diff --git a/Makefile b/Makefile
index 380ba5a84..fd4ddb993 100644
--- a/Makefile
+++ b/Makefile
@@ -87,7 +87,11 @@ verify-gocilint:
 	go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.45.2
 	golangci-lint run --timeout=3m --modules-download-mode vendor ./...
 
-verify: verify-crds verify-gocilint
+verify-gosec:
+	go install github.com/securego/gosec/v2/cmd/gosec@v2.15.0
+	gosec -exclude-dir=test ./...
+
+verify: verify-crds verify-gocilint verify-gosec
 
 update-csv: ensure-operator-sdk
 	cd deploy/cluster-manager && ../../$(OPERATOR_SDK) generate bundle --manifests --deploy-dir config/ --crds-dir config/crds/ --output-dir olm-catalog/cluster-manager/ --version $(CSV_VERSION)
diff --git a/pkg/helpers/queuekey.go b/pkg/helpers/queuekey.go
index 5255c9f78..735fdf95e 100644
--- a/pkg/helpers/queuekey.go
+++ b/pkg/helpers/queuekey.go
@@ -37,7 +37,7 @@ const (
 
 	RegistrationWebhookSecret  = "registration-webhook-serving-cert"
 	RegistrationWebhookService = "cluster-manager-registration-webhook"
-	WorkWebhookSecret          = "work-webhook-serving-cert"
+	WorkWebhookSecret          = "work-webhook-serving-cert" // #nosec G101
 	WorkWebhookService         = "cluster-manager-work-webhook"
 )
 
diff --git a/pkg/operators/klusterlet/controllers/klusterletcontroller/klusterlet_controller.go b/pkg/operators/klusterlet/controllers/klusterletcontroller/klusterlet_controller.go
index 74764d49f..867db6207 100644
--- a/pkg/operators/klusterlet/controllers/klusterletcontroller/klusterlet_controller.go
+++ b/pkg/operators/klusterlet/controllers/klusterletcontroller/klusterlet_controller.go
@@ -3,9 +3,10 @@ package klusterletcontroller
 import (
 	"context"
 	"fmt"
+	"strings"
+
 	utilerrors "k8s.io/apimachinery/pkg/util/errors"
 	ocmfeature "open-cluster-management.io/api/feature"
-	"strings"
 
 	"github.com/openshift/library-go/pkg/controller/factory"
 	"github.com/openshift/library-go/pkg/operator/events"
@@ -40,7 +41,7 @@ const (
 	klusterletApplied                     = "Applied"
 	klusterletReadyToApply                = "ReadyToApply"
 	hubConnectionDegraded                 = "HubConnectionDegraded"
-	hubKubeConfigSecretMissing            = "HubKubeConfigSecretMissing"
+	hubKubeConfigSecretMissing            = "HubKubeConfigSecretMissing" // #nosec G101
 	appliedManifestWorkFinalizer          = "cluster.open-cluster-management.io/applied-manifest-work-cleanup"
 	managedResourcesEvictionTimestampAnno = "operator.open-cluster-management.io/managed-resources-eviction-timestamp"
 )