diff --git a/cmd/icingadb-migrate/convert.go b/cmd/icingadb-migrate/convert.go
index 8a9a618d..246651bf 100644
--- a/cmd/icingadb-migrate/convert.go
+++ b/cmd/icingadb-migrate/convert.go
@@ -289,7 +289,7 @@ func convertDowntimeRows(
 		// with factor 1,000 should not overflow anything. In theory, at least. To make sure, invalid values are capped.
 		var flexibleDuration uint64
 		if durationSec := row.Duration; durationSec >= 0 && durationSec < math.MaxUint64/1_000 {
-			flexibleDuration = uint64(durationSec) * 1_000
+			flexibleDuration = uint64(durationSec) * 1_000 // #nosec G115 -- int64 -> uint64 cannot overflow, check above
 		}
 
 		downtimeHistory = append(downtimeHistory, &history.DowntimeHistory{
diff --git a/cmd/icingadb-migrate/main.go b/cmd/icingadb-migrate/main.go
index 09b225d5..9eb775e3 100644
--- a/cmd/icingadb-migrate/main.go
+++ b/cmd/icingadb-migrate/main.go
@@ -129,6 +129,8 @@ func parseConfig(f *Flags) (_ *Config, exit int) {
 	}
 
 	if err := yaml.NewDecoder(cf, yaml.DisallowUnknownField()).Decode(c); err != nil {
+		// #nosec G705 -- this error message should do no harm in the output, being printed to stderr
+		// on a terminal and not used as an HTML page or the like
 		_, _ = fmt.Fprintf(os.Stderr, "can't parse config file: %s\n", err.Error())
 		return nil, 2
 	}