diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 15f7d6d..afa2075 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -11,12 +11,12 @@ jobs:
     name: "Lint and test"
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 
     - name: Set up Go
-      uses: actions/setup-go@v3
+      uses: actions/setup-go@v5
       with:
-        go-version: "1.23"
+        go-version-file: 'go.mod'
 
     - name: Run golangci-lint
       uses: golangci/golangci-lint-action@v3
@@ -30,14 +30,13 @@ jobs:
   commitlint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - name: Install required dependencies
-        run: |
-          sudo apt install -y git curl
-          curl -sL https://deb.nodesource.com/setup_14.x | sudo -E bash -
-          sudo DEBIAN_FRONTEND=noninteractive apt install -y nodejs
+
+      - uses: actions/setup-node@v4
+        with:
+          node_version: 'latest'
 
       - name: Install commitlint
         run: |
diff --git a/.golangci.yml b/.golangci.yml
index 488bf4c..29d493e 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,417 +1,43 @@
 ---
-# Source: pangoptic/templates/golangci-base.yml.tpl
-# Options for analysis running.
 run:
-  # Settable parameters #
   timeout: 15m
-  tests: true
-  build-tags: []
-  # Which dirs to skip: issues from them won't be reported.
-  skip-dirs:
-    - "bin"
-    - "scripts"
-    - ".ci"
-    - ".gradle"
-  # Which files to skip: they will be analyzed, but issues from them won't be reported.
-  skip-files:
-    - internal/model/openconfig/oc_path.go
-    - internal/model/openconfig/oc.go
-    - internal/model/ietf/ietf.go
-
-  # Invariable parameters #
-
-  # Exit code when at least one issue was found.
-  issues-exit-code: 1
-  # Enables skipping of directories:
-  # - vendor$, third_party$, testdata$, examples$, Godeps$, builtin$
-  skip-dirs-use-default: false
-  # If set we pass it to "go list -mod={option}". From "go help modules":
-  # If invoked with -mod=readonly, the go command is disallowed from the implicit
-  # automatic updating of go.mod described above. Instead, it fails when any changes
-  # to go.mod are needed. This setting is most useful to check that go.mod does
-  # not need updates, such as in a continuous integration and testing system.
-  modules-download-mode: readonly
-  # Allow multiple parallel golangci-lint instances running.
-  # If false (default) - golangci-lint acquires file lock on start.
-  allow-parallel-runners: false
-
-  # Disabled parameters  #
-
-  # The default concurrency value is the number of available CPU.
-  # concurrency:
-
-  # Define the Go version limit.
-  # Mainly related to generics support since go1.18.
-  # Default: use Go version from the go.mod file, fallback on the env var `GOVERSION`, fallback on 1.18
-  # go:
-
-
-# Output configuration options
-output:
-  # format: json
-  # Print lines of code with issue.
-  print-issued-lines: true
-  # Print linter name in the end of issue text.
-  print-linter-name: true
-  # Make issues output unique by line.
-  uniq-by-line: true
-  # Add a prefix to the output file references.
-  path-prefix: ""
-  # Sort results by: filepath, line and column.
-  sort-results: true
-
-# Linters settings configuration
-linters-settings:
-
-  asasalint:
-    ignore-test: false
-
-  dupword:
-    keywords: []
-
-  errcheck:
-    check-blank: false
-    check-type-assertions: true
-    disable-default-exclusions: false
-    exclude-functions: null
-
-  errorlint:
-    asserts: true
-    comparison: true
-    errorf: true
-    errorf-multi: true
-
-  exhaustive:
-    check:
-    - switch
-    - map
-    check-generated: false
-    default-signifies-exhaustive: true
-    explicit-exhaustive-map: false
-    explicit-exhaustive-switch: false
-    ignore-enum-members: ""
-    ignore-enum-types: ""
-    package-scope-only: false
-
-  goconst:
-    ignore-calls: false
-    ignore-tests: false
-    match-constant: true
-    min-len: 1
-    min-occurrences: 5
-    numbers: false
-
-  gocritic:
-    enabled-checks:
-    - appendAssign
-    - appendCombine
-    - argOrder
-    - assignOp
-    - badCall
-    - badCond
-    - captLocal
-    - caseOrder
-    - commentFormatting
-    - defaultCaseOrder
-    - deprecatedComment
-    - dupArg
-    - dupBranchBody
-    - dupCase
-    - dupSubExpr
-    - elseif
-    - exitAfterDefer
-    - flagDeref
-    - flagName
-    - ifElseChain
-    - indexAlloc
-    - mapKey
-    - newDeref
-    - offBy1
-    - rangeExprCopy
-    - rangeValCopy
-    - regexpMust
-    - singleCaseSwitch
-    - sloppyLen
-    - stringXbytes
-    - switchTrue
-    - typeSwitchVar
-    - underef
-    - unlambda
-    - unslice
-    - valSwap
-    - wrapperFunc
-
-  godot:
-    capital: true
-    exclude: []
-    period: true
-    scope: toplevel
-
-  gofmt:
-    simplify: false
-
-  goimports:
-    local-prefixes: github.com/org/project
-
-  gomnd:
-    checks:
-    - argument
-    - case
-    - condition
-    - operation
-    - return
-    - assign
-    ignored-files: []
-    ignored-functions: []
-    ignored-numbers: []
-
-  gosec:
-    includes:
-    - G104
-    - G109
-    - G110
-    - G201
-    - G202
-    - G203
-    - G301
-    - G302
-    - G303
-    - G305
-    - G306
-    - G307
-    - G402
-    - G403
-
-  gosimple:
-    checks:
-    - '*'
-    - -SA1014
-    - -SA1028
-
-  govet:
-    disable:
-    - shadow
-    enable-all: true
 
-  grouper:
-    const-require-grouping: false
-    const-require-single-const: false
-    import-require-grouping: false
-    import-require-single-import: true
-    type-require-grouping: false
-    type-require-single-type: false
-    var-require-grouping: false
-    var-require-single-var: false
-
-  makezero:
-    always: false
-
-  nilnil:
-    checked-types:
-    - ptr
-    - func
-    - iface
-    - map
-    - chan
-
-  nolintlint:
-    allow-no-explanation: []
-    allow-unused: false
-    require-explanation: true
-    require-specific: false
-
-  prealloc:
-    for-loops: false
-    range-loops: true
-    simple: true
-
-  predeclared:
-    ignore: ""
-    q: false
-
-  reassign:
-    patterns:
-    - .*
-
-  revive:
-    confidence: 0.8
-    enable-all-rules: false
-    ignore-generated-header: true
-    rules:
-    - name: atomic
-    - arguments:
-      - allowTypesBefore: '*testing.T'
-      name: context-as-argument
-    - name: context-keys-type
-    - arguments:
-      - - recover
-        - return
-      name: defer
-    - name: dot-imports
-    - name: identical-branches
-    - name: increment-decrement
-    - name: range-val-in-closure
-    - name: range-val-address
-    - name: unconditional-recursion
-    - name: unnecessary-stmt
-    - name: unreachable-code
-    - name: useless-break
-    - name: waitgroup-by-value
-    - name: unused-parameter
-    severity: error
-
-  staticcheck:
-    checks:
-    - '*'
-
-  stylecheck:
-    checks:
-    - '*'
-    - -ST1000
-    http-status-code-whitelist: []
-    initialisms:
-    - ACL
-    - API
-    - ASCII
-    - CPU
-    - CSS
-    - DNS
-    - EOF
-    - GUID
-    - HTML
-    - HTTP
-    - HTTPS
-    - ID
-    - IP
-    - JSON
-    - QPS
-    - RAM
-    - RPC
-    - SLA
-    - SMTP
-    - SQL
-    - SSH
-    - TCP
-    - TLS
-    - TTL
-    - UDP
-    - UI
-    - GID
-    - UID
-    - UUID
-    - URI
-    - URL
-    - UTF8
-    - VM
-    - XML
-    - XMPP
-    - XSRF
-    - XSS
-    - SIP
-    - RTP
-    - AMQP
-    - DB
-    - TS
-
-  tenv:
-    all: false
-
-  thelper:
-    benchmark:
-      begin: true
-      first: true
-      name: true
-    fuzz:
-      begin: false
-      first: false
-      name: false
-    tb:
-      begin: true
-      first: true
-      name: true
-    test:
-      begin: true
-      first: true
-      name: true
-
-  unparam:
-    check-exported: false
-
-  usestdlibvars:
-    constant-kind: true
-    crypto-hash: true
-    default-rpc-path: true
-    http-method: true
-    http-status-code: true
-    sql-isolation-level: true
-    time-layout: true
-    time-month: true
-    time-weekday: true
-    tls-signature-scheme: true
-
-  whitespace:
-    multi-func: false
-    multi-if: false
-
-# Linters configuration
 linters:
-  # Disable all linters.
-  disable-all: true
-  # Enable specific linters.
+  # additional linters:
   enable:
     - asasalint
     - asciicheck
     - bodyclose
     - containedctx
-    - dupword
     - durationcheck
-    - errcheck
     - errname
     - errorlint
     - exhaustive
     - gocheckcompilerdirectives
-    - goconst
     - gocritic
     - godot
     - gofmt
     - goimports
-    - gomnd
-    - goprintffuncname
     - gosec
-    - gosimple
-    - govet
     - grouper
-    - ineffassign
     - makezero
     - nilerr
-    - nilnil
     - nolintlint
     - nosprintfhostport
     - prealloc
     - predeclared
     - reassign
-    - revive
-    - staticcheck
-    - stylecheck
     - tenv
-    - testableexamples
-    - thelper
     - tparallel
-    - typecheck
     - unconvert
     - unparam
-    - unused
     - usestdlibvars
     - wastedassign
     - whitespace
     - zerologlint
-  # Run only fast linters from enabled linters set (first run won't be fast).
-  fast: false
 
-# Issues configuration
 issues:
   exclude: []
-  exclude-case-sensitive: false
   exclude-rules:
     - path: '(.+)_test\.go'
       linters:
@@ -420,39 +46,7 @@ issues:
       linters:
         - govet
       text: 'fieldalignment: .*'
-  fix: false
-  max-issues-per-linter: 0
-  max-same-issues: 0
-
-  # Invariable parameters #
-
-  # Show only new issues: if there are unstaged changes or untracked files,
-  # only those changes are analyzed, else only changes in HEAD~ are analyzed.
-  new: false
-  # Independently of option `exclude` we use default exclude patterns,
-  # it can be disabled by this option.
-  # To list all excluded by default patterns execute `golangci-lint run --help`.
-  exclude-use-default: false
-
-  # Disabled parameters  #
-
-  # Show only new issues created after git revision `REV`.
-  # new-from-rev:
-
-  # Show only new issues created in git patch with set file path.
-  # new-from-patch:
-
-severity:
-  # Invariable parameters #
-
-  # Set the default severity for issues.
-  # If severity rules are defined and the issues do not match or no severity is provided to the rule
-  # this will be the default severity applied. This option does not affect the exit code of the linter.
-  default-severity: error
-  # If set to true `severity-rules` regular expressions become case-sensitive.
-  case-sensitive: false
-  # When a list of severity rules are provided, severity information will be added to lint issues.
-  # Severity rules have the same filtering capability as exclude rules
-  # except you are allowed to specify one matcher per severity rule.
-  # Only affects out formats that support setting severity information.
-  rules: []
\ No newline at end of file
+  exclude-files:
+    - internal/model/openconfig/oc_path.go
+    - internal/model/openconfig/oc.go
+    - internal/model/ietf/ietf.go
diff --git a/cmd/data-aggregation-api/main.go b/cmd/data-aggregation-api/main.go
index d6dbb2f..934fcc5 100644
--- a/cmd/data-aggregation-api/main.go
+++ b/cmd/data-aggregation-api/main.go
@@ -25,9 +25,9 @@ func configureLogging(logLevel string, pretty bool) error {
 		return fmt.Errorf("failed to parse log level '%s': %w", logLevel, err)
 	}
 	zerolog.SetGlobalLevel(level)
-	zerolog.TimeFieldFormat = zerolog.TimeFormatUnix //nolint:reassign // it is the way
+	zerolog.TimeFieldFormat = zerolog.TimeFormatUnix
 	if pretty {
-		log.Logger = log.Output(zerolog.ConsoleWriter{Out: os.Stderr}) //nolint:reassign // it is the way
+		log.Logger = log.Output(zerolog.ConsoleWriter{Out: os.Stderr})
 	}
 
 	return nil
diff --git a/internal/api/auth/ldap.go b/internal/api/auth/ldap.go
index b2e0b2a..e4be917 100644
--- a/internal/api/auth/ldap.go
+++ b/internal/api/auth/ldap.go
@@ -54,7 +54,7 @@ func NewLDAPAuth(ldapURL string, bindDN string, password string, baseDN string,
 }
 
 func SetLDAPDefaultTimeout(timeout time.Duration) {
-	ldap.DefaultTimeout = timeout //nolint:reassign  // we want to customize the default timeout
+	ldap.DefaultTimeout = timeout
 }
 
 // SetMaxConnectionLifetime sets the maximum lifetime of a connection.
diff --git a/internal/api/router/manager.go b/internal/api/router/manager.go
index 8855e85..c74bd67 100644
--- a/internal/api/router/manager.go
+++ b/internal/api/router/manager.go
@@ -21,6 +21,7 @@ import (
 )
 
 const shutdownTimeout = 5 * time.Second
+const httpReadHeaderTimeout = 60 * time.Second
 
 type DevicesRepository interface {
 	Set(devices map[string]*device.Device)
@@ -155,7 +156,7 @@ func (m *Manager) ListenAndServe(ctx context.Context, address string, port int,
 	listenSocket := fmt.Sprint(address, ":", port)
 	log.Info().Msgf("start webserver - listening on %s", listenSocket)
 
-	httpServer := http.Server{Addr: listenSocket, Handler: mux}
+	httpServer := http.Server{Addr: listenSocket, Handler: mux, ReadHeaderTimeout: httpReadHeaderTimeout}
 
 	// TODO: handle http failure! with a channel
 	go func() {
diff --git a/internal/convertor/bgp/bgp_test.go b/internal/convertor/bgp/bgp_test.go
index ad179f4..49fd8df 100644
--- a/internal/convertor/bgp/bgp_test.go
+++ b/internal/convertor/bgp/bgp_test.go
@@ -165,7 +165,7 @@ func TestBGPToOpenConfig(t *testing.T) {
 		},
 		Neighbor: map[string]*openconfig.NetworkInstance_Protocol_Bgp_Neighbor{
 			"192.0.2.0": {
-				AfiSafi: map[openconfig.E_BgpTypes_AFI_SAFI_TYPE]*openconfig.NetworkInstance_Protocol_Bgp_Neighbor_AfiSafi{ //nolint:exhaustive  // false positive
+				AfiSafi: map[openconfig.E_BgpTypes_AFI_SAFI_TYPE]*openconfig.NetworkInstance_Protocol_Bgp_Neighbor_AfiSafi{
 					openconfig.BgpTypes_AFI_SAFI_TYPE_IPV4_UNICAST: {
 						AfiSafiName: openconfig.BgpTypes_AFI_SAFI_TYPE_IPV4_UNICAST,
 						ApplyPolicy: &openconfig.NetworkInstance_Protocol_Bgp_Neighbor_AfiSafi_ApplyPolicy{
diff --git a/internal/model/cmdb/routingpolicy/route_policy.go b/internal/model/cmdb/routingpolicy/route_policy.go
index 50cf652..351ab68 100644
--- a/internal/model/cmdb/routingpolicy/route_policy.go
+++ b/internal/model/cmdb/routingpolicy/route_policy.go
@@ -34,7 +34,7 @@ const (
 	OriginNone       RouteProtocolOrigin = ""
 )
 
-type RoutePolicyTerm struct { //nolint:govet // for readability
+type RoutePolicyTerm struct {
 	Sequence    int      `json:"sequence"    validate:"required"`
 	Decision    Decision `json:"decision"    validate:"required"`
 	Description string   `json:"description" validate:"omitempty"`
diff --git a/internal/report/report.go b/internal/report/report.go
index 38367b9..6db119c 100644
--- a/internal/report/report.go
+++ b/internal/report/report.go
@@ -9,7 +9,7 @@ import (
 	"github.com/rs/zerolog/log"
 )
 
-type Report struct { //nolint:govet // for JSON order
+type Report struct {
 	StartTime time.Time `json:"start_time"`
 	EndTime   time.Time `json:"end_time"`