diff --git a/management/cmd/token.go b/management/cmd/token.go
index 6de193dbb..2185ed8e3 100644
--- a/management/cmd/token.go
+++ b/management/cmd/token.go
@@ -67,6 +67,7 @@ func withTokenStore(cmd *cobra.Command, fn func(ctx context.Context, s store.Sto
 		return fmt.Errorf("init log: %w", err)
 	}
 
+	//nolint
 	ctx := context.WithValue(cmd.Context(), hook.ExecutionContextKey, hook.SystemSource)
 
 	config, err := loadMgmtConfig(ctx, nbconfig.MgmtConfigPath)
@@ -108,11 +109,11 @@ func tokenCreateRun(cmd *cobra.Command, _ []string) error {
 			return fmt.Errorf("save token: %w", err)
 		}
 
-		fmt.Println("Token created successfully!")
-		fmt.Printf("Token: %s\n", generated.PlainToken)
-		fmt.Println()
-		fmt.Println("IMPORTANT: Save this token now. It will not be shown again.")
-		fmt.Printf("Token ID: %s\n", generated.ID)
+		fmt.Println("Token created successfully!")                                 //nolint:forbidigo
+		fmt.Printf("Token: %s\n", generated.PlainToken)                            //nolint:forbidigo
+		fmt.Println()                                                              //nolint:forbidigo
+		fmt.Println("IMPORTANT: Save this token now. It will not be shown again.") //nolint:forbidigo
+		fmt.Printf("Token ID: %s\n", generated.ID)                                 //nolint:forbidigo
 
 		return nil
 	})
@@ -126,7 +127,7 @@ func tokenListRun(cmd *cobra.Command, _ []string) error {
 		}
 
 		if len(tokens) == 0 {
-			fmt.Println("No proxy access tokens found.")
+			fmt.Println("No proxy access tokens found.") //nolint:forbidigo
 			return nil
 		}
 
@@ -174,7 +175,7 @@ func tokenRevokeRun(cmd *cobra.Command, args []string) error {
 			return fmt.Errorf("revoke token: %w", err)
 		}
 
-		fmt.Printf("Token %s revoked successfully.\n", tokenID)
+		fmt.Printf("Token %s revoked successfully.\n", tokenID) //nolint:forbidigo
 		return nil
 	})
 }
diff --git a/management/internals/shared/grpc/proxy.go b/management/internals/shared/grpc/proxy.go
index 53db8615d..62ede5e9f 100644
--- a/management/internals/shared/grpc/proxy.go
+++ b/management/internals/shared/grpc/proxy.go
@@ -92,7 +92,6 @@ type proxyConnection struct {
 	sendChan chan *proto.ProxyMapping
 	ctx      context.Context
 	cancel   context.CancelFunc
-	mu       sync.RWMutex
 }
 
 // NewProxyServiceServer creates a new proxy service server.
@@ -833,6 +832,7 @@ func (s *ProxyServiceServer) ValidateSession(ctx context.Context, req *proto.Val
 			"domain": domain,
 			"error":  err.Error(),
 		}).Debug("ValidateSession: service not found")
+		//nolint:nilerr
 		return &proto.ValidateSessionResponse{
 			Valid:        false,
 			DeniedReason: "service_not_found",
@@ -857,6 +857,7 @@ func (s *ProxyServiceServer) ValidateSession(ctx context.Context, req *proto.Val
 			"domain": domain,
 			"error":  err.Error(),
 		}).Debug("ValidateSession: invalid session token")
+		//nolint:nilerr
 		return &proto.ValidateSessionResponse{
 			Valid:        false,
 			DeniedReason: "invalid_token",
@@ -870,6 +871,7 @@ func (s *ProxyServiceServer) ValidateSession(ctx context.Context, req *proto.Val
 			"user_id": userID,
 			"error":   err.Error(),
 		}).Debug("ValidateSession: user not found")
+		//nolint:nilerr
 		return &proto.ValidateSessionResponse{
 			Valid:        false,
 			DeniedReason: "user_not_found",
@@ -883,6 +885,7 @@ func (s *ProxyServiceServer) ValidateSession(ctx context.Context, req *proto.Val
 			"user_account":    user.AccountID,
 			"service_account": service.AccountID,
 		}).Debug("ValidateSession: user account mismatch")
+		//nolint:nilerr
 		return &proto.ValidateSessionResponse{
 			Valid:        false,
 			DeniedReason: "account_mismatch",
@@ -895,6 +898,7 @@ func (s *ProxyServiceServer) ValidateSession(ctx context.Context, req *proto.Val
 			"user_id": userID,
 			"error":   err.Error(),
 		}).Debug("ValidateSession: access denied")
+		//nolint:nilerr
 		return &proto.ValidateSessionResponse{
 			Valid:        false,
 			UserId:       user.Id,
diff --git a/management/server/store/sql_store.go b/management/server/store/sql_store.go
index 935c8554c..209c273d4 100644
--- a/management/server/store/sql_store.go
+++ b/management/server/store/sql_store.go
@@ -5132,9 +5132,10 @@ func (s *SqlStore) applyAccessLogFilters(query *gorm.DB, filter accesslogs.Acces
 	}
 
 	if filter.Status != nil {
-		if *filter.Status == "success" {
+		switch *filter.Status {
+		case "success":
 			query = query.Where("status_code >= ? AND status_code < ?", 200, 400)
-		} else if *filter.Status == "failed" {
+		case "failed":
 			query = query.Where("status_code < ? OR status_code >= ?", 200, 400)
 		}
 	}
diff --git a/proxy/cmd/proxy/cmd/root.go b/proxy/cmd/proxy/cmd/root.go
index cc21f3bf4..9ceb4f935 100644
--- a/proxy/cmd/proxy/cmd/root.go
+++ b/proxy/cmd/proxy/cmd/root.go
@@ -21,6 +21,8 @@ import (
 const DefaultManagementURL = "https://api.netbird.io:443"
 
 // envProxyToken is the environment variable name for the proxy access token.
+//
+//nolint:gosec
 const envProxyToken = "NB_PROXY_TOKEN"
 
 var (
@@ -160,7 +162,8 @@ func runServer(cmd *cobra.Command, args []string) error {
 	defer stop()
 
 	if err := srv.ListenAndServe(ctx, addr); err != nil {
-		log.Fatal(err)
+		log.Error(err)
+		return err
 	}
 	return nil
 }
diff --git a/proxy/internal/auth/context.go b/proxy/internal/auth/context.go
deleted file mode 100644
index a4ac40f74..000000000
--- a/proxy/internal/auth/context.go
+++ /dev/null
@@ -1,40 +0,0 @@
-package auth
-
-import (
-	"context"
-
-	"github.com/netbirdio/netbird/proxy/auth"
-)
-
-type requestContextKey string
-
-const (
-	authMethodKey requestContextKey = "authMethod"
-	authUserKey   requestContextKey = "authUser"
-)
-
-func withAuthMethod(ctx context.Context, method auth.Method) context.Context {
-	return context.WithValue(ctx, authMethodKey, method)
-}
-
-func MethodFromContext(ctx context.Context) auth.Method {
-	v := ctx.Value(authMethodKey)
-	method, ok := v.(auth.Method)
-	if !ok {
-		return ""
-	}
-	return method
-}
-
-func withAuthUser(ctx context.Context, userId string) context.Context {
-	return context.WithValue(ctx, authUserKey, userId)
-}
-
-func UserFromContext(ctx context.Context) string {
-	v := ctx.Value(authUserKey)
-	userId, ok := v.(string)
-	if !ok {
-		return ""
-	}
-	return userId
-}
diff --git a/proxy/internal/k8s/lease.go b/proxy/internal/k8s/lease.go
index 033632c4a..c18721a2c 100644
--- a/proxy/internal/k8s/lease.go
+++ b/proxy/internal/k8s/lease.go
@@ -21,7 +21,7 @@ import (
 )
 
 const (
-	saTokenPath     = "/var/run/secrets/kubernetes.io/serviceaccount/token"
+	saTokenPath     = "/var/run/secrets/kubernetes.io/serviceaccount/token" //nolint:gosec
 	saNamespacePath = "/var/run/secrets/kubernetes.io/serviceaccount/namespace"
 	saCACertPath    = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
 
diff --git a/proxy/internal/proxy/reverseproxy.go b/proxy/internal/proxy/reverseproxy.go
index 8a65c5556..2e601e231 100644
--- a/proxy/internal/proxy/reverseproxy.go
+++ b/proxy/internal/proxy/reverseproxy.go
@@ -86,7 +86,7 @@ func (p *ReverseProxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		ErrorHandler: proxyErrorHandler,
 	}
 	if result.rewriteRedirects {
-		rp.ModifyResponse = p.rewriteLocationFunc(result.url, result.matchedPath, r)
+		rp.ModifyResponse = p.rewriteLocationFunc(result.url, result.matchedPath, r) //nolint:bodyclose
 	}
 	rp.ServeHTTP(w, r.WithContext(ctx))
 }
diff --git a/proxy/internal/proxy/reverseproxy_test.go b/proxy/internal/proxy/reverseproxy_test.go
index b30bb190f..5d2447e5c 100644
--- a/proxy/internal/proxy/reverseproxy_test.go
+++ b/proxy/internal/proxy/reverseproxy_test.go
@@ -572,6 +572,7 @@ func TestRewriteLocationFunc(t *testing.T) {
 			"http://backend.internal:8080/login")
 
 		require.NoError(t, err)
+		defer resp.Body.Close()
 		assert.Equal(t, "https://public.example.com/login", resp.Header.Get("Location"))
 	})
 
@@ -580,6 +581,7 @@ func TestRewriteLocationFunc(t *testing.T) {
 			"https://other.example.com/path")
 
 		require.NoError(t, err)
+		defer resp.Body.Close()
 		assert.Equal(t, "https://other.example.com/path", resp.Header.Get("Location"))
 	})
 
@@ -588,12 +590,14 @@ func TestRewriteLocationFunc(t *testing.T) {
 			"/dashboard")
 
 		require.NoError(t, err)
+		defer resp.Body.Close()
 		assert.Equal(t, "/dashboard", resp.Header.Get("Location"))
 	})
 
 	t.Run("re-adds stripped path prefix", func(t *testing.T) {
 		resp, err := run(newProxy("https"), "/api", newReq("https://public.example.com/api/users"),
 			"http://backend.internal:8080/users")
+		defer resp.Body.Close()
 
 		require.NoError(t, err)
 		assert.Equal(t, "https://public.example.com/api/users", resp.Header.Get("Location"))
diff --git a/proxy/web/web.go b/proxy/web/web.go
index fe51f884d..6773a9c1a 100644
--- a/proxy/web/web.go
+++ b/proxy/web/web.go
@@ -109,7 +109,7 @@ func ServeHTTP(w http.ResponseWriter, r *http.Request, data any, statusCode ...i
 	if err := tmpl.Execute(&buf, struct {
 		Data template.JS
 	}{
-		Data: template.JS(dataJSON),
+		Data: template.JS(dataJSON), //nolint:gosec
 	}); err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return