marcus · marcus · Mar 23, 2026
diff --git a/internal/analysis/analyzer.go b/internal/analysis/analyzer.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"os"
 	"os/exec"
+	"path/filepath"
 	"strings"
 	"time"
 )
@@ -98,7 +99,7 @@ type ParseOptions struct {
 
 // RepositoryExists checks if a valid git repository exists at the given path.
 func RepositoryExists(path string) bool {
-	gitDir := strings.TrimSpace(path) + "/.git"
+	gitDir := filepath.Join(strings.TrimSpace(path), ".git")
 	_, err := os.Stat(gitDir)
 	return err == nil
 }
diff --git a/internal/projects/projects.go b/internal/projects/projects.go
@@ -101,7 +101,10 @@ func ExpandGlobPatterns(patterns, excludes []string) ([]string, error) {
 	// Build exclude set (expanded)
 	for _, exc := range excludes {
 		excPath := expandPath(exc)
-		excPath, _ = filepath.Abs(excPath)
+		excPath, err := filepath.Abs(excPath)
+		if err != nil {
+			continue
+		}
 		excludeSet[excPath] = true
 	}
 
@@ -114,7 +117,10 @@ func ExpandGlobPatterns(patterns, excludes []string) ([]string, error) {
 		}
 
 		for _, match := range matches {
-			absMatch, _ := filepath.Abs(match)
+			absMatch, err := filepath.Abs(match)
+			if err != nil {
+				continue
+			}
 
 			// Check if excluded
 			if excludeSet[absMatch] {

diff --git a/internal/reporting/summary.go b/internal/reporting/summary.go
@@ -375,7 +375,8 @@ func (g *Generator) sendSlack(summary *Summary, webhookURL string) error {
 		return fmt.Errorf("marshaling slack payload: %w", err)
 	}
 
-	resp, err := http.Post(webhookURL, "application/json", bytes.NewReader(jsonPayload))
+	client := &http.Client{Timeout: 30 * time.Second}
+	resp, err := client.Post(webhookURL, "application/json", bytes.NewReader(jsonPayload))
 	if err != nil {
 		return fmt.Errorf("posting to slack: %w", err)
 	}

diff --git a/internal/security/security.go b/internal/security/security.go
@@ -215,17 +215,18 @@ func ValidateProjectPath(path string) error {
 		return fmt.Errorf("resolving path: %w", err)
 	}
 
-	home, _ := os.UserHomeDir()
+	home, err := os.UserHomeDir()
+	if err != nil {
+		return fmt.Errorf("cannot determine home directory: %w", err)
+	}
 
 	blocked := []string{
 		"/",
 		"/tmp",
 		"/var",
 		"/etc",
 		"/usr",
-	}
-	if home != "" {
-		blocked = append(blocked, home)
+		home,
 	}
 
 	for _, b := range blocked {

diff --git a/internal/snapshots/collector.go b/internal/snapshots/collector.go
@@ -195,7 +195,10 @@ func (c *Collector) TakeSnapshot(ctx context.Context, provider string) (Snapshot
 		return Snapshot{}, fmt.Errorf("insert snapshot: %w", err)
 	}
 
-	id, _ := result.LastInsertId()
+	id, err := result.LastInsertId()
+	if err != nil {
+		return Snapshot{}, fmt.Errorf("get snapshot id: %w", err)
+	}
 
 	return Snapshot{
 		ID:               id,