diff --git a/internal/linter/cm.go b/internal/linter/cm.go
index 46087c55..14b8c7aa 100644
--- a/internal/linter/cm.go
+++ b/internal/linter/cm.go
@@ -147,7 +147,7 @@ func (*CM) checkEnv(poFQN string, co v1.Container, refs References) {
 			continue
 		}
 		refs[key] = map[string]*Reference{
-			"env": &Reference{
+			"env": {
 				name: kref.Name,
 				keys: map[string]struct{}{
 					kref.Key: blank,
diff --git a/internal/linter/cm_test.go b/internal/linter/cm_test.go
index 38c8bc9b..f9178f18 100644
--- a/internal/linter/cm_test.go
+++ b/internal/linter/cm_test.go
@@ -70,7 +70,7 @@ func TestCMCheckContainerRefs(t *testing.T) {
 		{makePodEnv("p1", "cm1", "fred", false), "env", true, &Reference{
 			name: "cm1",
 			keys: map[string]struct{}{
-				"fred": struct{}{},
+				"fred": {},
 			},
 		}},
 		{makePodEnv("p1", "cm1", "fred", true), "env", false, nil},
@@ -105,7 +105,7 @@ func TestCMCheckVolumes(t *testing.T) {
 			true,
 			&Reference{
 				name: "default/p1:v1",
-				keys: map[string]struct{}{"fred": struct{}{}},
+				keys: map[string]struct{}{"fred": {}},
 			},
 		},
 		// Pod with a volume referencing an optional cm.
diff --git a/internal/linter/sec.go b/internal/linter/sec.go
index 6b645f1d..d4cab526 100644
--- a/internal/linter/sec.go
+++ b/internal/linter/sec.go
@@ -53,16 +53,7 @@ func (s *Secret) Lint(ctx context.Context) error {
 	return nil
 }
 
-func (s *Secret) lint(secs map[string]v1.Secret, pods map[string]v1.Pod, sas map[string]v1.ServiceAccount) {
-	refs := make(References, len(pods)+len(sas))
-
-	for fqn, po := range pods {
-		s.checkVolumes(fqn, po.Spec.Volumes, refs)
-		s.checkContainerRefs(fqn, po.Spec.InitContainers, refs)
-		s.checkContainerRefs(fqn, po.Spec.Containers, refs)
-		s.checkPullImageSecrets(po, refs)
-	}
-
+func checkServiceAccountRef(sas map[string]v1.ServiceAccount, refs References) {
 	for _, sa := range sas {
 		Reference := Reference{name: sa.Name}
 		for _, s := range sa.Secrets {
@@ -83,9 +74,22 @@ func (s *Secret) lint(secs map[string]v1.Secret, pods map[string]v1.Pod, sas map
 			}
 		}
 	}
+}
+
+func (s *Secret) lint(secs map[string]v1.Secret, pods map[string]v1.Pod, sas map[string]v1.ServiceAccount) {
+	refs := make(References, len(pods)+len(sas))
+
+	for fqn, po := range pods {
+		s.checkVolumes(fqn, po.Spec.Volumes, refs)
+		s.checkContainerRefs(fqn, po.Spec.InitContainers, refs)
+		s.checkContainerRefs(fqn, po.Spec.Containers, refs)
+		s.checkPullImageSecrets(po, refs)
+	}
+	checkServiceAccountRef(sas, refs)
 
 	for fqn, sec := range secs {
 		s.initIssues(fqn)
+
 		ref, ok := refs[fqn]
 		if !ok {
 			s.addIssuef(fqn, InfoLevel, "Reference?")
@@ -176,10 +180,10 @@ func (*Secret) checkContainerRefs(poFQN string, cos []v1.Container, refs map[str
 			}
 
 			refs[fqn] = map[string]*Reference{
-				"env": &Reference{
+				"env": {
 					name: kref.Name,
 					keys: map[string]struct{}{
-						kref.Key: struct{}{},
+						kref.Key: {},
 					},
 				},
 			}
diff --git a/internal/linter/sec_test.go b/internal/linter/sec_test.go
index 92ace8de..5ad4a68c 100644
--- a/internal/linter/sec_test.go
+++ b/internal/linter/sec_test.go
@@ -98,7 +98,7 @@ func TestSecCheckContainerRefs(t *testing.T) {
 		{makePodSecEnv("p1", "s1", "fred", false), "env", true, &Reference{
 			name: "s1",
 			keys: map[string]struct{}{
-				"fred": struct{}{},
+				"fred": {},
 			},
 		}},
 		{makePodEnv("p1", "s1", "fred", true), "env", false, nil},
@@ -130,7 +130,7 @@ func TestSecCheckVolumes(t *testing.T) {
 		{
 			makePodSecVol("p1", "s1", "fred", false), "volume", true, &Reference{
 				name: "default/p1:v1",
-				keys: map[string]struct{}{"fred": struct{}{}},
+				keys: map[string]struct{}{"fred": {}},
 			},
 		},
 		{