diff --git a/AUDIT-SECRETS.md b/AUDIT-SECRETS.md
new file mode 100644
index 0000000..6da83bc
--- /dev/null
+++ b/AUDIT-SECRETS.md
@@ -0,0 +1,36 @@
+# Security Audit: Secrets & Configuration
+
+## Summary
+
+A security audit was performed on the codebase to identify any exposed secrets, credentials, or insecure configurations. The audit included a review of the source code, configuration files, CI/CD pipelines, and Git history.
+
+**No exposed secrets, credentials, or insecure configurations were found.**
+
+The project follows best practices for managing secrets, such as using GitHub Secrets for CI/CD workflows.
+
+## Secret Detection
+
+The following locations were scanned for secrets:
+
+- Source code (all files)
+- Configuration files (`.yml`, `.yaml`, `Makefile`, `package.json`)
+- CI/CD configs (`.github/workflows/*.yml`)
+- Git history
+
+The following types of secrets were scanned for:
+
+- API Keys (AWS, GCP, Azure, Stripe, etc.)
+- Passwords
+- Tokens (JWT secrets, OAuth tokens)
+- Private Keys (SSH, SSL/TLS, signing keys)
+- Database Credentials
+
+No instances of hardcoded secrets were found.
+
+## Configuration Security
+
+- **Default Credentials**: No default credentials were found in the codebase.
+- **Debug Mode**: The project is a library and does not have a traditional "debug mode". No debug-related flags or settings were found to be enabled in a way that would be insecure in a production environment.
+- **Error Verbosity**: The error messages in the library are concise and do not leak sensitive information or stack traces.
+- **CORS Policy**: The project is a library and does not implement a web server, so CORS policies are not applicable.
+- **Security Headers**: The project is a library and does not implement a web server, so security headers are not applicable.
diff --git a/dns_tools.go b/dns_tools.go
index de57110..67a20ef 100644
--- a/dns_tools.go
+++ b/dns_tools.go
@@ -663,7 +663,7 @@ func RDAPLookupDomainWithTimeout(domain string, timeout time.Duration) RDAPRespo
 		result.LookupTimeMs = time.Since(start).Milliseconds()
 		return result
 	}
-	defer resp.Body.Close()
+	defer func() { _ = resp.Body.Close() }()
 
 	body, err := io.ReadAll(resp.Body)
 	if err != nil {
@@ -718,7 +718,7 @@ func RDAPLookupIPWithTimeout(ip string, timeout time.Duration) RDAPResponse {
 		result.LookupTimeMs = time.Since(start).Milliseconds()
 		return result
 	}
-	defer resp.Body.Close()
+	defer func() { _ = resp.Body.Close() }()
 
 	body, err := io.ReadAll(resp.Body)
 	if err != nil {
@@ -769,7 +769,7 @@ func RDAPLookupASNWithTimeout(asn string, timeout time.Duration) RDAPResponse {
 		result.LookupTimeMs = time.Since(start).Milliseconds()
 		return result
 	}
-	defer resp.Body.Close()
+	defer func() { _ = resp.Body.Close() }()
 
 	body, err := io.ReadAll(resp.Body)
 	if err != nil {