diff --git a/common/.commonfiles.sha b/common/.commonfiles.sha
index 95c155caf4f..ec96eaf9c69 100644
--- a/common/.commonfiles.sha
+++ b/common/.commonfiles.sha
@@ -1 +1 @@
-50db20dcc7eaac1c3972d5f77a5effea24b45522
+938c9091ba790ce1623df134c41c8173bd68264e
diff --git a/common/config/.golangci.yml b/common/config/.golangci.yml
index 426b10bf68b..3581f6f2ff9 100644
--- a/common/config/.golangci.yml
+++ b/common/config/.golangci.yml
@@ -53,6 +53,7 @@ linters:
   - unparam
   - unused
   - gci
+  - gosec
   fast: false
 
 linters-settings:
@@ -238,6 +239,11 @@ linters-settings:
     packages-with-error-message:
     - github.com/gogo/protobuf: "gogo/protobuf is deprecated, use golang/protobuf"
     - golang.org/x/net/http2/h2c: "h2c.NewHandler is unsafe; use wrapper istio.io/istio/pkg/h2c"
+  gosec:
+    includes:
+    - G401
+    - G402
+    - G404
 issues:
   # List of regexps of issue texts to exclude, empty list by default.
   # But independently from this option we use default exclude patterns,