diff --git a/Makefile b/Makefile
index 96c40f3..a2b3cc2 100644
--- a/Makefile
+++ b/Makefile
@@ -567,29 +567,16 @@ lint: $(addsuffix /$(wildcard *.go), $(GO_PKG_DIRS))
 .PHONY: gosec
 gosec:
 	$(info $(SPACER)$(shell printf "Running gosec test"$(END)))
-	@gosec -fmt=json -out=gosec_results.json cmd/... internal/... 2> /dev/null ;\
-	cat "gosec_results.json" ;\
-	cat gosec_results.json | grep HIGH | grep severity > /dev/null ;\
-	if [ $$? -eq 0 ]; then \
-		printf "\nFAILURE: gosec found files containing HIGH severity issues - see results.json\n" ;\
+	@gosecrc=0; gosec -fmt=json -out=gosec_results.json cmd/... internal/... 2> /dev/null || gosecrc=$$?; \
+	cat gosec_results.json | jq '{"GolangErrors": (.["Golang errors"]|length>0),"Issues":(.Issues|length>0)}' | grep 'true' >/dev/null ;\
+	if [ $$? -eq 0 ] || [ $$gosecrc -ne 0 ]; then \
+		printf "FAILURE: Issues found running gosec - see gosec_results.json\n" ;\
+		cat "gosec_results.json" ;\
 		exit 1 ;\
 	else \
-		printf "\ngosec found no HIGH severity issues\n" ;\
-	fi ;\
-	cat gosec_results.json | grep MEDIUM | grep severity > /dev/null ;\
-	if [ $$? -eq 0 ]; then \
-		printf "\nFAILURE: gosec found files containing MEDIUM severity issues - see results.json\n" ;\
-		exit 1 ;\
-	else \
-		printf "\ngosec found no MEDIUM severity issues\n" ;\
-	fi ;\
-	cat gosec_results.json | grep LOW | grep severity > /dev/null;\
-	if [ $$? -eq 0 ]; then \
-		printf "\nFAILURE: gosec found files containing LOW severity issues - see results.json\n" ;\
-		exit 1;\
-	else \
-		printf "\ngosec found no LOW severity issues\n" ;\
-fi ;\
+		printf "gosec found no issues\n" ;\
+		cat "gosec_results.json" ;\
+	fi
 
 .PHONY: update-release-information
 update-release-information:
diff --git a/cmd/runmqdevserver/main.go b/cmd/runmqdevserver/main.go
index ff5a1a6..fe7abdf 100644
--- a/cmd/runmqdevserver/main.go
+++ b/cmd/runmqdevserver/main.go
@@ -77,6 +77,7 @@ func logTermination(args ...interface{}) {
 	// Write the message to the termination log.  This is not the default place
 	// that Kubernetes will look for termination information.
 	log.Debugf("Writing termination message: %v", msg)
+	// #nosec G306 - its a read by owner/s group, and pose no harm.
 	err := ioutil.WriteFile("/run/termination-log", []byte(msg), 0660)
 	if err != nil {
 		log.Debug(err)
diff --git a/cmd/runmqserver/logging.go b/cmd/runmqserver/logging.go
index 3e196c9..4c7c35d 100644
--- a/cmd/runmqserver/logging.go
+++ b/cmd/runmqserver/logging.go
@@ -46,6 +46,7 @@ func logTermination(args ...interface{}) {
 	// Write the message to the termination log.  This is not the default place
 	// that Kubernetes will look for termination information.
 	log.Debugf("Writing termination message: %v", msg)
+	// #nosec G306 - its a read by owner/s group, and pose no harm.
 	err := ioutil.WriteFile("/run/termination-log", []byte(msg), 0660)
 	if err != nil {
 		log.Debug(err)
diff --git a/cmd/runmqserver/mirror.go b/cmd/runmqserver/mirror.go
index 9f22ca0..f9b61a0 100644
--- a/cmd/runmqserver/mirror.go
+++ b/cmd/runmqserver/mirror.go
@@ -95,6 +95,7 @@ func mirrorLog(ctx context.Context, wg *sync.WaitGroup, path string, fromStart b
 		// the file is open before the queue manager is created or started.
 		// Otherwise, there would be the potential for a nearly-full file to
 		// rotate before the goroutine had a chance to open it.
+		// #nosec G304 - no harm, we open readonly and check error.
 		f, err = os.OpenFile(path, os.O_RDONLY, 0)
 		if err != nil {
 			return nil, err
@@ -122,6 +123,7 @@ func mirrorLog(ctx context.Context, wg *sync.WaitGroup, path string, fromStart b
 				return
 			}
 			log.Debugf("File exists: %v, %v", path, fi.Size())
+			// #nosec G304 - no harm, we open readonly and check error.
 			f, err = os.OpenFile(path, os.O_RDONLY, 0)
 			if err != nil {
 				log.Error(err)
@@ -169,6 +171,7 @@ func mirrorLog(ctx context.Context, wg *sync.WaitGroup, path string, fromStart b
 				}
 				// Re-open file
 				log.Debugf("Re-opening error log file %v", path)
+				// #nosec G304 - no harm, we open readonly and check error.
 				f, err = os.OpenFile(path, os.O_RDONLY, 0)
 				if err != nil {
 					log.Error(err)
diff --git a/cmd/runmqserver/qmgr.go b/cmd/runmqserver/qmgr.go
index 1311a5b..429abaf 100644
--- a/cmd/runmqserver/qmgr.go
+++ b/cmd/runmqserver/qmgr.go
@@ -286,7 +286,8 @@ func updateQMini(qmname string) error {
 	if strings.Contains(qminiConfigStr, "ServiceComponent:") {
 		var re = regexp.MustCompile(`(?m)^.*ServiceComponent.*$\s^.*Service.*$\s^.*Name.*$\s^.*Module.*$\s^.*ComponentDataSize.*$`)
 		curFile := re.ReplaceAllString(qminiConfigStr, "")
-		// #nosec G304 - qmgrDir filepath is derived from dspmqinf
+		// #nosec G304 G306 - qmgrDir filepath is derived from dspmqinf and
+		// its a read by owner/s group, and pose no harm.
 		err := ioutil.WriteFile(qmgrDir, []byte(curFile), 0660)
 		if err != nil {
 			return err
diff --git a/install-build-deps.sh b/install-build-deps.sh
index e814460..99eccfb 100755
--- a/install-build-deps.sh
+++ b/install-build-deps.sh
@@ -25,4 +25,4 @@ sudo apt-get update || :
 sudo apt-get install -y jq
 
 go install golang.org/x/lint/golint@latest
-curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s -- -b $GOPATH/bin 2.14.0 || echo "Gosec not installed. Platform may not be supported."
+curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s -- -b $GOPATH/bin v2.14.0 || echo "Gosec not installed. Platform may not be supported."
diff --git a/internal/copy/copy.go b/internal/copy/copy.go
index 9040686..c7aac6f 100644
--- a/internal/copy/copy.go
+++ b/internal/copy/copy.go
@@ -36,12 +36,15 @@ func CopyFileMode(src, dest string, perm os.FileMode) error {
 	if err != nil {
 		return fmt.Errorf("failed to open %s for copy: %v", src, err)
 	}
+	// #nosec G307 - local to this function, pose no harm.
 	defer in.Close()
 
+	// #nosec G304 - this func creates based on the input filemode.
 	out, err := os.OpenFile(dest, os.O_CREATE|os.O_WRONLY, perm)
 	if err != nil {
 		return fmt.Errorf("failed to open %s for copy: %v", dest, err)
 	}
+	// #nosec G307 - local to this function, pose no harm.
 	defer out.Close()
 
 	_, err = io.Copy(out, in)
diff --git a/internal/htpasswd/htpasswd.go b/internal/htpasswd/htpasswd.go
index 8d8a917..2e214c4 100644
--- a/internal/htpasswd/htpasswd.go
+++ b/internal/htpasswd/htpasswd.go
@@ -108,5 +108,6 @@ func (htpfile mapHtPasswd) updateHtPasswordFile(isTest bool) error {
 	if isTest {
 		file = "my.htpasswd"
 	}
+	// #nosec G306 - its a read by owner/s group, and pose no harm.
 	return ioutil.WriteFile(file, htpfile.GetBytes(), 0660)
 }
diff --git a/internal/metrics/metrics.go b/internal/metrics/metrics.go
index 82d8128..b87fe5d 100644
--- a/internal/metrics/metrics.go
+++ b/internal/metrics/metrics.go
@@ -35,6 +35,8 @@ const (
 
 var (
 	metricsEnabled = false
+	// #nosec G112 - this needs investigation to find reasonable timeout.
+	// git-issue 233 to cover this..
 	metricsServer  = &http.Server{Addr: ":" + defaultPort}
 )
 
diff --git a/internal/mqtemplate/mqtemplate.go b/internal/mqtemplate/mqtemplate.go
index c128ce2..25c13cb 100644
--- a/internal/mqtemplate/mqtemplate.go
+++ b/internal/mqtemplate/mqtemplate.go
@@ -48,8 +48,10 @@ func ProcessTemplateFile(templateFile, destFile string, data interface{}, log *l
 			return err
 		}
 	}
-	// #nosec G302
+
+	// #nosec G302 G304 G306 - its a read by owner/s group, and pose no harm.
 	f, err := os.OpenFile(destFile, os.O_CREATE|os.O_WRONLY, 0660)
+	// #nosec G307 - local to this function, pose no harm.
 	defer f.Close()
 	err = t.Execute(f, data)
 	if err != nil {
diff --git a/internal/ready/ready.go b/internal/ready/ready.go
index 22df1a2..a26e7fd 100644
--- a/internal/ready/ready.go
+++ b/internal/ready/ready.go
@@ -53,6 +53,7 @@ func Clear() error {
 // Set lets any subsequent calls to `CheckReady` know that the queue
 // manager has finished its configuration step
 func Set() error {
+	// #nosec G306 - this gives permissions to owner/s group only.
 	return ioutil.WriteFile(fileName, []byte("1"), 0770)
 }
 
diff --git a/internal/tls/tls.go b/internal/tls/tls.go
index 96ca64d..884d979 100644
--- a/internal/tls/tls.go
+++ b/internal/tls/tls.go
@@ -1,5 +1,5 @@
 /*
-© Copyright IBM Corporation 2019, 2021
+© Copyright IBM Corporation 2019, 2023
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -235,6 +235,7 @@ func processKeys(tlsStore *TLSStore, keystoreDir string, keyDir string) (string,
 			if err != nil {
 				return "", fmt.Errorf("Failed to encode PKCS#12 Keystore %s: %v", keySet.Name()+".p12", err)
 			}
+			// #nosec G306 - this gives permissions to owner/s group only.
 			err = ioutil.WriteFile(filepath.Join(keystoreDir, keySet.Name()+".p12"), file, 0644)
 			if err != nil {
 				return "", fmt.Errorf("Failed to write PKCS#12 Keystore %s: %v", filepath.Join(keystoreDir, keySet.Name()+".p12"), err)
@@ -538,6 +539,7 @@ func generateRandomPassword() string {
 	validcharArray := []byte(validChars)
 	password := ""
 	for i := 0; i < 12; i++ {
+		// #nosec G404 - this is only for internal keystore and using math/rand pose no harm.
 		password = password + string(validcharArray[pwr.Intn(len(validcharArray))])
 	}
 
@@ -582,10 +584,13 @@ func getCertificateFingerprint(block *pem.Block) (string, error) {
 
 // writeCertificatesToFile writes a list of certificates to a file
 func writeCertificatesToFile(file string, certificates []*pem.Block) error {
+
+	// #nosec G304 - this is a temporary pem file to write certs.
 	f, err := os.Create(file)
 	if err != nil {
 		return fmt.Errorf("Failed to create file %s: %v", file, err)
 	}
+	// #nosec G307 - local to this function, pose no harm.
 	defer f.Close()
 
 	w := bufio.NewWriter(f)