internal/api/handlers/certificate_handler_coverage_test.go:114:16: Error return value of `db.AutoMigrate` is not checked (errcheck)
	db.AutoMigrate(&models.SSLCertificate{})
	              ^
internal/api/handlers/certificate_handler_coverage_test.go:137:16: Error return value of `db.AutoMigrate` is not checked (errcheck)
	db.AutoMigrate(&models.SSLCertificate{}, &models.ProxyHost{})
	              ^
internal/api/handlers/certificate_handler_coverage_test.go:163:16: Error return value of `db.AutoMigrate` is not checked (errcheck)
	db.AutoMigrate(&models.SSLCertificate{}, &models.ProxyHost{})
	              ^
internal/api/handlers/settings_handler_test.go:729:18: Error return value of `json.Unmarshal` is not checked (errcheck)
			json.Unmarshal(w.Body.Bytes(), &resp)
			              ^
internal/api/handlers/settings_handler_test.go:814:16: Error return value of `json.Unmarshal` is not checked (errcheck)
	json.Unmarshal(w.Body.Bytes(), &resp)
	              ^
internal/api/handlers/settings_handler_test.go:853:18: Error return value of `json.Unmarshal` is not checked (errcheck)
			json.Unmarshal(w.Body.Bytes(), &resp)
			              ^
internal/caddy/manager_additional_test.go:1316:11: Error return value of `w.Write` is not checked (errcheck)
			w.Write([]byte(`{"apps":{"http":{}}}`))
			       ^
internal/caddy/manager_additional_test.go:1370:11: Error return value of `w.Write` is not checked (errcheck)
			w.Write([]byte(`{"apps":{"http":{}}}`))
			       ^
internal/caddy/manager_additional_test.go:1421:11: Error return value of `w.Write` is not checked (errcheck)
			w.Write([]byte(`{"apps":{"http":{}}}`))
			       ^
internal/crypto/rotation_service_test.go:40:11: Error return value of `os.Setenv` is not checked (errcheck)
	os.Setenv("CHARON_ENCRYPTION_KEY", currentKey)
	         ^
internal/crypto/rotation_service_test.go:41:32: Error return value of `os.Unsetenv` is not checked (errcheck)
	t.Cleanup(func() { os.Unsetenv("CHARON_ENCRYPTION_KEY") })
	                              ^
internal/crypto/rotation_service_test.go:61:12: Error return value of `os.Setenv` is not checked (errcheck)
		os.Setenv("CHARON_ENCRYPTION_KEY_NEXT", nextKey)
		         ^
internal/crypto/rotation_service_test.go:62:20: Error return value of `os.Unsetenv` is not checked (errcheck)
		defer os.Unsetenv("CHARON_ENCRYPTION_KEY_NEXT")
		                 ^
internal/crypto/rotation_service_test.go:72:12: Error return value of `os.Setenv` is not checked (errcheck)
		os.Setenv("CHARON_ENCRYPTION_KEY_V1", legacyKey)
		         ^
internal/crypto/rotation_service_test.go:73:20: Error return value of `os.Unsetenv` is not checked (errcheck)
		defer os.Unsetenv("CHARON_ENCRYPTION_KEY_V1")
		                 ^
internal/services/credential_service_test.go:29:14: Error return value of `sqlDB.Close` is not checked (errcheck)
		sqlDB.Close()
		           ^
internal/services/dns_provider_service_test.go:1406:13: Error return value of `sqlDB.Close` is not checked (errcheck)
	sqlDB.Close()
	           ^
internal/services/dns_provider_service_test.go:1421:13: Error return value of `sqlDB.Close` is not checked (errcheck)
	sqlDB.Close()
	           ^
cmd/api/main.go:29:12: G301: Expect directory permissions to be 0750 or less (gosec)
	if err := os.MkdirAll(logDir, 0o755); err != nil {
	          ^
cmd/api/main.go:32:7: G301: Expect directory permissions to be 0750 or less (gosec)
		_ = os.MkdirAll(logDir, 0o755)
		    ^
internal/api/handlers/manual_challenge_handler.go:649:15: G115: integer overflow conversion int -> uint (gosec)
			return uint(v)
			           ^
internal/api/handlers/manual_challenge_handler.go:651:15: G115: integer overflow conversion int64 -> uint (gosec)
			return uint(v)
			           ^
internal/api/handlers/security_handler_rules_decisions_test.go:162:92: G115: integer overflow conversion uint -> int (gosec)
	req = httptest.NewRequest(http.MethodDelete, "/api/v1/security/rulesets/"+strconv.Itoa(int(rs.ID)), http.NoBody)
	                                                                                          ^
internal/api/routes/routes.go:488:13: G301: Expect directory permissions to be 0750 or less (gosec)
		if err := os.MkdirAll(filepath.Dir(accessLogPath), 0o755); err != nil {
		          ^
internal/api/routes/routes.go:492:17: G304: Potential file inclusion via variable (gosec)
			if f, err := os.Create(accessLogPath); err == nil {
			             ^
internal/caddy/config.go:463:16: G602: slice index out of range (gosec)
		host := hosts[i]
		             ^
internal/config/config_test.go:67:12: G304: Potential file inclusion via variable (gosec)
	f, err := os.Create(filePath)
	          ^
internal/config/config_test.go:148:12: G304: Potential file inclusion via variable (gosec)
	f, err := os.Create(blockingFile)
	          ^
internal/crowdsec/hub_cache.go:82:12: G306: Expect WriteFile permissions to be 0600 or less (gosec)
	if err := os.WriteFile(archivePath, archive, 0o640); err != nil {
	          ^
internal/crowdsec/hub_cache.go:86:12: G306: Expect WriteFile permissions to be 0600 or less (gosec)
	if err := os.WriteFile(previewPath, []byte(preview), 0o640); err != nil {
	          ^
internal/crowdsec/hub_sync.go:1016:16: G110: Potential DoS vulnerability via decompression bomb (gosec)
		if _, err := io.Copy(f, tr); err != nil {
		             ^
internal/server/server_test.go:19:9: G306: Expect WriteFile permissions to be 0600 or less (gosec)
	err := os.WriteFile(filepath.Join(tempDir, "index.html"), []byte("<html></html>"), 0o644)
	       ^
internal/services/backup_service.go:316:12: G305: File traversal when extracting zip/tar archive (gosec)
		fpath := filepath.Join(dest, f.Name)
		         ^
internal/services/backup_service.go:345:12: G110: Potential DoS vulnerability via decompression bomb (gosec)
		_, err = io.Copy(outFile, rc)
		         ^
internal/services/backup_service_test.go:469:6: G302: Expect file permissions to be 0600 or less (gosec)
	_ = os.Chmod(service.BackupDir, 0o444)
	    ^
internal/services/backup_service_test.go:470:21: G302: Expect file permissions to be 0600 or less (gosec)
	defer func() { _ = os.Chmod(service.BackupDir, 0o755) }() // Restore for cleanup
	                   ^
internal/services/backup_service_test.go:538:8: G302: Expect file permissions to be 0600 or less (gosec)
			_ = os.Chmod(zipPath, 0o444)
			    ^
internal/services/uptime_service_test.go:58:13: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
	server := &http.Server{
		Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			w.WriteHeader(http.StatusOK)
		}),
	}
internal/services/uptime_service_test.go:831:14: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
		server := &http.Server{
			Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
				w.WriteHeader(http.StatusNotFound)
			}),
		}
internal/util/crypto_test.go:63:2: G101: Potential hardcoded credentials (gosec)
	secret := "a]3kL9#mP2$vN7@qR5*wX1&yT4^uI8%oE0!"
	^
40 issues:
* errcheck: 18
* gosec: 22
exit status 1