diff --git a/.github/workflows/go-postsubmit.yml b/.github/workflows/go-postsubmit.yml
index bcbe766f..74a336b1 100644
--- a/.github/workflows/go-postsubmit.yml
+++ b/.github/workflows/go-postsubmit.yml
@@ -5,15 +5,6 @@ on:
     branches:
       - main
       - release-*
-  workflow_dispatch: {}
-
-env:
-  # Common versions
-  GO_REQUIRED_MIN_VERSION: ''
-  GOPATH: '/home/runner/work/config-policy-controller/config-policy-controller/go'
-defaults:
-  run:
-    working-directory: go/src/open-cluster-management.io/config-policy-controller
 
 jobs:
   verify:
@@ -22,13 +13,10 @@ jobs:
     steps:
       - name: checkout code
         uses: actions/checkout@v4
-        with:
-          fetch-depth: 1
-          path: go/src/open-cluster-management.io/config-policy-controller
       - name: install Go
         uses: actions/setup-go@v5
         with:
-          go-version-file: go/src/open-cluster-management.io/config-policy-controller/go.mod
+          go-version-file: go.mod
       - name: images
         run: make build-images
       - name: push
diff --git a/.github/workflows/go-release.yml b/.github/workflows/go-release.yml
index 0cd71f3b..e7c4c0ea 100644
--- a/.github/workflows/go-release.yml
+++ b/.github/workflows/go-release.yml
@@ -7,9 +7,7 @@ on:
 
 env:
   TAG: ${{ github.ref_name }}
-defaults:
-  run:
-    working-directory: go/src/open-cluster-management.io/config-policy-controller
+
 
 jobs:
   release:
@@ -18,13 +16,10 @@ jobs:
     steps:
       - name: checkout code
         uses: actions/checkout@v4
-        with:
-          fetch-depth: 1
-          path: go/src/open-cluster-management.io/config-policy-controller
       - name: install Go
         uses: actions/setup-go@v5
         with:
-          go-version-file: go/src/open-cluster-management.io/config-policy-controller/go.mod
+          go-version-file: go.mod
       - name: build images
         run:  |
           make build-images
diff --git a/.github/workflows/kind.yml b/.github/workflows/kind.yml
index 9a90db49..f499e9c8 100644
--- a/.github/workflows/kind.yml
+++ b/.github/workflows/kind.yml
@@ -13,7 +13,6 @@ on:
 defaults:
   run:
     shell: bash
-    working-directory: config-policy-controller
 
 jobs:
   kind-tests:
@@ -33,15 +32,11 @@ jobs:
     steps:
       - name: Checkout Config Policy Controller
         uses: actions/checkout@v4
-        with:
-          path: config-policy-controller
-          fetch-depth: 0 # Fetch all history for all tags and branches
 
       - name: Set up Go
         uses: actions/setup-go@v5
-        id: go
         with:
-          go-version-file: config-policy-controller/go.mod
+          go-version-file: go.mod
 
       - name: Verify modules
         run: |
@@ -75,7 +70,6 @@ jobs:
 
       - name: E2E Tests
         run: |
-          kubectl get pod -A
           export GOPATH=$(go env GOPATH)
           KUBECONFIG=${PWD}/kubeconfig_managed make e2e-test-coverage
 
@@ -105,6 +99,7 @@ jobs:
         run: |
           make test-coverage
           make coverage-verify
+          make gosec-scan
 
       - name: Debug
         if: ${{ failure() }}
diff --git a/controllers/operatorpolicy_status.go b/controllers/operatorpolicy_status.go
index 77bef570..9ce107bf 100644
--- a/controllers/operatorpolicy_status.go
+++ b/controllers/operatorpolicy_status.go
@@ -644,6 +644,7 @@ func opGroupTooManyObjs(opGroups []unstructured.Unstructured) []policyv1.Related
 	objs := make([]policyv1.RelatedObject, len(opGroups))
 
 	for i, opGroup := range opGroups {
+		opGroup := opGroup
 		objs[i] = policyv1.RelatedObject{
 			Object:    policyv1.ObjectResourceFromObj(&opGroup),
 			Compliant: string(policyv1.NonCompliant),