diff --git a/.golangci.yml b/.golangci.yml
index 87749bae..8be0dcec 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -27,5 +27,8 @@ linters:
 issues:
   exclude-rules:
     - text: "Potential HTTP request made with variable url"
+      linters:
+        - gosec
+    - text: "SQL string concatenation"
       linters:
         - gosec
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index 8ddd0ed0..2be72f05 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
-ARG DOCKER_CLI_BASE_IMAGE=docker:19.03.6-git
+ARG DOCKER_CLI_BASE_IMAGE=docker:20.10.5-git
 
-FROM golang:1.14.2-alpine AS gobuild-base
+FROM golang:1.16.3-alpine AS gobuild-base
 RUN apk add --no-cache \
 	git \
 	make
diff --git a/Windows.Dockerfile b/Windows.Dockerfile
index 65fc2bc7..c24e5901 100644
--- a/Windows.Dockerfile
+++ b/Windows.Dockerfile
@@ -63,7 +63,7 @@ RUN $newPath = ('{0}\bin;C:\go\bin;{1}' -f $env:GOPATH, $env:PATH); \
 
 # install go lang
 
-ENV GOLANG_VERSION 1.14.2
+ENV GOLANG_VERSION 1.16.3
 
 RUN $url = ('https://golang.org/dl/go{0}.windows-amd64.zip' -f $env:GOLANG_VERSION); \
 	Write-Host ('Downloading {0} ...' -f $url); \
diff --git a/baseimages/docker-cli/Dockerfile b/baseimages/docker-cli/Dockerfile
index c2174e9c..d135a846 100644
--- a/baseimages/docker-cli/Dockerfile
+++ b/baseimages/docker-cli/Dockerfile
@@ -1,6 +1,6 @@
 # Required.
 # docker build -f baseimages/docker-cli/Dockerfile -t docker .
-ARG DOCKER_CLI_BASE_IMAGE=docker:19.03.6-git
+ARG DOCKER_CLI_BASE_IMAGE=docker:20.10.5-git
 FROM ${DOCKER_CLI_BASE_IMAGE}
 
 ARG GIT_LFS_VERSION=2.5.2
diff --git a/graph/global-defaults-linux.go b/graph/global-defaults-linux.go
index e85033f9..0765ea8c 100644
--- a/graph/global-defaults-linux.go
+++ b/graph/global-defaults-linux.go
@@ -14,7 +14,7 @@ Branch: "{{.Run.Branch}}"
 
 # Default image aliases, can be used without $ directive in cmd
 acr: mcr.microsoft.com/acr/acr-cli:0.4
-az: mcr.microsoft.com/acr/azure-cli:b0352a7
-bash: mcr.microsoft.com/acr/bash:b0352a7
-curl: mcr.microsoft.com/acr/curl:b0352a7
+az: mcr.microsoft.com/acr/azure-cli:e7bb27d
+bash: mcr.microsoft.com/acr/bash:e7bb27d
+curl: mcr.microsoft.com/acr/curl:e7bb27d
 `
diff --git a/scan/git_test.go b/scan/git_test.go
index 2ffacd47..24577b9d 100644
--- a/scan/git_test.go
+++ b/scan/git_test.go
@@ -184,13 +184,13 @@ func TestCheckoutGit(t *testing.T) {
 	_, err = gitWithinDir(gitDir, "checkout", "-b", "default")
 	assert.NilError(t, err)
 
-	err = ioutil.WriteFile(filepath.Join(gitDir, "Dockerfile"), []byte("FROM scratch"), 0644)
+	err = ioutil.WriteFile(filepath.Join(gitDir, "Dockerfile"), []byte("FROM scratch"), 0600)
 	assert.NilError(t, err)
 
 	subDir := filepath.Join(gitDir, "subdir")
 	assert.NilError(t, os.Mkdir(subDir, 0755))
 
-	err = ioutil.WriteFile(filepath.Join(subDir, "Dockerfile"), []byte("FROM scratch\nEXPOSE 5000"), 0644)
+	err = ioutil.WriteFile(filepath.Join(subDir, "Dockerfile"), []byte("FROM scratch\nEXPOSE 5000"), 0600)
 	assert.NilError(t, err)
 
 	if runtime.GOOS != "windows" {
@@ -212,10 +212,10 @@ func TestCheckoutGit(t *testing.T) {
 	_, err = gitWithinDir(gitDir, "checkout", "-b", "test")
 	assert.NilError(t, err)
 
-	err = ioutil.WriteFile(filepath.Join(gitDir, "Dockerfile"), []byte("FROM scratch\nEXPOSE 3000"), 0644)
+	err = ioutil.WriteFile(filepath.Join(gitDir, "Dockerfile"), []byte("FROM scratch\nEXPOSE 3000"), 0600)
 	assert.NilError(t, err)
 
-	err = ioutil.WriteFile(filepath.Join(subDir, "Dockerfile"), []byte("FROM busybox\nEXPOSE 5000"), 0644)
+	err = ioutil.WriteFile(filepath.Join(subDir, "Dockerfile"), []byte("FROM busybox\nEXPOSE 5000"), 0600)
 	assert.NilError(t, err)
 
 	_, err = gitWithinDir(gitDir, "add", "-A")
@@ -238,7 +238,7 @@ func TestCheckoutGit(t *testing.T) {
 	_, err = gitWithinDir(subrepoDir, "config", "user.name", "Docker test")
 	assert.NilError(t, err)
 
-	err = ioutil.WriteFile(filepath.Join(subrepoDir, "subfile"), []byte("subcontents"), 0644)
+	err = ioutil.WriteFile(filepath.Join(subrepoDir, "subfile"), []byte("subcontents"), 0600)
 	assert.NilError(t, err)
 
 	_, err = gitWithinDir(subrepoDir, "add", "-A")
@@ -276,6 +276,7 @@ func TestCheckoutGit(t *testing.T) {
 		{"test", "FROM scratch" + eol + "EXPOSE 3000", false, false},
 		{"test:", "FROM scratch" + eol + "EXPOSE 3000", false, false},
 		{"test:subdir", "FROM busybox" + eol + "EXPOSE 5000", false, false},
+		{"nonexist:subdir", "FROM busybox" + eol + "EXPOSE 5000", true, false},
 	}
 
 	if runtime.GOOS != "windows" {
@@ -285,8 +286,8 @@ func TestCheckoutGit(t *testing.T) {
 		// 	error: unable to index file absolutelink
 		// 	fatal: adding files failed
 		fmt.Println("Windows!!!!!!!!!!")
-		cases = append(cases, singleCase{frag: "master:absolutelink", exp: "FROM scratch" + eol + "EXPOSE 5000", fail: false})
-		cases = append(cases, singleCase{frag: "master:parentlink", exp: "FROM scratch" + eol + "EXPOSE 5000", fail: false})
+		cases = append(cases, singleCase{frag: "default:absolutelink", exp: "FROM scratch" + eol + "EXPOSE 5000", fail: false})
+		cases = append(cases, singleCase{frag: "default:parentlink", exp: "FROM scratch" + eol + "EXPOSE 5000", fail: false})
 	}
 
 	for _, c := range cases {
@@ -304,13 +305,13 @@ func TestCheckoutGit(t *testing.T) {
 		assert.NilError(t, err)
 		defer os.RemoveAll(r)
 		if c.submodule {
-			b, err := ioutil.ReadFile(filepath.Join(r, "sub/subfile"))
-			assert.NilError(t, err)
+			b, innerErr := ioutil.ReadFile(filepath.Join(r, "sub/subfile"))
+			assert.NilError(t, innerErr)
 			assert.Check(t, is.Equal("subcontents", string(b)))
 		} else {
-			_, err := os.Stat(filepath.Join(r, "sub/subfile"))
-			assert.Assert(t, is.ErrorContains(err, ""))
-			assert.Assert(t, os.IsNotExist(err))
+			_, innerErr := os.Stat(filepath.Join(r, "sub/subfile"))
+			assert.Assert(t, is.ErrorContains(innerErr, ""))
+			assert.Assert(t, os.IsNotExist(innerErr))
 		}
 
 		b, err := ioutil.ReadFile(filepath.Join(r, "Dockerfile"))