, ShouldEqual, http.StatusNotFound)
 
-			request, _ = http.NewRequestWithContext(context.TODO(), "GET", baseURL, nil)
+			request, _ = http.NewRequestWithContext(context.TODO(), http.MethodGet, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{"name": "foo", "reference": ""})
 			response = httptest.NewRecorder()
 
@@ -4312,7 +4312,7 @@ func TestRouteFailures(t *testing.T) {
 		})
 
 		Convey("Update manifest", func() {
-			request, _ := http.NewRequestWithContext(context.TODO(), "PUT", baseURL, nil)
+			request, _ := http.NewRequestWithContext(context.TODO(), http.MethodPut, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{})
 			response := httptest.NewRecorder()
 
@@ -4323,7 +4323,7 @@ func TestRouteFailures(t *testing.T) {
 			So(resp, ShouldNotBeNil)
 			So(resp.StatusCode, ShouldEqual, http.StatusNotFound)
 
-			request, _ = http.NewRequestWithContext(context.TODO(), "PUT", baseURL, nil)
+			request, _ = http.NewRequestWithContext(context.TODO(), http.MethodPut, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{"name": "foo"})
 			response = httptest.NewRecorder()
 
@@ -4334,7 +4334,7 @@ func TestRouteFailures(t *testing.T) {
 			So(resp, ShouldNotBeNil)
 			So(resp.StatusCode, ShouldEqual, http.StatusNotFound)
 
-			request, _ = http.NewRequestWithContext(context.TODO(), "PUT", baseURL, nil)
+			request, _ = http.NewRequestWithContext(context.TODO(), http.MethodPut, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{"name": "foo", "reference": ""})
 			response = httptest.NewRecorder()
 
@@ -4347,7 +4347,7 @@ func TestRouteFailures(t *testing.T) {
 		})
 
 		Convey("Delete manifest", func() {
-			request, _ := http.NewRequestWithContext(context.TODO(), "DELETE", baseURL, nil)
+			request, _ := http.NewRequestWithContext(context.TODO(), http.MethodDelete, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{})
 			response := httptest.NewRecorder()
 
@@ -4358,7 +4358,7 @@ func TestRouteFailures(t *testing.T) {
 			So(resp, ShouldNotBeNil)
 			So(resp.StatusCode, ShouldEqual, http.StatusNotFound)
 
-			request, _ = http.NewRequestWithContext(context.TODO(), "DELETE", baseURL, nil)
+			request, _ = http.NewRequestWithContext(context.TODO(), http.MethodDelete, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{"name": "foo"})
 			response = httptest.NewRecorder()
 
@@ -4369,7 +4369,7 @@ func TestRouteFailures(t *testing.T) {
 			So(resp, ShouldNotBeNil)
 			So(resp.StatusCode, ShouldEqual, http.StatusNotFound)
 
-			request, _ = http.NewRequestWithContext(context.TODO(), "DELETE", baseURL, nil)
+			request, _ = http.NewRequestWithContext(context.TODO(), http.MethodDelete, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{"name": "foo", "reference": ""})
 			response = httptest.NewRecorder()
 
@@ -4382,7 +4382,7 @@ func TestRouteFailures(t *testing.T) {
 		})
 
 		Convey("Check blob", func() {
-			request, _ := http.NewRequestWithContext(context.TODO(), "HEAD", baseURL, nil)
+			request, _ := http.NewRequestWithContext(context.TODO(), http.MethodHead, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{})
 			response := httptest.NewRecorder()
 
@@ -4393,7 +4393,7 @@ func TestRouteFailures(t *testing.T) {
 			So(resp, ShouldNotBeNil)
 			So(resp.StatusCode, ShouldEqual, http.StatusNotFound)
 
-			request, _ = http.NewRequestWithContext(context.TODO(), "HEAD", baseURL, nil)
+			request, _ = http.NewRequestWithContext(context.TODO(), http.MethodHead, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{"name": "foo"})
 			response = httptest.NewRecorder()
 
@@ -4404,7 +4404,7 @@ func TestRouteFailures(t *testing.T) {
 			So(resp, ShouldNotBeNil)
 			So(resp.StatusCode, ShouldEqual, http.StatusNotFound)
 
-			request, _ = http.NewRequestWithContext(context.TODO(), "HEAD", baseURL, nil)
+			request, _ = http.NewRequestWithContext(context.TODO(), http.MethodHead, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{"name": "foo", "digest": ""})
 			response = httptest.NewRecorder()
 
@@ -4417,7 +4417,7 @@ func TestRouteFailures(t *testing.T) {
 		})
 
 		Convey("Get blob", func() {
-			request, _ := http.NewRequestWithContext(context.TODO(), "GET", baseURL, nil)
+			request, _ := http.NewRequestWithContext(context.TODO(), http.MethodGet, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{})
 			response := httptest.NewRecorder()
 
@@ -4428,7 +4428,7 @@ func TestRouteFailures(t *testing.T) {
 			So(resp, ShouldNotBeNil)
 			So(resp.StatusCode, ShouldEqual, http.StatusNotFound)
 
-			request, _ = http.NewRequestWithContext(context.TODO(), "GET", baseURL, nil)
+			request, _ = http.NewRequestWithContext(context.TODO(), http.MethodGet, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{"name": "foo"})
 			response = httptest.NewRecorder()
 
@@ -4439,7 +4439,7 @@ func TestRouteFailures(t *testing.T) {
 			So(resp, ShouldNotBeNil)
 			So(resp.StatusCode, ShouldEqual, http.StatusNotFound)
 
-			request, _ = http.NewRequestWithContext(context.TODO(), "GET", baseURL, nil)
+			request, _ = http.NewRequestWithContext(context.TODO(), http.MethodGet, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{"name": "foo", "digest": ""})
 			response = httptest.NewRecorder()
 
@@ -4452,7 +4452,7 @@ func TestRouteFailures(t *testing.T) {
 		})
 
 		Convey("Delete blob", func() {
-			request, _ := http.NewRequestWithContext(context.TODO(), "DELETE", baseURL, nil)
+			request, _ := http.NewRequestWithContext(context.TODO(), http.MethodDelete, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{})
 			response := httptest.NewRecorder()
 
@@ -4463,7 +4463,7 @@ func TestRouteFailures(t *testing.T) {
 			So(resp, ShouldNotBeNil)
 			So(resp.StatusCode, ShouldEqual, http.StatusNotFound)
 
-			request, _ = http.NewRequestWithContext(context.TODO(), "DELETE", baseURL, nil)
+			request, _ = http.NewRequestWithContext(context.TODO(), http.MethodDelete, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{"name": "foo"})
 			response = httptest.NewRecorder()
 
@@ -4474,7 +4474,7 @@ func TestRouteFailures(t *testing.T) {
 			So(resp, ShouldNotBeNil)
 			So(resp.StatusCode, ShouldEqual, http.StatusNotFound)
 
-			request, _ = http.NewRequestWithContext(context.TODO(), "DELETE", baseURL, nil)
+			request, _ = http.NewRequestWithContext(context.TODO(), http.MethodDelete, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{"name": "foo", "digest": ""})
 			response = httptest.NewRecorder()
 
@@ -4487,7 +4487,7 @@ func TestRouteFailures(t *testing.T) {
 		})
 
 		Convey("Create blob upload", func() {
-			request, _ := http.NewRequestWithContext(context.TODO(), "POST", baseURL, nil)
+			request, _ := http.NewRequestWithContext(context.TODO(), http.MethodPost, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{})
 			response := httptest.NewRecorder()
 
@@ -4498,7 +4498,7 @@ func TestRouteFailures(t *testing.T) {
 			So(resp, ShouldNotBeNil)
 			So(resp.StatusCode, ShouldEqual, http.StatusNotFound)
 
-			request, _ = http.NewRequestWithContext(context.TODO(), "POST", baseURL, nil)
+			request, _ = http.NewRequestWithContext(context.TODO(), http.MethodPost, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{"name": "foo"})
 			qparm := request.URL.Query()
 			qparm.Add("mount", "a")
@@ -4513,7 +4513,7 @@ func TestRouteFailures(t *testing.T) {
 			So(resp, ShouldNotBeNil)
 			So(resp.StatusCode, ShouldEqual, http.StatusBadRequest)
 
-			request, _ = http.NewRequestWithContext(context.TODO(), "POST", baseURL, nil)
+			request, _ = http.NewRequestWithContext(context.TODO(), http.MethodPost, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{"name": "foo"})
 			qparm = request.URL.Query()
 			qparm.Add("mount", "a")
@@ -4529,7 +4529,7 @@ func TestRouteFailures(t *testing.T) {
 		})
 
 		Convey("Get blob upload", func() {
-			request, _ := http.NewRequestWithContext(context.TODO(), "GET", baseURL, nil)
+			request, _ := http.NewRequestWithContext(context.TODO(), http.MethodGet, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{})
 			response := httptest.NewRecorder()
 
@@ -4540,7 +4540,7 @@ func TestRouteFailures(t *testing.T) {
 			So(resp, ShouldNotBeNil)
 			So(resp.StatusCode, ShouldEqual, http.StatusNotFound)
 
-			request, _ = http.NewRequestWithContext(context.TODO(), "GET", baseURL, nil)
+			request, _ = http.NewRequestWithContext(context.TODO(), http.MethodGet, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{"name": "foo"})
 			response = httptest.NewRecorder()
 
@@ -4553,7 +4553,7 @@ func TestRouteFailures(t *testing.T) {
 		})
 
 		Convey("Patch blob upload", func() {
-			request, _ := http.NewRequestWithContext(context.TODO(), "PATCH", baseURL, nil)
+			request, _ := http.NewRequestWithContext(context.TODO(), http.MethodPatch, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{})
 			response := httptest.NewRecorder()
 
@@ -4564,7 +4564,7 @@ func TestRouteFailures(t *testing.T) {
 			So(resp, ShouldNotBeNil)
 			So(resp.StatusCode, ShouldEqual, http.StatusNotFound)
 
-			request, _ = http.NewRequestWithContext(context.TODO(), "GET", baseURL, nil)
+			request, _ = http.NewRequestWithContext(context.TODO(), http.MethodGet, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{"name": "foo"})
 			response = httptest.NewRecorder()
 
@@ -4577,7 +4577,7 @@ func TestRouteFailures(t *testing.T) {
 		})
 
 		Convey("Update blob upload", func() {
-			request, _ := http.NewRequestWithContext(context.TODO(), "PUT", baseURL, nil)
+			request, _ := http.NewRequestWithContext(context.TODO(), http.MethodPut, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{})
 			response := httptest.NewRecorder()
 
@@ -4588,7 +4588,7 @@ func TestRouteFailures(t *testing.T) {
 			So(resp, ShouldNotBeNil)
 			So(resp.StatusCode, ShouldEqual, http.StatusNotFound)
 
-			request, _ = http.NewRequestWithContext(context.TODO(), "PUT", baseURL, nil)
+			request, _ = http.NewRequestWithContext(context.TODO(), http.MethodPut, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{"name": "foo"})
 			response = httptest.NewRecorder()
 
@@ -4599,7 +4599,7 @@ func TestRouteFailures(t *testing.T) {
 			So(resp, ShouldNotBeNil)
 			So(resp.StatusCode, ShouldEqual, http.StatusNotFound)
 
-			request, _ = http.NewRequestWithContext(context.TODO(), "PUT", baseURL, nil)
+			request, _ = http.NewRequestWithContext(context.TODO(), http.MethodPut, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{"name": "foo", "session_id": "bar"})
 			response = httptest.NewRecorder()
 
@@ -4610,7 +4610,7 @@ func TestRouteFailures(t *testing.T) {
 			So(resp, ShouldNotBeNil)
 			So(resp.StatusCode, ShouldEqual, http.StatusBadRequest)
 
-			request, _ = http.NewRequestWithContext(context.TODO(), "PUT", baseURL, nil)
+			request, _ = http.NewRequestWithContext(context.TODO(), http.MethodPut, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{"name": "foo", "session_id": "bar"})
 			qparm := request.URL.Query()
 			qparm.Add("digest", "a")
@@ -4627,7 +4627,7 @@ func TestRouteFailures(t *testing.T) {
 		})
 
 		Convey("Delete blob upload", func() {
-			request, _ := http.NewRequestWithContext(context.TODO(), "DELETE", baseURL, nil)
+			request, _ := http.NewRequestWithContext(context.TODO(), http.MethodDelete, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{})
 			response := httptest.NewRecorder()
 
@@ -4638,7 +4638,7 @@ func TestRouteFailures(t *testing.T) {
 			So(resp, ShouldNotBeNil)
 			So(resp.StatusCode, ShouldEqual, http.StatusNotFound)
 
-			request, _ = http.NewRequestWithContext(context.TODO(), "DELETE", baseURL, nil)
+			request, _ = http.NewRequestWithContext(context.TODO(), http.MethodDelete, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{"name": "foo"})
 			response = httptest.NewRecorder()
 
@@ -4651,7 +4651,7 @@ func TestRouteFailures(t *testing.T) {
 		})
 
 		Convey("Get referrers", func() {
-			request, _ := http.NewRequestWithContext(context.TODO(), "GET", baseURL, nil)
+			request, _ := http.NewRequestWithContext(context.TODO(), http.MethodGet, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{})
 			response := httptest.NewRecorder()
 
@@ -4662,7 +4662,7 @@ func TestRouteFailures(t *testing.T) {
 			So(resp, ShouldNotBeNil)
 			So(resp.StatusCode, ShouldEqual, http.StatusNotFound)
 
-			request, _ = http.NewRequestWithContext(context.TODO(), "GET", baseURL, nil)
+			request, _ = http.NewRequestWithContext(context.TODO(), http.MethodGet, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{"name": "foo"})
 			response = httptest.NewRecorder()
 
@@ -5200,7 +5200,7 @@ func TestManifestImageIndex(t *testing.T) {
 			So(resp.Header().Get("Content-Type"), ShouldNotBeEmpty)
 
 			Convey("List tags", func() {
-				request, _ := http.NewRequestWithContext(context.TODO(), "GET", baseURL, nil)
+				request, _ := http.NewRequestWithContext(context.TODO(), http.MethodGet, baseURL, nil)
 				request = mux.SetURLVars(request, map[string]string{"name": "index"})
 				response := httptest.NewRecorder()
 
@@ -5713,7 +5713,7 @@ func TestInjectInterruptedImageManifest(t *testing.T) {
 			Convey("Uploading an image manifest blob (when injected simulates an interrupted image manifest upload)", func() {
 				injected := test.InjectFailure(0)
 
-				request, _ := http.NewRequestWithContext(context.TODO(), "PUT", baseURL, bytes.NewReader(content))
+				request, _ := http.NewRequestWithContext(context.TODO(), http.MethodPut, baseURL, bytes.NewReader(content))
 				request = mux.SetURLVars(request, map[string]string{"name": "repotest", "reference": "1.0"})
 				request.Header.Set("Content-Type", "application/vnd.oci.image.manifest.v1+json")
 				response := httptest.NewRecorder()
@@ -5774,7 +5774,7 @@ func TestInjectTooManyOpenFiles(t *testing.T) {
 		// monolithic blob upload
 		injected := test.InjectFailure(0)
 		if injected {
-			request, _ := http.NewRequestWithContext(context.TODO(), "PUT", loc, bytes.NewReader(content))
+			request, _ := http.NewRequestWithContext(context.TODO(), http.MethodPut, loc, bytes.NewReader(content))
 			tokens := strings.Split(loc, "/")
 			request = mux.SetURLVars(request, map[string]string{"name": "repotest", "session_id": tokens[len(tokens)-1]})
 			q := request.URL.Query()
@@ -5847,7 +5847,7 @@ func TestInjectTooManyOpenFiles(t *testing.T) {
 		Convey("Uploading an image manifest blob (when injected simulates that PutImageManifest failed due to 'too many open files' error)", func() {
 			injected := test.InjectFailure(1)
 
-			request, _ := http.NewRequestWithContext(context.TODO(), "PUT", baseURL, bytes.NewReader(content))
+			request, _ := http.NewRequestWithContext(context.TODO(), http.MethodPut, baseURL, bytes.NewReader(content))
 			request = mux.SetURLVars(request, map[string]string{"name": "repotest", "reference": "1.0"})
 			request.Header.Set("Content-Type", "application/vnd.oci.image.manifest.v1+json")
 			response := httptest.NewRecorder()
@@ -5867,7 +5867,7 @@ func TestInjectTooManyOpenFiles(t *testing.T) {
 		Convey("when injected simulates a `too many open files` error inside PutImageManifest method of img store", func() {
 			injected := test.InjectFailure(2)
 
-			request, _ := http.NewRequestWithContext(context.TODO(), "PUT", baseURL, bytes.NewReader(content))
+			request, _ := http.NewRequestWithContext(context.TODO(), http.MethodPut, baseURL, bytes.NewReader(content))
 			request = mux.SetURLVars(request, map[string]string{"name": "repotest", "reference": "1.0"})
 			request.Header.Set("Content-Type", "application/vnd.oci.image.manifest.v1+json")
 			response := httptest.NewRecorder()
@@ -5888,7 +5888,7 @@ func TestInjectTooManyOpenFiles(t *testing.T) {
 		Convey("code coverage: error inside PutImageManifest method of img store (unable to marshal JSON)", func() {
 			injected := test.InjectFailure(1)
 
-			request, _ := http.NewRequestWithContext(context.TODO(), "PUT", baseURL, bytes.NewReader(content))
+			request, _ := http.NewRequestWithContext(context.TODO(), http.MethodPut, baseURL, bytes.NewReader(content))
 			request = mux.SetURLVars(request, map[string]string{"name": "repotest", "reference": "1.0"})
 			request.Header.Set("Content-Type", "application/vnd.oci.image.manifest.v1+json")
 			response := httptest.NewRecorder()
@@ -5909,7 +5909,7 @@ func TestInjectTooManyOpenFiles(t *testing.T) {
 		Convey("code coverage: error inside PutImageManifest method of img store (umoci.OpenLayout error)", func() {
 			injected := test.InjectFailure(3)
 
-			request, _ := http.NewRequestWithContext(context.TODO(), "PUT", baseURL, bytes.NewReader(content))
+			request, _ := http.NewRequestWithContext(context.TODO(), http.MethodPut, baseURL, bytes.NewReader(content))
 			request = mux.SetURLVars(request, map[string]string{"name": "repotest", "reference": "1.0"})
 			request.Header.Set("Content-Type", "application/vnd.oci.image.manifest.v1+json")
 			response := httptest.NewRecorder()
@@ -5930,7 +5930,7 @@ func TestInjectTooManyOpenFiles(t *testing.T) {
 		Convey("code coverage: error inside PutImageManifest method of img store (oci.GC)", func() {
 			injected := test.InjectFailure(4)
 
-			request, _ := http.NewRequestWithContext(context.TODO(), "PUT", baseURL, bytes.NewReader(content))
+			request, _ := http.NewRequestWithContext(context.TODO(), http.MethodPut, baseURL, bytes.NewReader(content))
 			request = mux.SetURLVars(request, map[string]string{"name": "repotest", "reference": "1.0"})
 			request.Header.Set("Content-Type", "application/vnd.oci.image.manifest.v1+json")
 			response := httptest.NewRecorder()
diff --git a/pkg/api/errors.go b/pkg/api/errors.go
index c0bfb53d..ddd1c9f9 100644
--- a/pkg/api/errors.go
+++ b/pkg/api/errors.go
@@ -17,7 +17,7 @@ type ErrorList struct {
 
 type ErrorCode int
 
-// nolint: golint, stylecheck, revive
+//nolint:golint,stylecheck,revive
 const (
 	BLOB_UNKNOWN ErrorCode = iota
 	BLOB_UPLOAD_INVALID
@@ -60,7 +60,7 @@ func (e ErrorCode) String() string {
 	return errMap[e]
 }
 
-func NewError(code ErrorCode, detail ...interface{}) Error { //nolint: interfacer
+func NewError(code ErrorCode, detail ...interface{}) Error {
 	errMap := map[ErrorCode]Error{
 		BLOB_UNKNOWN: {
 			Message: "blob unknown to registry",
diff --git a/pkg/api/ldap.go b/pkg/api/ldap.go
index f7e75311..5b337aad 100644
--- a/pkg/api/ldap.go
+++ b/pkg/api/ldap.go
@@ -55,13 +55,12 @@ func (lc *LDAPClient) Connect() error {
 			// Reconnect with TLS
 			if !lc.SkipTLS {
 				config := &tls.Config{
-					InsecureSkipVerify: lc.InsecureSkipVerify, // nolint: gosec // InsecureSkipVerify is not true by default
+					InsecureSkipVerify: lc.InsecureSkipVerify, //nolint: gosec // InsecureSkipVerify is not true by default
 					RootCAs:            lc.ClientCAs,
 				}
 
 				if lc.ClientCertificates != nil && len(lc.ClientCertificates) > 0 {
 					config.Certificates = lc.ClientCertificates
-					config.BuildNameToCertificate()
 				}
 
 				err = l.StartTLS(config)
@@ -74,13 +73,13 @@ func (lc *LDAPClient) Connect() error {
 			}
 		} else {
 			config := &tls.Config{
-				InsecureSkipVerify: lc.InsecureSkipVerify, // nolint: gosec // InsecureSkipVerify is not true by default
+				InsecureSkipVerify: lc.InsecureSkipVerify, //nolint: gosec // InsecureSkipVerify is not true by default
 				ServerName:         lc.ServerName,
 				RootCAs:            lc.ClientCAs,
 			}
 			if lc.ClientCertificates != nil && len(lc.ClientCertificates) > 0 {
 				config.Certificates = lc.ClientCertificates
-				config.BuildNameToCertificate()
+				// config.BuildNameToCertificate()
 			}
 			l, err = ldap.DialTLS("tcp", address, config)
 			if err != nil {
diff --git a/pkg/api/regexp.go b/pkg/api/regexp.go
index 745c8314..fde6a64e 100644
--- a/pkg/api/regexp.go
+++ b/pkg/api/regexp.go
@@ -2,7 +2,7 @@ package api
 
 import "regexp"
 
-// nolint: gochecknoglobals
+//nolint:gochecknoglobals
 var (
 	// alphaNumericRegexp defines the alpha numeric atom, typically a
 	// component of names. This only allows lower case characters and digits.
@@ -29,7 +29,8 @@ var (
 )
 
 // match compiles the string to a regular expression.
-// nolint: gochecknoglobals
+//
+//nolint:gochecknoglobals
 var match = regexp.MustCompile
 
 // literal compiles s into a literal regular expression, escaping any regexp
diff --git a/pkg/api/routes.go b/pkg/api/routes.go
index ec7f1a00..16b5566a 100644
--- a/pkg/api/routes.go
+++ b/pkg/api/routes.go
@@ -32,14 +32,13 @@ import (
 	"zotregistry.io/zot/pkg/log"
 	localCtx "zotregistry.io/zot/pkg/requestcontext"
 	"zotregistry.io/zot/pkg/storage"
-	"zotregistry.io/zot/pkg/test" // nolint:goimports
+	"zotregistry.io/zot/pkg/test" //nolint:goimports
 )
 
 type RouteHandler struct {
 	c *Controller
 }
 
-// nolint: contextcheck
 func NewRouteHandler(c *Controller) *RouteHandler {
 	rh := &RouteHandler{c: c}
 	rh.SetupRoutes()
@@ -51,7 +50,6 @@ func allowedMethods(method string) []string {
 	return []string{http.MethodOptions, method}
 }
 
-// nolint: contextcheck
 func (rh *RouteHandler) SetupRoutes() {
 	rh.c.Router.Use(AuthHandler(rh.c))
 	// authz is being enabled if AccessControl is specified
@@ -308,7 +306,7 @@ func (rh *RouteHandler) CheckManifest(response http.ResponseWriter, request *htt
 		return
 	}
 
-	content, digest, mediaType, err := getImageManifest(rh, imgStore, name, reference)
+	content, digest, mediaType, err := getImageManifest(rh, imgStore, name, reference) //nolint:contextcheck
 	if err != nil {
 		if errors.Is(err, zerr.ErrRepoNotFound) { //nolint:gocritic // errorslint conflicts with gocritic:IfElseChain
 			WriteJSON(response, http.StatusNotFound,
@@ -373,7 +371,7 @@ func (rh *RouteHandler) GetManifest(response http.ResponseWriter, request *http.
 		return
 	}
 
-	content, digest, mediaType, err := getImageManifest(rh, imgStore, name, reference)
+	content, digest, mediaType, err := getImageManifest(rh, imgStore, name, reference) //nolint: contextcheck
 	if err != nil {
 		if errors.Is(err, zerr.ErrRepoNotFound) { //nolint:gocritic // errorslint conflicts with gocritic:IfElseChain
 			WriteJSON(response, http.StatusNotFound,
@@ -1550,7 +1548,7 @@ func (rh *RouteHandler) GetReferrers(response http.ResponseWriter, request *http
 
 	rh.c.Log.Info().Str("digest", digest).Str("artifactType", artifactType).Msg("getting manifest")
 
-	refs, err := getReferrers(rh, imgStore, name, digest, artifactType)
+	refs, err := getReferrers(rh, imgStore, name, digest, artifactType) //nolint:contextcheck
 	if err != nil {
 		rh.c.Log.Error().Err(err).Str("name", name).Str("digest", digest).Msg("unable to get references")
 		response.WriteHeader(http.StatusBadRequest)
diff --git a/pkg/api/routes_test.go b/pkg/api/routes_test.go
index 13a5e44f..2bb8276f 100644
--- a/pkg/api/routes_test.go
+++ b/pkg/api/routes_test.go
@@ -60,7 +60,7 @@ func TestRoutes(t *testing.T) {
 				},
 			}
 
-			request, _ := http.NewRequestWithContext(context.TODO(), "GET", baseURL, nil)
+			request, _ := http.NewRequestWithContext(context.TODO(), http.MethodGet, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{
 				"name":      "test",
 				"reference": "b8b1231908844a55c251211c7a67ae3c809fb86a081a8eeb4a715e6d7d65625c",
@@ -80,7 +80,7 @@ func TestRoutes(t *testing.T) {
 			testUpdateManifest := func(urlVars map[string]string, ism *mocks.MockedImageStore) int {
 				ctlr.StoreController.DefaultStore = ism
 				str := []byte("test")
-				request, _ := http.NewRequestWithContext(context.TODO(), "PUT", baseURL, bytes.NewBuffer(str))
+				request, _ := http.NewRequestWithContext(context.TODO(), http.MethodPut, baseURL, bytes.NewBuffer(str))
 				request = mux.SetURLVars(request, urlVars)
 				request.Header.Add("Content-Type", ispec.MediaTypeImageManifest)
 				response := httptest.NewRecorder()
@@ -159,7 +159,7 @@ func TestRoutes(t *testing.T) {
 		Convey("DeleteManifest", func() {
 			testDeleteManifest := func(headers map[string]string, urlVars map[string]string, ism *mocks.MockedImageStore) int {
 				ctlr.StoreController.DefaultStore = ism
-				request, _ := http.NewRequestWithContext(context.Background(), "DELETE", baseURL, nil)
+				request, _ := http.NewRequestWithContext(context.Background(), http.MethodDelete, baseURL, nil)
 				request = mux.SetURLVars(request, urlVars)
 				for k, v := range headers {
 					request.Header.Add(k, v)
@@ -238,7 +238,7 @@ func TestRoutes(t *testing.T) {
 		Convey("DeleteBlob", func() {
 			testDeleteBlob := func(urlVars map[string]string, ism *mocks.MockedImageStore) int {
 				ctlr.StoreController.DefaultStore = ism
-				request, _ := http.NewRequestWithContext(context.TODO(), "DELETE", baseURL, nil)
+				request, _ := http.NewRequestWithContext(context.TODO(), http.MethodDelete, baseURL, nil)
 				request = mux.SetURLVars(request, urlVars)
 				response := httptest.NewRecorder()
 
@@ -306,7 +306,7 @@ func TestRoutes(t *testing.T) {
 		Convey("CheckBlob", func() {
 			testCheckBlob := func(urlVars map[string]string, ism *mocks.MockedImageStore) int {
 				ctlr.StoreController.DefaultStore = ism
-				request, _ := http.NewRequestWithContext(context.TODO(), "HEAD", baseURL, nil)
+				request, _ := http.NewRequestWithContext(context.TODO(), http.MethodHead, baseURL, nil)
 				request = mux.SetURLVars(request, urlVars)
 				response := httptest.NewRecorder()
 
@@ -387,7 +387,7 @@ func TestRoutes(t *testing.T) {
 		Convey("GetBlob", func() {
 			testGetBlob := func(urlVars map[string]string, ism *mocks.MockedImageStore) int {
 				ctlr.StoreController.DefaultStore = ism
-				request, _ := http.NewRequestWithContext(context.TODO(), "GET", baseURL, nil)
+				request, _ := http.NewRequestWithContext(context.TODO(), http.MethodGet, baseURL, nil)
 				request = mux.SetURLVars(request, urlVars)
 				response := httptest.NewRecorder()
 
@@ -432,7 +432,7 @@ func TestRoutes(t *testing.T) {
 				ism *mocks.MockedImageStore,
 			) int {
 				ctlr.StoreController.DefaultStore = ism
-				request, _ := http.NewRequestWithContext(context.TODO(), "POST", baseURL, nil)
+				request, _ := http.NewRequestWithContext(context.TODO(), http.MethodPost, baseURL, nil)
 				request = mux.SetURLVars(request,
 					map[string]string{
 						"name":  "test",
@@ -579,7 +579,7 @@ func TestRoutes(t *testing.T) {
 				ism *mocks.MockedImageStore,
 			) int {
 				ctlr.StoreController.DefaultStore = ism
-				request, _ := http.NewRequestWithContext(context.TODO(), "GET", baseURL, nil)
+				request, _ := http.NewRequestWithContext(context.TODO(), http.MethodGet, baseURL, nil)
 				request = mux.SetURLVars(request, vars)
 
 				q := request.URL.Query()
@@ -694,7 +694,7 @@ func TestRoutes(t *testing.T) {
 				ism *mocks.MockedImageStore,
 			) int {
 				ctlr.StoreController.DefaultStore = ism
-				request, _ := http.NewRequestWithContext(context.TODO(), "PATCH", baseURL, nil)
+				request, _ := http.NewRequestWithContext(context.TODO(), http.MethodPatch, baseURL, nil)
 
 				request = mux.SetURLVars(request, vars)
 
@@ -809,7 +809,7 @@ func TestRoutes(t *testing.T) {
 				ism *mocks.MockedImageStore,
 			) int {
 				ctlr.StoreController.DefaultStore = ism
-				request, _ := http.NewRequestWithContext(context.TODO(), "PATCH", baseURL, nil)
+				request, _ := http.NewRequestWithContext(context.TODO(), http.MethodPatch, baseURL, nil)
 
 				request = mux.SetURLVars(request, vars)
 
@@ -1054,7 +1054,7 @@ func TestRoutes(t *testing.T) {
 				ism *mocks.MockedImageStore,
 			) int {
 				ctlr.StoreController.DefaultStore = ism
-				request, _ := http.NewRequestWithContext(context.TODO(), "PATCH", baseURL, nil)
+				request, _ := http.NewRequestWithContext(context.TODO(), http.MethodPatch, baseURL, nil)
 
 				request = mux.SetURLVars(request, vars)
 
@@ -1139,7 +1139,7 @@ func TestRoutes(t *testing.T) {
 						},
 					},
 				}
-				request, _ := http.NewRequestWithContext(context.TODO(), "GET", baseURL, nil)
+				request, _ := http.NewRequestWithContext(context.TODO(), http.MethodGet, baseURL, nil)
 
 				request = mux.SetURLVars(request, vars)
 
@@ -1171,7 +1171,7 @@ func TestRoutes(t *testing.T) {
 			) int {
 				ctlr.StoreController.DefaultStore = ism
 				ctlr.StoreController.SubStore = map[string]storage.ImageStore{}
-				request, _ := http.NewRequestWithContext(context.TODO(), "PATCH", baseURL, nil)
+				request, _ := http.NewRequestWithContext(context.TODO(), http.MethodPatch, baseURL, nil)
 
 				request = mux.SetURLVars(request, vars)
 
@@ -1249,7 +1249,7 @@ func TestRoutes(t *testing.T) {
 			// acCtx := api.NewAccessControlContext(map[string]bool{}, true)
 			// ctx := context.WithValue(context.Background(), "ctx", acCtx)
 			ctx := context.Background()
-			request, _ := http.NewRequestWithContext(ctx, "GET", baseURL, nil)
+			request, _ := http.NewRequestWithContext(ctx, http.MethodGet, baseURL, nil)
 			request = mux.SetURLVars(request, map[string]string{
 				"name":       "repo",
 				"session_id": "test",
@@ -1272,7 +1272,7 @@ func TestRoutes(t *testing.T) {
 				ism *mocks.MockedImageStore,
 			) int {
 				ctlr.StoreController.DefaultStore = ism
-				request, _ := http.NewRequestWithContext(context.TODO(), "PATCH", baseURL, nil)
+				request, _ := http.NewRequestWithContext(context.TODO(), http.MethodPatch, baseURL, nil)
 
 				request = mux.SetURLVars(request, vars)
 
diff --git a/pkg/api/session.go b/pkg/api/session.go
index 9df80740..e2eee846 100644
--- a/pkg/api/session.go
+++ b/pkg/api/session.go
@@ -98,7 +98,7 @@ func SessionLogger(ctlr *Controller) mux.MiddlewareFunc {
 						b, err := base64.StdEncoding.DecodeString(s[1])
 						if err == nil {
 							pair := strings.SplitN(string(b), ":", 2) //nolint:gomnd
-							// nolint:gomnd
+							//nolint:gomnd
 							if len(pair) == 2 {
 								log = log.Str("username", pair[0])
 							}
diff --git a/pkg/cli/client.go b/pkg/cli/client.go
index 18644f22..5cea555a 100644
--- a/pkg/cli/client.go
+++ b/pkg/cli/client.go
@@ -69,7 +69,7 @@ func createHTTPClient(verifyTLS bool, host string) *http.Client {
 func makeGETRequest(ctx context.Context, url, username, password string,
 	verifyTLS bool, debug bool, resultsPtr interface{}, configWriter io.Writer,
 ) (http.Header, error) {
-	req, err := http.NewRequestWithContext(ctx, "GET", url, nil)
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -82,7 +82,7 @@ func makeGETRequest(ctx context.Context, url, username, password string,
 func makeGraphQLRequest(ctx context.Context, url, query, username,
 	password string, verifyTLS bool, debug bool, resultsPtr interface{}, configWriter io.Writer,
 ) error {
-	req, err := http.NewRequestWithContext(ctx, "GET", url, bytes.NewBufferString(query))
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, bytes.NewBufferString(query))
 	if err != nil {
 		return err
 	}
diff --git a/pkg/cli/client_elevated_test.go b/pkg/cli/client_elevated_test.go
index a3125444..5168b740 100644
--- a/pkg/cli/client_elevated_test.go
+++ b/pkg/cli/client_elevated_test.go
@@ -24,7 +24,7 @@ import (
 
 func TestElevatedPrivilegesTLSNewControllerPrivilegedCert(t *testing.T) {
 	Convey("Privileged certs - Make a new controller", t, func() {
-		cmd := exec.Command("mkdir", "-p", "/etc/containers/certs.d/127.0.0.1:8089/") // nolint: gosec
+		cmd := exec.Command("mkdir", "-p", "/etc/containers/certs.d/127.0.0.1:8089/") //nolint: gosec
 		_, err := cmd.Output()
 		if err != nil {
 			panic(err)
@@ -32,8 +32,8 @@ func TestElevatedPrivilegesTLSNewControllerPrivilegedCert(t *testing.T) {
 
 		defer exec.Command("rm", "-rf", "/etc/containers/certs.d/127.0.0.1:8089/")
 
-		wd, _ := os.Getwd()
-		os.Chdir("../../test/data")
+		workDir, _ := os.Getwd()
+		_ = os.Chdir("../../test/data")
 
 		clientGlob, _ := filepath.Glob("client.*")
 		caGlob, _ := filepath.Glob("ca.*")
@@ -64,7 +64,7 @@ func TestElevatedPrivilegesTLSNewControllerPrivilegedCert(t *testing.T) {
 			}
 		}
 
-		os.Chdir(wd)
+		_ = os.Chdir(workDir)
 
 		caCert, err := os.ReadFile(CACert)
 		So(err, ShouldBeNil)
diff --git a/pkg/cli/cve_cmd.go b/pkg/cli/cve_cmd.go
index a995c2d0..6ad9e71e 100644
--- a/pkg/cli/cve_cmd.go
+++ b/pkg/cli/cve_cmd.go
@@ -174,7 +174,7 @@ func checkExtEndPoint(serverURL string) bool {
 		return false
 	}
 
-	// nolint: gosec
+	//nolint: gosec
 	resp, err := client.R().Get(extEndPoint)
 	if err != nil || resp.StatusCode() != http.StatusOK {
 		return false
diff --git a/pkg/cli/cve_cmd_test.go b/pkg/cli/cve_cmd_test.go
index c1bd3fa6..011bf480 100644
--- a/pkg/cli/cve_cmd_test.go
+++ b/pkg/cli/cve_cmd_test.go
@@ -341,7 +341,7 @@ func TestSearchCVECmd(t *testing.T) {
 	})
 }
 
-// nolint: dupl // GQL
+//nolint:dupl // GQL
 func TestServerCVEResponseGQL(t *testing.T) {
 	port := test.GetFreePort()
 	url := test.GetBaseURL(port)
@@ -750,7 +750,7 @@ func TestNegativeServerResponse(t *testing.T) {
 	})
 }
 
-// nolint: dupl
+//nolint:dupl
 func TestServerCVEResponse(t *testing.T) {
 	port := test.GetFreePort()
 	url := test.GetBaseURL(port)
diff --git a/pkg/cli/extensions_test.go b/pkg/cli/extensions_test.go
index 68ed19d7..26445e37 100644
--- a/pkg/cli/extensions_test.go
+++ b/pkg/cli/extensions_test.go
@@ -785,7 +785,7 @@ func TestServeSearchDisabled(t *testing.T) {
 	})
 }
 
-func readLogFileAndSearchString(logPath string, stringToMatch string, timeout time.Duration) (bool, error) {
+func readLogFileAndSearchString(logPath string, stringToMatch string, timeout time.Duration) (bool, error) { //nolint:unparam,lll
 	ctx, cancelFunc := context.WithTimeout(context.Background(), timeout)
 	defer cancelFunc()
 
diff --git a/pkg/cli/image_cmd_test.go b/pkg/cli/image_cmd_test.go
index fa4de9da..76480c64 100644
--- a/pkg/cli/image_cmd_test.go
+++ b/pkg/cli/image_cmd_test.go
@@ -250,7 +250,7 @@ func TestSearchImageCmd(t *testing.T) {
 	})
 }
 
-// nolint: dupl
+//nolint:dupl
 func TestDerivedImageList(t *testing.T) {
 	Convey("Test from real server", t, func() {
 		port := test.GetFreePort()
@@ -344,7 +344,7 @@ func TestDerivedImageList(t *testing.T) {
 	})
 }
 
-// nolint: dupl
+//nolint:dupl
 func TestBaseImageList(t *testing.T) {
 	Convey("Test from real server", t, func() {
 		port := test.GetFreePort()
@@ -1469,7 +1469,7 @@ func (service mockService) getImagesByCveIDGQL(ctx context.Context, config searc
 	imagesForCve := &imagesForCve{
 		Errors: nil,
 		Data: struct {
-			ImageList []imageStruct `json:"ImageListForCVE"` // nolint:tagliatelle
+			ImageList []imageStruct `json:"ImageListForCVE"` //nolint:tagliatelle
 		}{},
 	}
 
@@ -1545,7 +1545,7 @@ func (service mockService) getCveByImageGQL(ctx context.Context, config searchCo
 	return cveRes, nil
 }
 
-// nolint: goconst
+//nolint:goconst
 func (service mockService) getMockedImageByName(imageName string) imageStruct {
 	image := imageStruct{}
 	image.RepoName = imageName
diff --git a/pkg/cli/root.go b/pkg/cli/root.go
index 3eb5e739..98f74a22 100644
--- a/pkg/cli/root.go
+++ b/pkg/cli/root.go
@@ -372,7 +372,7 @@ func applyDefaultValues(config *config.Config, viperInstance *viper.Viper) {
 			}
 
 			if config.Extensions.Search.CVE == nil {
-				config.Extensions.Search.CVE = &extconf.CVEConfig{UpdateInterval: 24 * time.Hour} // nolint: gomnd
+				config.Extensions.Search.CVE = &extconf.CVEConfig{UpdateInterval: 24 * time.Hour} //nolint: gomnd
 			}
 		}
 
@@ -392,7 +392,7 @@ func applyDefaultValues(config *config.Config, viperInstance *viper.Viper) {
 			}
 
 			if config.Extensions.Scrub.Interval == 0 {
-				config.Extensions.Scrub.Interval = 24 * time.Hour // nolint: gomnd
+				config.Extensions.Scrub.Interval = 24 * time.Hour //nolint: gomnd
 			}
 		}
 	}
diff --git a/pkg/cli/searcher.go b/pkg/cli/searcher.go
index bf4aadbd..378c87e3 100644
--- a/pkg/cli/searcher.go
+++ b/pkg/cli/searcher.go
@@ -638,14 +638,14 @@ type spinnerState struct {
 	enabled bool
 }
 
-// nolint
+//nolint
 func (spinner *spinnerState) startSpinner() {
 	if spinner.enabled {
 		spinner.spinner.Start()
 	}
 }
 
-// nolint
+//nolint
 func (spinner *spinnerState) stopSpinner() {
 	if spinner.enabled && spinner.spinner.Active() {
 		spinner.spinner.Stop()
@@ -706,7 +706,7 @@ func printImageTableHeader(writer io.Writer, verbose bool) {
 		table.SetColMinWidth(colLayersIndex, layersWidth)
 	}
 
-	row := make([]string, 6) // nolint:gomnd
+	row := make([]string, 6) //nolint:gomnd
 
 	row[colImageNameIndex] = "IMAGE NAME"
 	row[colTagIndex] = "TAG"
diff --git a/pkg/cli/service.go b/pkg/cli/service.go
index 1861d3e3..4fd75a07 100644
--- a/pkg/cli/service.go
+++ b/pkg/cli/service.go
@@ -21,7 +21,7 @@ import (
 	"zotregistry.io/zot/pkg/api/constants"
 )
 
-type SearchService interface {
+type SearchService interface { //nolint:interfacebloat
 	getImagesGQL(ctx context.Context, config searchConfig, username, password string,
 		imageName string) (*imageListStructGQL, error)
 	getImagesByDigestGQL(ctx context.Context, config searchConfig, username, password string,
@@ -673,7 +673,7 @@ func checkResultGraphQLQuery(ctx context.Context, err error, resultErrors []erro
 ) error {
 	if err != nil {
 		if isContextDone(ctx) {
-			return nil // nolint:nilnil
+			return nil //nolint:nilnil
 		}
 
 		return err
@@ -690,7 +690,7 @@ func checkResultGraphQLQuery(ctx context.Context, err error, resultErrors []erro
 			return nil
 		}
 
-		// nolint: goerr113
+		//nolint: goerr113
 		return errors.New(errBuilder.String())
 	}
 
@@ -851,28 +851,28 @@ type imageStruct struct {
 type imageListStructGQL struct {
 	Errors []errorGraphQL `json:"errors"`
 	Data   struct {
-		ImageList []imageStruct `json:"ImageList"` // nolint:tagliatelle
+		ImageList []imageStruct `json:"ImageList"` //nolint:tagliatelle
 	} `json:"data"`
 }
 
 type imageListStructForDigestGQL struct {
 	Errors []errorGraphQL `json:"errors"`
 	Data   struct {
-		ImageList []imageStruct `json:"ImageListForDigest"` // nolint:tagliatelle
+		ImageList []imageStruct `json:"ImageListForDigest"` //nolint:tagliatelle
 	} `json:"data"`
 }
 
 type imageListStructForDerivedImagesGQL struct {
 	Errors []errorGraphQL `json:"errors"`
 	Data   struct {
-		ImageList []imageStruct `json:"DerivedImageList"` // nolint:tagliatelle
+		ImageList []imageStruct `json:"DerivedImageList"` //nolint:tagliatelle
 	} `json:"data"`
 }
 
 type imageListStructForBaseImagesGQL struct {
 	Errors []errorGraphQL `json:"errors"`
 	Data   struct {
-		ImageList []imageStruct `json:"BaseImageList"` // nolint:tagliatelle
+		ImageList []imageStruct `json:"BaseImageList"` //nolint:tagliatelle
 	} `json:"data"`
 }
 
@@ -921,7 +921,7 @@ func (img imageStruct) stringPlainText() (string, error) {
 	imgSize, _ := strconv.ParseUint(img.Size, 10, 64)
 	size := ellipsize(strings.ReplaceAll(humanize.Bytes(imgSize), " ", ""), sizeWidth, ellipsis)
 	config := ellipsize(img.ConfigDigest, configWidth, "")
-	row := make([]string, 6) // nolint:gomnd
+	row := make([]string, 6) //nolint:gomnd
 
 	row[colImageNameIndex] = imageName
 	row[colTagIndex] = tagName
@@ -941,7 +941,7 @@ func (img imageStruct) stringPlainText() (string, error) {
 			size := ellipsize(strings.ReplaceAll(humanize.Bytes(layerSize), " ", ""), sizeWidth, ellipsis)
 			layerDigest := ellipsize(entry.Digest, digestWidth, "")
 
-			layerRow := make([]string, 6) // nolint:gomnd
+			layerRow := make([]string, 6) //nolint:gomnd
 			layerRow[colImageNameIndex] = ""
 			layerRow[colTagIndex] = ""
 			layerRow[colDigestIndex] = ""
diff --git a/pkg/cli/stress_test.go b/pkg/cli/stress_test.go
index 051a193a..d7d8fb73 100644
--- a/pkg/cli/stress_test.go
+++ b/pkg/cli/stress_test.go
@@ -171,7 +171,7 @@ func worker(id int, zotPort, rootDir string) {
 			sourceImg, destImg,
 		}
 		err := exec.Command("skopeo", skopeoArgs...).Run()
-		if err != nil { // nolint: wsl
+		if err != nil { //nolint: wsl
 			continue // we expect clients to receive errors due to FD limit reached on server
 		}
 
diff --git a/pkg/compliance/v1_0_0/check.go b/pkg/compliance/v1_0_0/check.go
index 976cb4c9..d5323e2b 100644
--- a/pkg/compliance/v1_0_0/check.go
+++ b/pkg/compliance/v1_0_0/check.go
@@ -1,5 +1,5 @@
-// nolint: dupl
-package v1_0_0 // nolint:stylecheck,golint,revive
+//nolint:dupl
+package v1_0_0 //nolint:stylecheck,golint,revive
 
 import (
 	"bytes"
@@ -14,9 +14,9 @@ import (
 	"testing"
 
 	godigest "github.com/opencontainers/go-digest"
-	// nolint: goimports
+	//nolint: goimports
 	ispec "github.com/opencontainers/image-spec/specs-go/v1"
-	// nolint:golint,stylecheck,revive
+	//nolint:golint,stylecheck,revive
 	. "github.com/smartystreets/goconvey/convey"
 	"github.com/smartystreets/goconvey/convey/reporting"
 	"gopkg.in/resty.v1"
@@ -1054,7 +1054,7 @@ func CheckWorkflows(t *testing.T, config *compliance.Config) {
 	})
 }
 
-// nolint: gochecknoglobals
+//nolint:gochecknoglobals
 var (
 	old  *os.File
 	r    *os.File
diff --git a/pkg/compliance/v1_0_0/check_test.go b/pkg/compliance/v1_0_0/check_test.go
index 67025e3d..bd88c3b4 100644
--- a/pkg/compliance/v1_0_0/check_test.go
+++ b/pkg/compliance/v1_0_0/check_test.go
@@ -15,7 +15,7 @@ import (
 	. "zotregistry.io/zot/pkg/test"
 )
 
-// nolint: gochecknoglobals
+//nolint:gochecknoglobals
 var (
 	listenAddress = "127.0.0.1"
 	defaultDir    = ""
diff --git a/pkg/debug/swagger/swagger.go b/pkg/debug/swagger/swagger.go
index b1eb1292..a1a3a378 100644
--- a/pkg/debug/swagger/swagger.go
+++ b/pkg/debug/swagger/swagger.go
@@ -11,7 +11,7 @@ import (
 	"github.com/gorilla/mux"
 	httpSwagger "github.com/swaggo/http-swagger"
 	"zotregistry.io/zot/pkg/api/config"
-	"zotregistry.io/zot/pkg/log" // nolint:goimports
+	"zotregistry.io/zot/pkg/log" //nolint:goimports
 	// as required by swaggo.
 	_ "zotregistry.io/zot/swagger"
 )
diff --git a/pkg/debug/swagger/swagger_disabled.go b/pkg/debug/swagger/swagger_disabled.go
index 38da6a21..239968d2 100644
--- a/pkg/debug/swagger/swagger_disabled.go
+++ b/pkg/debug/swagger/swagger_disabled.go
@@ -10,7 +10,7 @@ package debug
 import (
 	"github.com/gorilla/mux"
 	"zotregistry.io/zot/pkg/api/config"
-	"zotregistry.io/zot/pkg/log" // nolint:goimports
+	"zotregistry.io/zot/pkg/log" //nolint:goimports
 	// as required by swaggo.
 	_ "zotregistry.io/zot/swagger"
 )
diff --git a/pkg/exporter/api/exporter.go b/pkg/exporter/api/exporter.go
index 0f16ee6f..46b5b11e 100644
--- a/pkg/exporter/api/exporter.go
+++ b/pkg/exporter/api/exporter.go
@@ -1,7 +1,7 @@
 //go:build !metrics
 // +build !metrics
 
-// nolint: varnamelen
+//nolint:varnamelen
 package api
 
 import (
@@ -10,6 +10,7 @@ import (
 	"net/http"
 	"regexp"
 	"strconv"
+	"time"
 
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
@@ -17,6 +18,11 @@ import (
 	"zotregistry.io/zot/pkg/log"
 )
 
+const (
+	idleTimeout       = 120 * time.Second
+	readHeaderTimeout = 5 * time.Second
+)
+
 type Collector struct {
 	Client       *monitoring.MetricsClient
 	MetricsDesc  map[string]*prometheus.Desc // all known metrics descriptions
@@ -164,18 +170,24 @@ func GetCollector(c *Controller) *Collector {
 }
 
 func runExporter(c *Controller) {
+	exporterAddr := fmt.Sprintf(":%s", c.Config.Exporter.Port)
+	server := &http.Server{
+		Addr:              exporterAddr,
+		IdleTimeout:       idleTimeout,
+		ReadHeaderTimeout: readHeaderTimeout,
+	}
+
 	err := prometheus.Register(GetCollector(c))
 	if err != nil {
 		c.Log.Error().Err(err).Msg("Expected error in testing")
 	}
 
 	http.Handle(c.Config.Exporter.Metrics.Path, promhttp.Handler())
-	exporterAddr := fmt.Sprintf(":%s", c.Config.Exporter.Port)
 	c.Log.Info().Msgf("Exporter is listening on %s & exposes metrics on %s path",
 		exporterAddr, c.Config.Exporter.Metrics.Path)
 
 	serverAddr := fmt.Sprintf("%s://%s:%s", c.Config.Server.Protocol,
 		c.Config.Server.Host, c.Config.Server.Port)
 	c.Log.Info().Msgf("Scraping metrics from %s", serverAddr)
-	c.Log.Fatal().Err(http.ListenAndServe(exporterAddr, nil)).Msg("Exporter stopped")
+	c.Log.Fatal().Err(server.ListenAndServe()).Msg("Exporter stopped")
 }
diff --git a/pkg/extensions/extension_search.go b/pkg/extensions/extension_search.go
index a11ff3eb..298e1051 100644
--- a/pkg/extensions/extension_search.go
+++ b/pkg/extensions/extension_search.go
@@ -21,7 +21,7 @@ import (
 // We need this object to be a singleton as read/writes in the CVE DB may
 // occur at any time via DB downloads as well as during scanning.
 // The library doesn't seem to handle concurrency very well internally.
-var cveInfo cveinfo.CveInfo // nolint:gochecknoglobals
+var cveInfo cveinfo.CveInfo //nolint:gochecknoglobals
 
 func EnableSearchExtension(config *config.Config, log log.Logger, storeController storage.StoreController) {
 	if config.Extensions.Search != nil && *config.Extensions.Search.Enable && config.Extensions.Search.CVE != nil {
diff --git a/pkg/extensions/lint/lint_test.go b/pkg/extensions/lint/lint_test.go
index 61a016f7..4dd4340d 100644
--- a/pkg/extensions/lint/lint_test.go
+++ b/pkg/extensions/lint/lint_test.go
@@ -40,7 +40,7 @@ const (
 )
 
 func TestVerifyMandatoryAnnotations(t *testing.T) {
-	// nolint: dupl
+	//nolint: dupl
 	Convey("Mandatory annotations disabled", t, func() {
 		port := test.GetFreePort()
 		baseURL := test.GetBaseURL(port)
@@ -87,7 +87,7 @@ func TestVerifyMandatoryAnnotations(t *testing.T) {
 		So(resp.StatusCode(), ShouldEqual, http.StatusCreated)
 	})
 
-	// nolint: dupl
+	//nolint: dupl
 	Convey("Mandatory annotations enabled, but no list in config", t, func() {
 		port := test.GetFreePort()
 		baseURL := test.GetBaseURL(port)
diff --git a/pkg/extensions/monitoring/extension.go b/pkg/extensions/monitoring/extension.go
index 75c89abb..3d02141b 100644
--- a/pkg/extensions/monitoring/extension.go
+++ b/pkg/extensions/monitoring/extension.go
@@ -17,7 +17,7 @@ import (
 const metricsNamespace = "zot"
 
 var (
-	httpConnRequests = promauto.NewCounterVec( // nolint: gochecknoglobals
+	httpConnRequests = promauto.NewCounterVec( //nolint: gochecknoglobals
 		prometheus.CounterOpts{
 			Namespace: metricsNamespace,
 			Name:      "http_requests_total",
@@ -25,7 +25,7 @@ var (
 		},
 		[]string{"method", "code"},
 	)
-	httpRepoLatency = promauto.NewSummaryVec( // nolint: gochecknoglobals
+	httpRepoLatency = promauto.NewSummaryVec( //nolint: gochecknoglobals
 		prometheus.SummaryOpts{
 			Namespace: metricsNamespace,
 			Name:      "http_repo_latency_seconds",
@@ -33,7 +33,7 @@ var (
 		},
 		[]string{"repo"},
 	)
-	httpMethodLatency = promauto.NewHistogramVec( // nolint: gochecknoglobals
+	httpMethodLatency = promauto.NewHistogramVec( //nolint: gochecknoglobals
 		prometheus.HistogramOpts{
 			Namespace: metricsNamespace,
 			Name:      "http_method_latency_seconds",
@@ -42,7 +42,7 @@ var (
 		},
 		[]string{"method"},
 	)
-	repoStorageBytes = promauto.NewGaugeVec( // nolint: gochecknoglobals
+	repoStorageBytes = promauto.NewGaugeVec( //nolint: gochecknoglobals
 		prometheus.GaugeOpts{
 			Namespace: metricsNamespace,
 			Name:      "repo_storage_bytes",
@@ -50,7 +50,7 @@ var (
 		},
 		[]string{"repo"},
 	)
-	uploadCounter = promauto.NewCounterVec( // nolint: gochecknoglobals
+	uploadCounter = promauto.NewCounterVec( //nolint: gochecknoglobals
 		prometheus.CounterOpts{
 			Namespace: metricsNamespace,
 			Name:      "repo_uploads_total",
@@ -58,7 +58,7 @@ var (
 		},
 		[]string{"repo"},
 	)
-	downloadCounter = promauto.NewCounterVec( // nolint: gochecknoglobals
+	downloadCounter = promauto.NewCounterVec( //nolint: gochecknoglobals
 		prometheus.CounterOpts{
 			Namespace: metricsNamespace,
 			Name:      "repo_downloads_total",
@@ -66,7 +66,7 @@ var (
 		},
 		[]string{"repo"},
 	)
-	serverInfo = promauto.NewGaugeVec( // nolint: gochecknoglobals
+	serverInfo = promauto.NewGaugeVec( //nolint: gochecknoglobals
 		prometheus.GaugeOpts{
 			Namespace: metricsNamespace,
 			Name:      "info",
@@ -74,7 +74,7 @@ var (
 		},
 		[]string{"commit", "binaryType", "goVersion", "version"},
 	)
-	storageLockLatency = promauto.NewHistogramVec( // nolint: gochecknoglobals
+	storageLockLatency = promauto.NewHistogramVec( //nolint: gochecknoglobals
 		prometheus.HistogramOpts{
 			Namespace: metricsNamespace,
 			Name:      "storage_lock_latency_seconds",
diff --git a/pkg/extensions/monitoring/minimal.go b/pkg/extensions/monitoring/minimal.go
index e10ca8d7..f8242039 100644
--- a/pkg/extensions/monitoring/minimal.go
+++ b/pkg/extensions/monitoring/minimal.go
@@ -1,7 +1,7 @@
 //go:build !metrics
 // +build !metrics
 
-// nolint: varnamelen,forcetypeassert
+//nolint:varnamelen,forcetypeassert
 package monitoring
 
 import (
@@ -401,7 +401,7 @@ func (ms *metricServer) HistogramObserve(hv *HistogramValue) {
 	}
 }
 
-// nolint: goerr113
+//nolint:goerr113
 func sanityChecks(name string, knownLabels []string, found bool, labelNames, labelValues []string) error {
 	if !found {
 		return fmt.Errorf("metric %s: not found", name)
diff --git a/pkg/extensions/monitoring/minimal_client.go b/pkg/extensions/monitoring/minimal_client.go
index 580af1ec..e19a5066 100644
--- a/pkg/extensions/monitoring/minimal_client.go
+++ b/pkg/extensions/monitoring/minimal_client.go
@@ -68,7 +68,7 @@ func (mc *MetricsClient) GetMetrics() (*MetricsInfo, error) {
 }
 
 func (mc *MetricsClient) makeGETRequest(url string, resultsPtr interface{}) (http.Header, error) {
-	req, err := http.NewRequestWithContext(context.Background(), "GET", url, nil)
+	req, err := http.NewRequestWithContext(context.Background(), http.MethodGet, url, nil)
 	if err != nil {
 		return nil, fmt.Errorf("metric scraping: %w", err)
 	}
diff --git a/pkg/extensions/search/common/common.go b/pkg/extensions/search/common/common.go
index d50a4583..a247ee52 100644
--- a/pkg/extensions/search/common/common.go
+++ b/pkg/extensions/search/common/common.go
@@ -126,7 +126,7 @@ func GetLatestTag(allTags []TagInfo) TagInfo {
 func GetRoutePrefix(name string) string {
 	names := strings.SplitN(name, "/", 2) //nolint:gomnd
 
-	if len(names) != 2 { // nolint:gomnd
+	if len(names) != 2 { //nolint:gomnd
 		// it means route is of global storage e.g "centos:latest"
 		if len(names) == 1 {
 			return "/"
@@ -146,9 +146,12 @@ type ImageAnnotations struct {
 	Vendor        string
 }
 
-/* OCI annotation/label with backwards compatibility
+/*
+	OCI annotation/label with backwards compatibility
+
 arg can be either lables or annotations
-https://github.com/opencontainers/image-spec/blob/main/annotations.md.*/
+https://github.com/opencontainers/image-spec/blob/main/annotations.md.
+*/
 func GetAnnotationValue(annotations map[string]string, annotationKey, labelKey string) string {
 	value, ok := annotations[annotationKey]
 	if !ok || value == "" {
diff --git a/pkg/extensions/search/common/common_test.go b/pkg/extensions/search/common/common_test.go
index 967ba83a..ab5f43eb 100644
--- a/pkg/extensions/search/common/common_test.go
+++ b/pkg/extensions/search/common/common_test.go
@@ -50,7 +50,7 @@ var (
 	ErrPutManifest = errors.New("can't put manifest")
 )
 
-// nolint:gochecknoglobals
+//nolint:gochecknoglobals
 var (
 	rootDir    string
 	subRootDir string
@@ -111,7 +111,7 @@ type ImageSummaryResult struct {
 	Errors             []ErrorGQL         `json:"errors"`
 }
 
-func testSetup(t *testing.T, subpath string) error {
+func testSetup(t *testing.T, subpath string) error { //nolint:unparam
 	t.Helper()
 	dir := t.TempDir()
 
@@ -738,7 +738,7 @@ func TestExpandedRepoInfo(t *testing.T) {
 		err = os.WriteFile(indexPath, buf, 0o600)
 		So(err, ShouldBeNil)
 
-		query := "{ExpandedRepoInfo(repo:\"test1\"){Summary%20{Name%20LastUpdated%20Size%20Platforms%20{Os%20Arch}%20Vendors%20Score}%20Images%20{Digest%20IsSigned%20Tag%20Layers%20{Size%20Digest}}}}" // nolint: lll
+		query := "{ExpandedRepoInfo(repo:\"test1\"){Summary%20{Name%20LastUpdated%20Size%20Platforms%20{Os%20Arch}%20Vendors%20Score}%20Images%20{Digest%20IsSigned%20Tag%20Layers%20{Size%20Digest}}}}" //nolint: lll
 
 		resp, err := resty.R().Get(baseURL + graphqlQueryPrefix + "?query=" + query)
 		So(resp, ShouldNotBeNil)
@@ -808,7 +808,7 @@ func TestExpandedRepoInfo(t *testing.T) {
 		So(err, ShouldBeNil)
 		So(resp.StatusCode(), ShouldEqual, 422)
 
-		query := "{ExpandedRepoInfo(repo:\"zot-cve-test\"){Summary%20{Name%20LastUpdated%20Size%20Platforms%20{Os%20Arch}%20Vendors%20Score}}}" // nolint: lll
+		query := "{ExpandedRepoInfo(repo:\"zot-cve-test\"){Summary%20{Name%20LastUpdated%20Size%20Platforms%20{Os%20Arch}%20Vendors%20Score}}}" //nolint: lll
 
 		resp, err = resty.R().Get(baseURL + graphqlQueryPrefix + "?query=" + query)
 		So(resp, ShouldNotBeNil)
@@ -1372,7 +1372,7 @@ func TestDerivedImageList(t *testing.T) {
 	})
 }
 
-// nolint:dupl
+//nolint:dupl
 func TestDerivedImageListNoRepos(t *testing.T) {
 	Convey("No repositories found", t, func() {
 		port := GetFreePort()
@@ -1887,7 +1887,7 @@ func TestBaseImageList(t *testing.T) {
 	})
 }
 
-// nolint:dupl
+//nolint:dupl
 func TestBaseImageListNoRepos(t *testing.T) {
 	Convey("No repositories found", t, func() {
 		port := GetFreePort()
diff --git a/pkg/extensions/search/common/oci_layout.go b/pkg/extensions/search/common/oci_layout.go
index 4814c01d..7ca726ed 100644
--- a/pkg/extensions/search/common/oci_layout.go
+++ b/pkg/extensions/search/common/oci_layout.go
@@ -18,7 +18,7 @@ import (
 	"zotregistry.io/zot/pkg/storage"
 )
 
-type OciLayoutUtils interface {
+type OciLayoutUtils interface { //nolint: interfacebloat
 	GetImageManifest(repo string, reference string) (ispec.Manifest, string, error)
 	GetImageManifests(image string) ([]ispec.Descriptor, error)
 	GetImageBlobManifest(imageDir string, digest godigest.Digest) (v1.Manifest, error)
@@ -117,7 +117,6 @@ func (olu BaseOciLayoutUtils) GetImageManifests(image string) ([]ispec.Descripto
 	return index.Manifests, nil
 }
 
-//nolint: interfacer
 func (olu BaseOciLayoutUtils) GetImageBlobManifest(imageDir string, digest godigest.Digest) (v1.Manifest, error) {
 	var blobIndex v1.Manifest
 
@@ -139,7 +138,6 @@ func (olu BaseOciLayoutUtils) GetImageBlobManifest(imageDir string, digest godig
 	return blobIndex, nil
 }
 
-//nolint: interfacer
 func (olu BaseOciLayoutUtils) GetImageInfo(imageDir string, hash v1.Hash) (ispec.Image, error) {
 	var imageInfo ispec.Image
 
@@ -230,7 +228,7 @@ func (olu BaseOciLayoutUtils) checkCosignSignature(name string, digest godigest.
 	// new manifest is tagged as sha256-<manifest-digest>.sig.
 	reference := fmt.Sprintf("sha256-%s.sig", digest.Encoded())
 
-	_, _, _, err := imageStore.GetImageManifest(name, reference) // nolint: dogsled
+	_, _, _, err := imageStore.GetImageManifest(name, reference) //nolint: dogsled
 	if err != nil {
 		olu.Log.Info().Err(err).Str("repo", name).Str("digest",
 			digest.String()).Msg("invalid cosign signature")
diff --git a/pkg/extensions/search/cve/cve_test.go b/pkg/extensions/search/cve/cve_test.go
index f610b355..f8723408 100644
--- a/pkg/extensions/search/cve/cve_test.go
+++ b/pkg/extensions/search/cve/cve_test.go
@@ -1,7 +1,7 @@
 //go:build search
 // +build search
 
-// nolint:lll,gosimple
+//nolint:lll,gosimple
 package cveinfo_test
 
 import (
@@ -37,7 +37,7 @@ import (
 	"zotregistry.io/zot/pkg/test/mocks"
 )
 
-// nolint:gochecknoglobals
+//nolint:gochecknoglobals
 var (
 	cve            cveinfo.CveInfo
 	dbDir          string
@@ -109,7 +109,7 @@ func testSetup() error {
 	return nil
 }
 
-func generateTestData() error { // nolint: gocyclo
+func generateTestData() error { //nolint: gocyclo
 	// Image dir with no files
 	err := os.Mkdir(path.Join(dbDir, "zot-noindex-test"), 0o755)
 	if err != nil {
diff --git a/pkg/extensions/search/cve/trivy/scanner.go b/pkg/extensions/search/cve/trivy/scanner.go
index ec3e540e..65760b6f 100644
--- a/pkg/extensions/search/cve/trivy/scanner.go
+++ b/pkg/extensions/search/cve/trivy/scanner.go
@@ -192,7 +192,7 @@ func (scanner Scanner) ScanImage(image string) (map[string]cvemodel.CVE, error)
 	report, err := artifact.TrivyImageRun(tCtx.Ctx)
 	scanner.dbLock.Unlock()
 
-	if err != nil { // nolint: wsl
+	if err != nil { //nolint: wsl
 		scanner.log.Error().Err(err).Str("image", image).Msg("unable to scan image")
 
 		return cveidMap, err
diff --git a/pkg/extensions/search/digest/digest_test.go b/pkg/extensions/search/digest/digest_test.go
index 445607f3..b1da85b3 100644
--- a/pkg/extensions/search/digest/digest_test.go
+++ b/pkg/extensions/search/digest/digest_test.go
@@ -1,7 +1,7 @@
 //go:build search
 // +build search
 
-// nolint: gochecknoinits
+//nolint:gochecknoinits
 package digestinfo_test
 
 import (
@@ -26,7 +26,7 @@ import (
 	. "zotregistry.io/zot/pkg/test"
 )
 
-// nolint:gochecknoglobals
+//nolint:gochecknoglobals
 var (
 	digestInfo *digestinfo.DigestInfo
 	rootDir    string
diff --git a/pkg/extensions/search/resolver.go b/pkg/extensions/search/resolver.go
index f6e0ce25..13efc807 100644
--- a/pkg/extensions/search/resolver.go
+++ b/pkg/extensions/search/resolver.go
@@ -13,8 +13,8 @@ import (
 	"time"
 
 	"github.com/99designs/gqlgen/graphql"
-	glob "github.com/bmatcuk/doublestar/v4"            // nolint:gci
-	v1 "github.com/google/go-containerregistry/pkg/v1" // nolint:gci
+	glob "github.com/bmatcuk/doublestar/v4"            //nolint:gci
+	v1 "github.com/google/go-containerregistry/pkg/v1" //nolint:gci
 	godigest "github.com/opencontainers/go-digest"
 	ispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/vektah/gqlparser/v2/gqlerror"
@@ -23,7 +23,7 @@ import (
 	cveinfo "zotregistry.io/zot/pkg/extensions/search/cve"
 	digestinfo "zotregistry.io/zot/pkg/extensions/search/digest"
 	"zotregistry.io/zot/pkg/extensions/search/gql_generated"
-	"zotregistry.io/zot/pkg/log" // nolint: gci
+	"zotregistry.io/zot/pkg/log" //nolint: gci
 	localCtx "zotregistry.io/zot/pkg/requestcontext"
 	"zotregistry.io/zot/pkg/storage"
 ) // THIS CODE IS A STARTING POINT ONLY. IT WILL NOT BE UPDATED WITH SCHEMA CHANGES.
@@ -88,7 +88,7 @@ func repoListWithNewestImage(
 	olu common.OciLayoutUtils,
 	cveInfo cveinfo.CveInfo,
 	log log.Logger,
-) ([]*gql_generated.RepoSummary, error) {
+) ([]*gql_generated.RepoSummary, error) { //nolint:unparam
 	reposSummary := []*gql_generated.RepoSummary{}
 
 	for _, repo := range repoList {
@@ -473,8 +473,10 @@ func globalSearch(repoList []string, name, tag string, olu common.OciLayoutUtils
 // The distance represents the score of the match.
 //
 // Example:
-// 	query: image
-// 	repos: repo/test/myimage
+//
+//	query: image
+//	repos: repo/test/myimage
+//
 // Score will be 2.
 func calculateImageMatchingScore(artefactName string, index int, matchesTag bool) int {
 	score := 0
diff --git a/pkg/extensions/search/schema.resolvers.go b/pkg/extensions/search/schema.resolvers.go
index 52d9504a..d26c0b60 100644
--- a/pkg/extensions/search/schema.resolvers.go
+++ b/pkg/extensions/search/schema.resolvers.go
@@ -64,7 +64,7 @@ func (r *queryResolver) ImageListForCve(ctx context.Context, id string) ([]*gql_
 
 	r.log.Info().Msg("extracting repositories")
 	repoList, err := olu.GetRepositories()
-	if err != nil { // nolint: wsl
+	if err != nil { //nolint: wsl
 		r.log.Error().Err(err).Msg("unable to search repositories")
 
 		return affectedImages, err
diff --git a/pkg/extensions/sync/on_demand.go b/pkg/extensions/sync/on_demand.go
index 29eb250c..9ebdaf01 100644
--- a/pkg/extensions/sync/on_demand.go
+++ b/pkg/extensions/sync/on_demand.go
@@ -30,7 +30,7 @@ type syncContextUtils struct {
 	copyOptions  copy.Options
 }
 
-// nolint: gochecknoglobals
+//nolint:gochecknoglobals
 var demandedImgs demandedImages
 
 type demandedImages struct {
diff --git a/pkg/extensions/sync/sync.go b/pkg/extensions/sync/sync.go
index f6e69ce1..81240a2a 100644
--- a/pkg/extensions/sync/sync.go
+++ b/pkg/extensions/sync/sync.go
@@ -295,7 +295,7 @@ func getUpstreamContext(regCfg *RegistryConfig, credentials Credentials) *types.
 	return upstreamCtx
 }
 
-// nolint:gocyclo  // offloading some of the functionalities from here would make the code harder to follow
+//nolint:gocyclo  // offloading some of the functionalities from here would make the code harder to follow
 func syncRegistry(ctx context.Context, regCfg RegistryConfig,
 	upstreamURL string,
 	storeController storage.StoreController, localCtx *types.SystemContext,
diff --git a/pkg/extensions/sync/utils.go b/pkg/extensions/sync/utils.go
index 27c4585d..7aee7f1b 100644
--- a/pkg/extensions/sync/utils.go
+++ b/pkg/extensions/sync/utils.go
@@ -249,7 +249,7 @@ func getHTTPClient(regCfg *RegistryConfig, upstreamURL string, credentials Crede
 		client.SetCertificates(cert)
 	}
 
-	// nolint: gosec
+	//nolint: gosec
 	if regCfg.TLSVerify != nil && !*regCfg.TLSVerify && registryURL.Scheme == "https" {
 		client.SetTLSClientConfig(&tls.Config{InsecureSkipVerify: true})
 	}
diff --git a/pkg/log/log.go b/pkg/log/log.go
index a5fd87a3..937982c3 100644
--- a/pkg/log/log.go
+++ b/pkg/log/log.go
@@ -13,7 +13,7 @@ import (
 
 const defaultPerms = 0o0600
 
-// nolint:gochecknoglobals
+//nolint:gochecknoglobals
 var loggerSetTimeFormat sync.Once
 
 // Logger extends zerolog's Logger.
diff --git a/pkg/requestcontext/context.go b/pkg/requestcontext/context.go
index 06aa0506..fa199ea5 100644
--- a/pkg/requestcontext/context.go
+++ b/pkg/requestcontext/context.go
@@ -3,7 +3,7 @@ package requestcontext
 type Key int
 
 // request-local context key.
-var authzCtxKey = Key(0) // nolint: gochecknoglobals
+var authzCtxKey = Key(0) //nolint: gochecknoglobals
 
 // pointer needed for use in context.WithValue.
 func GetContextKey() *Key {
diff --git a/pkg/storage/common.go b/pkg/storage/common.go
index 8c7959b4..8bf60189 100644
--- a/pkg/storage/common.go
+++ b/pkg/storage/common.go
@@ -97,7 +97,7 @@ func ValidateManifest(imgStore ImageStore, repo, reference, mediaType string, bo
 	return "", nil
 }
 
-func validateOCIManifest(imgStore ImageStore, repo, reference string, manifest *ispec.Manifest,
+func validateOCIManifest(imgStore ImageStore, repo, reference string, manifest *ispec.Manifest, //nolint:unparam
 	log zerolog.Logger,
 ) (string, error) {
 	if manifest.SchemaVersion != SchemaVersion {
@@ -152,8 +152,11 @@ func GetAndValidateRequestDigest(body []byte, digest string, log zerolog.Logger)
 	return bodyDigest, err
 }
 
-/* CheckIfIndexNeedsUpdate verifies if an index needs to be updated given a new manifest descriptor.
-Returns whether or not index needs update, in the latter case it will also return the previous digest. */
+/*
+	CheckIfIndexNeedsUpdate verifies if an index needs to be updated given a new manifest descriptor.
+
+Returns whether or not index needs update, in the latter case it will also return the previous digest.
+*/
 func CheckIfIndexNeedsUpdate(index *ispec.Index, desc *ispec.Descriptor,
 	log zerolog.Logger,
 ) (bool, godigest.Digest, error) {
@@ -273,9 +276,12 @@ func RemoveManifestDescByReference(index *ispec.Index, reference string) (ispec.
 	return removedManifest, found
 }
 
-/* additionally, unmarshal an image index and for all manifests in that
+/*
+	additionally, unmarshal an image index and for all manifests in that
+
 index, ensure that they do not have a name or they are not in other
-manifest indexes else GC can never clean them. */
+manifest indexes else GC can never clean them.
+*/
 func UpdateIndexWithPrunedImageManifests(imgStore ImageStore, index *ispec.Index, repo string,
 	desc ispec.Descriptor, oldDgst godigest.Digest, log zerolog.Logger,
 ) error {
@@ -310,7 +316,7 @@ same constitutent manifests so that they can be garbage-collected correctly
 
 pruneImageManifestsFromIndex is a helper routine to achieve this.
 */
-func PruneImageManifestsFromIndex(imgStore ImageStore, repo string, digest godigest.Digest, // nolint: gocyclo
+func PruneImageManifestsFromIndex(imgStore ImageStore, repo string, digest godigest.Digest, //nolint:gocyclo
 	outIndex ispec.Index, otherImgIndexes []ispec.Descriptor, log zerolog.Logger,
 ) ([]ispec.Descriptor, error) {
 	dir := path.Join(imgStore.RootDir(), repo)
diff --git a/pkg/storage/local/local.go b/pkg/storage/local/local.go
index 6c145792..c03b8df0 100644
--- a/pkg/storage/local/local.go
+++ b/pkg/storage/local/local.go
@@ -229,7 +229,7 @@ func (is *ImageStoreLocal) ValidateRepo(name string) (bool, error) {
 		return false, zerr.ErrRepoNotFound
 	}
 
-	if len(files) < 3 { // nolint:gomnd
+	if len(files) < 3 { //nolint:gomnd
 		return false, zerr.ErrRepoBadVersion
 	}
 
@@ -298,11 +298,11 @@ func (is *ImageStoreLocal) GetRepositories() ([]string, error) {
 
 		rel, err := filepath.Rel(is.rootDir, path)
 		if err != nil {
-			return nil // nolint:nilerr // ignore paths not relative to root dir
+			return nil //nolint:nilerr // ignore paths not relative to root dir
 		}
 
 		if ok, err := is.ValidateRepo(rel); !ok || err != nil {
-			return nil // nolint:nilerr // ignore invalid repos
+			return nil //nolint:nilerr // ignore invalid repos
 		}
 
 		// is.log.Debug().Str("dir", path).Str("name", info.Name()).Msg("found image store")
@@ -343,12 +343,12 @@ func (is *ImageStoreLocal) GetNextRepository(repo string) (string, error) {
 
 		rel, err := filepath.Rel(is.rootDir, path)
 		if err != nil {
-			return nil // nolint:nilerr // ignore paths not relative to root dir
+			return nil //nolint:nilerr // ignore paths not relative to root dir
 		}
 
 		ok, err := is.ValidateRepo(rel)
 		if !ok || err != nil {
-			return nil // nolint:nilerr // ignore invalid repos
+			return nil //nolint:nilerr // ignore invalid repos
 		}
 
 		if repo == "" && ok && err == nil {
@@ -427,7 +427,7 @@ func (is *ImageStoreLocal) GetImageManifest(repo, reference string) ([]byte, str
 }
 
 // PutImageManifest adds an image manifest to the repository.
-func (is *ImageStoreLocal) PutImageManifest(repo, reference, mediaType string, // nolint: gocyclo
+func (is *ImageStoreLocal) PutImageManifest(repo, reference, mediaType string, //nolint: gocyclo
 	body []byte,
 ) (string, error) {
 	if err := is.InitRepo(repo); err != nil {
diff --git a/pkg/storage/local/local_elevated_test.go b/pkg/storage/local/local_elevated_test.go
index bcb52125..62028db4 100644
--- a/pkg/storage/local/local_elevated_test.go
+++ b/pkg/storage/local/local_elevated_test.go
@@ -57,7 +57,7 @@ func TestElevatedPrivilegesInvalidDedupe(t *testing.T) {
 			panic(err)
 		}
 
-		err = os.WriteFile(path.Join(dir, "dedupe2", "blobs/sha256", blobDigest1), content, 0o755) // nolint: gosec
+		err = os.WriteFile(path.Join(dir, "dedupe2", "blobs/sha256", blobDigest1), content, 0o755) //nolint: gosec
 		if err != nil {
 			panic(err)
 		}
@@ -74,7 +74,7 @@ func TestElevatedPrivilegesInvalidDedupe(t *testing.T) {
 		So(err, ShouldBeNil)
 		So(blob, ShouldEqual, buflen)
 
-		cmd := exec.Command("chattr", "+i", path.Join(dir, "dedupe2", "blobs/sha256", blobDigest1)) // nolint: gosec
+		cmd := exec.Command("chattr", "+i", path.Join(dir, "dedupe2", "blobs/sha256", blobDigest1)) //nolint: gosec
 		_, err = cmd.Output()
 		if err != nil {
 			panic(err)
@@ -84,7 +84,7 @@ func TestElevatedPrivilegesInvalidDedupe(t *testing.T) {
 		So(err, ShouldNotBeNil)
 		So(blob, ShouldEqual, buflen)
 
-		cmd = exec.Command("chattr", "-i", path.Join(dir, "dedupe2", "blobs/sha256", blobDigest1)) // nolint: gosec
+		cmd = exec.Command("chattr", "-i", path.Join(dir, "dedupe2", "blobs/sha256", blobDigest1)) //nolint: gosec
 		_, err = cmd.Output()
 		if err != nil {
 			panic(err)
diff --git a/pkg/storage/local/local_test.go b/pkg/storage/local/local_test.go
index 69fdaf19..b76e035c 100644
--- a/pkg/storage/local/local_test.go
+++ b/pkg/storage/local/local_test.go
@@ -434,7 +434,7 @@ func FuzzTestDeleteImageManifest(f *testing.F) {
 }
 
 func FuzzDirExists(f *testing.F) {
-	f.Fuzz(func(t *testing.T, data string) { //nolint: unusedparams
+	f.Fuzz(func(t *testing.T, data string) {
 		_ = local.DirExists(data)
 	})
 }
@@ -1110,7 +1110,7 @@ func TestDedupe(t *testing.T) {
 	})
 }
 
-// nolint: gocyclo
+//nolint:gocyclo
 func TestNegativeCases(t *testing.T) {
 	Convey("Invalid root dir", t, func(c C) {
 		dir := t.TempDir()
@@ -1150,7 +1150,7 @@ func TestNegativeCases(t *testing.T) {
 		}
 
 		// Init repo should fail if repo is a file.
-		err = os.WriteFile(path.Join(dir, "file-test"), []byte("this is test file"), 0o755) // nolint:gosec
+		err = os.WriteFile(path.Join(dir, "file-test"), []byte("this is test file"), 0o755) //nolint:gosec
 		So(err, ShouldBeNil)
 		err = imgStore.InitRepo("file-test")
 		So(err, ShouldNotBeNil)
@@ -1193,17 +1193,17 @@ func TestNegativeCases(t *testing.T) {
 			panic(err)
 		}
 
-		err = os.WriteFile(path.Join(dir, "invalid-test", "blobs"), []byte{}, 0o755) // nolint: gosec
+		err = os.WriteFile(path.Join(dir, "invalid-test", "blobs"), []byte{}, 0o755) //nolint: gosec
 		if err != nil {
 			panic(err)
 		}
 
-		err = os.WriteFile(path.Join(dir, "invalid-test", "index.json"), []byte{}, 0o755) // nolint: gosec
+		err = os.WriteFile(path.Join(dir, "invalid-test", "index.json"), []byte{}, 0o755) //nolint: gosec
 		if err != nil {
 			panic(err)
 		}
 
-		err = os.WriteFile(path.Join(dir, "invalid-test", ispec.ImageLayoutFile), []byte{}, 0o755) // nolint: gosec
+		err = os.WriteFile(path.Join(dir, "invalid-test", ispec.ImageLayoutFile), []byte{}, 0o755) //nolint: gosec
 		if err != nil {
 			panic(err)
 		}
@@ -1224,7 +1224,7 @@ func TestNegativeCases(t *testing.T) {
 		So(err, ShouldNotBeNil)
 		So(isValid, ShouldEqual, false)
 
-		err = os.WriteFile(path.Join(dir, "invalid-test", ispec.ImageLayoutFile), []byte("{}"), 0o755) // nolint: gosec
+		err = os.WriteFile(path.Join(dir, "invalid-test", ispec.ImageLayoutFile), []byte("{}"), 0o755) //nolint: gosec
 		if err != nil {
 			panic(err)
 		}
@@ -2196,7 +2196,7 @@ func NewRandomImgManifest(data []byte, cdigest, ldigest godigest.Digest, cblob,
 	return &manifest, nil
 }
 
-func newRandomBlobForFuzz(data []byte) (godigest.Digest, []byte, error) {
+func newRandomBlobForFuzz(data []byte) (godigest.Digest, []byte, error) { //nolint:unparam
 	return godigest.FromBytes(data), data, nil
 }
 
diff --git a/pkg/storage/s3/s3.go b/pkg/storage/s3/s3.go
index 6cc29f53..8ea92183 100644
--- a/pkg/storage/s3/s3.go
+++ b/pkg/storage/s3/s3.go
@@ -204,7 +204,7 @@ func (is *ObjectStorage) ValidateRepo(name string) (bool, error) {
 		return false, zerr.ErrRepoNotFound
 	}
 
-	// nolint:gomnd
+	//nolint:gomnd
 	if len(files) < 2 {
 		return false, zerr.ErrRepoBadVersion
 	}
@@ -922,7 +922,7 @@ retry:
 			// the actual blob on disk may have been removed by GC, so sync the cache
 			err := is.cache.DeleteBlob(dstDigest.String(), dstRecord)
 			if err = test.Error(err); err != nil {
-				// nolint:lll
+				//nolint:lll
 				is.log.Error().Err(err).Str("dstDigest", dstDigest.String()).Str("dst", dst).Msg("dedupe: unable to delete blob record")
 
 				return err
diff --git a/pkg/storage/s3/s3_test.go b/pkg/storage/s3/s3_test.go
index ec18072e..4c25b9d7 100644
--- a/pkg/storage/s3/s3_test.go
+++ b/pkg/storage/s3/s3_test.go
@@ -31,7 +31,7 @@ import (
 	"zotregistry.io/zot/pkg/test"
 )
 
-// nolint: gochecknoglobals
+//nolint:gochecknoglobals
 var (
 	testImage      = "test"
 	fileWriterSize = 12
diff --git a/pkg/storage/scrub.go b/pkg/storage/scrub.go
index 13148616..72c2e5c0 100644
--- a/pkg/storage/scrub.go
+++ b/pkg/storage/scrub.go
@@ -125,7 +125,7 @@ func CheckRepo(imageName string, imgStore ImageStore) ([]ScrubImageResult, error
 	return results, nil
 }
 
-func checkIntegrity(ctx context.Context, imageName, tagName string, oci casext.Engine, manifest ispec.Descriptor, dir string) ScrubImageResult { // nolint: lll
+func checkIntegrity(ctx context.Context, imageName, tagName string, oci casext.Engine, manifest ispec.Descriptor, dir string) ScrubImageResult { //nolint: lll
 	// check manifest and config
 	stat, err := umoci.Stat(ctx, oci, manifest)
 
diff --git a/pkg/storage/storage.go b/pkg/storage/storage.go
index 51b01fbb..d2577a51 100644
--- a/pkg/storage/storage.go
+++ b/pkg/storage/storage.go
@@ -14,7 +14,7 @@ const (
 	DefaultGCDelay      = 1 * time.Hour
 )
 
-type ImageStore interface {
+type ImageStore interface { //nolint:interfacebloat
 	DirExists(d string) bool
 	RootDir() string
 	RLock(*time.Time)
diff --git a/pkg/storage/storage_test.go b/pkg/storage/storage_test.go
index 11cfe053..abb7c80f 100644
--- a/pkg/storage/storage_test.go
+++ b/pkg/storage/storage_test.go
@@ -83,7 +83,7 @@ func createObjectsStore(rootDir string, cacheDir string) (driver.StorageDriver,
 	return store, il, err
 }
 
-// nolint: gochecknoglobals
+//nolint:gochecknoglobals
 var testCases = []struct {
 	testCaseName string
 	storageType  string
@@ -768,7 +768,7 @@ func TestMandatoryAnnotations(t *testing.T) {
 						imgStore = s3.NewImageStore(testDir, tdir, false, 1, false, false, log, metrics,
 							&mocks.MockedLint{
 								LintFn: func(repo string, manifestDigest godigest.Digest, imageStore storage.ImageStore) (bool, error) {
-									// nolint: goerr113
+									//nolint: goerr113
 									return false, errors.New("linter error")
 								},
 							}, store)
@@ -776,7 +776,7 @@ func TestMandatoryAnnotations(t *testing.T) {
 						imgStore = local.NewImageStore(tdir, true, storage.DefaultGCDelay, true,
 							true, log, metrics, &mocks.MockedLint{
 								LintFn: func(repo string, manifestDigest godigest.Digest, imageStore storage.ImageStore) (bool, error) {
-									// nolint: goerr113
+									//nolint: goerr113
 									return false, errors.New("linter error")
 								},
 							})
diff --git a/pkg/test/mocks/storage_driver_mock.go b/pkg/test/mocks/storage_driver_mock.go
index 17f8c0cc..8a1d3cb1 100644
--- a/pkg/test/mocks/storage_driver_mock.go
+++ b/pkg/test/mocks/storage_driver_mock.go
@@ -22,7 +22,7 @@ type StorageDriverMock struct {
 	WalkFn       func(ctx context.Context, path string, f driver.WalkFn) error
 }
 
-// nolint: gochecknoglobals
+//nolint:gochecknoglobals
 var (
 	fileWriterSize = 12
 	fileInfoSize   = 10
diff --git a/stacker-conformance.yaml b/stacker-conformance.yaml
index 8141b1e2..82c24d80 100644
--- a/stacker-conformance.yaml
+++ b/stacker-conformance.yaml
@@ -1,7 +1,7 @@
 build:
   from:
     type: docker
-    url: docker://ghcr.io/project-zot/golang:1.18
+    url: docker://ghcr.io/project-zot/golang:1.19
   binds:
     - . -> /zotcopy
   run: |
diff --git a/stacker-zb.yaml b/stacker-zb.yaml
index d3154ced..60cae82f 100644
--- a/stacker-zb.yaml
+++ b/stacker-zb.yaml
@@ -1,7 +1,7 @@
 build:
   from:
     type: docker
-    url: docker://ghcr.io/project-zot/golang:1.18
+    url: docker://ghcr.io/project-zot/golang:1.19
   binds:
     - . -> /zotcopy
   run: |
diff --git a/stacker-zxp.yaml b/stacker-zxp.yaml
index 5ddf3d5e..20ba1236 100644
--- a/stacker-zxp.yaml
+++ b/stacker-zxp.yaml
@@ -1,7 +1,7 @@
 build:
   from:
     type: docker
-    url: docker://ghcr.io/project-zot/golang:1.18
+    url: docker://ghcr.io/project-zot/golang:1.19
   binds:
     - . -> /zotcopy
   run: |
diff --git a/stacker.yaml b/stacker.yaml
index 412a1ee1..d0e71b10 100644
--- a/stacker.yaml
+++ b/stacker.yaml
@@ -1,7 +1,7 @@
 build:
   from:
     type: docker
-    url: docker://ghcr.io/project-zot/golang:1.18
+    url: docker://ghcr.io/project-zot/golang:1.19
   binds:
     - . -> /zotcopy
   run: |
diff --git a/test/blackbox/pushpull.bats b/test/blackbox/pushpull.bats
index 76eee6b0..0374ea54 100644
--- a/test/blackbox/pushpull.bats
+++ b/test/blackbox/pushpull.bats
@@ -6,7 +6,7 @@ function setup_file() {
         exit 1
     fi
     # Download test data to folder common for the entire suite, not just this file
-    skopeo --insecure-policy copy --format=oci docker://ghcr.io/project-zot/golang:1.18 oci:${TEST_DATA_DIR}/golang:1.18
+    skopeo --insecure-policy copy --format=oci docker://ghcr.io/project-zot/golang:1.19 oci:${TEST_DATA_DIR}/golang:1.19
     # Setup zot server
     local zot_root_dir=${BATS_FILE_TMPDIR}/zot
     local zot_config_file=${BATS_FILE_TMPDIR}/zot_config.json
@@ -43,27 +43,27 @@ function teardown_file() {
 
 @test "push image" {
     run skopeo --insecure-policy copy --dest-tls-verify=false \
-        oci:${TEST_DATA_DIR}/golang:1.18 \
-        docker://127.0.0.1:8080/golang:1.18
+        oci:${TEST_DATA_DIR}/golang:1.19 \
+        docker://127.0.0.1:8080/golang:1.19
     [ "$status" -eq 0 ]
     run curl http://127.0.0.1:8080/v2/_catalog
     [ "$status" -eq 0 ]
     [ $(echo "${lines[-1]}" | jq '.repositories[]') = '"golang"' ]
     run curl http://127.0.0.1:8080/v2/golang/tags/list
     [ "$status" -eq 0 ]
-    [ $(echo "${lines[-1]}" | jq '.tags[]') = '"1.18"' ]
+    [ $(echo "${lines[-1]}" | jq '.tags[]') = '"1.19"' ]
 }
 
 @test "pull image" {
     local oci_data_dir=${BATS_FILE_TMPDIR}/oci
     run skopeo --insecure-policy copy --src-tls-verify=false \
-        docker://127.0.0.1:8080/golang:1.18 \
-        oci:${oci_data_dir}/golang:1.18
+        docker://127.0.0.1:8080/golang:1.19 \
+        oci:${oci_data_dir}/golang:1.19
     [ "$status" -eq 0 ]
     run cat ${BATS_FILE_TMPDIR}/oci/golang/index.json
     [ "$status" -eq 0 ]
-    [ $(echo "${lines[-1]}" | jq '.manifests[].annotations."org.opencontainers.image.ref.name"') = '"1.18"' ]
-    run curl -X DELETE http://127.0.0.1:8080/v2/golang/manifests/1.18
+    [ $(echo "${lines[-1]}" | jq '.manifests[].annotations."org.opencontainers.image.ref.name"') = '"1.19"' ]
+    run curl -X DELETE http://127.0.0.1:8080/v2/golang/manifests/1.19
     [ "$status" -eq 0 ]
 }
 
@@ -136,7 +136,7 @@ function teardown_file() {
 @test "copy image with regclient" {
     run regctl registry set localhost:8080 --tls disabled
     [ "$status" -eq 0 ]
-    run regctl image copy ocidir://${TEST_DATA_DIR}/golang:1.18 localhost:8080/test-regclient
+    run regctl image copy ocidir://${TEST_DATA_DIR}/golang:1.19 localhost:8080/test-regclient
     [ "$status" -eq 0 ]
 }
 
@@ -184,6 +184,6 @@ EOF
 }
 
 @test "pull image with regclient" {
-    run regctl image copy localhost:8080/test-regclient ocidir://${TEST_DATA_DIR}/golang:1.18
+    run regctl image copy localhost:8080/test-regclient ocidir://${TEST_DATA_DIR}/golang:1.19
     [ "$status" -eq 0 ]
 }