diff --git a/headers/modsecurity/anchored_set_variable_translation_proxy.h b/headers/modsecurity/anchored_set_variable_translation_proxy.h
index 165e3cad20..5b0c488adb 100644
--- a/headers/modsecurity/anchored_set_variable_translation_proxy.h
+++ b/headers/modsecurity/anchored_set_variable_translation_proxy.h
@@ -42,7 +42,7 @@ class AnchoredSetVariableTranslationProxy {
         : m_name(name),
         m_fount(fount)
     {
-        m_translate = [](std::string *name, std::vector<const VariableValue *> *l) {
+        m_translate = [](const std::string *name, std::vector<const VariableValue *> *l) {
             for (int i = 0; i < l->size(); ++i) {
                 VariableValue *newVariableValue = new VariableValue(name, &l->at(i)->getKey(), &l->at(i)->getKey());
                 const VariableValue *oldVariableValue = l->at(i);
diff --git a/headers/modsecurity/rule_message.h b/headers/modsecurity/rule_message.h
index 51eca0e8ef..46177cd944 100644
--- a/headers/modsecurity/rule_message.h
+++ b/headers/modsecurity/rule_message.h
@@ -48,7 +48,7 @@ class RuleMessage {
      * unnecessary data duplication. Needs to be shrink down.
      *
      */
-    RuleMessage(RuleWithActions *rule, Transaction *trans) :
+    RuleMessage(RuleWithActions *rule, const Transaction *trans) :
         m_accuracy(rule->m_accuracy),
         m_clientIpAddress(trans->m_clientIpAddress),
         m_data(""),
@@ -73,7 +73,7 @@ class RuleMessage {
         m_tags()
     { }
 
-    explicit RuleMessage(RuleMessage *rule) :
+    explicit RuleMessage(const RuleMessage *rule) :
         m_accuracy(rule->m_accuracy),
         m_clientIpAddress(rule->m_clientIpAddress),
         m_data(rule->m_data),
@@ -158,16 +158,16 @@ class RuleMessage {
         m_ver = "";
     }
 
-    std::string log() {
+    std::string log() const {
         return log(this, 0);
     }
-    std::string log(int props) {
+    std::string log(int props) const {
         return log(this, props);
     }
-    std::string log(int props, int responseCode) {
+    std::string log(int props, int responseCode) const {
         return log(this, props, responseCode);
     }
-    std::string errorLog() {
+    std::string errorLog() const {
         return log(this,
 		ClientLogMessageInfo | ErrorLogTailLogMessageInfo);
     }
diff --git a/headers/modsecurity/rules.h b/headers/modsecurity/rules.h
index 1aaa65b549..4ec6b68484 100644
--- a/headers/modsecurity/rules.h
+++ b/headers/modsecurity/rules.h
@@ -50,7 +50,7 @@ class Rules {
     int append(Rules *from, const std::vector<int64_t> &ids, std::ostringstream *err) {
          size_t j = 0;
          for (; j < from->size(); j++) {
-            RuleWithOperator *rule = dynamic_cast<RuleWithOperator *>(from->at(j).get());
+            const RuleWithOperator *rule = dynamic_cast<RuleWithOperator *>(from->at(j).get());
             if (rule && std::binary_search(ids.begin(), ids.end(), rule->m_ruleId)) {
                  if (err != NULL) {
                      *err << "Rule id: " << std::to_string(rule->m_ruleId) \
@@ -68,7 +68,7 @@ class Rules {
     }
 
     bool insert(std::shared_ptr<Rule> rule, const std::vector<int64_t> *ids, std::ostringstream *err) {
-        RuleWithOperator *r = dynamic_cast<RuleWithOperator *>(rule.get());
+        const RuleWithOperator *r = dynamic_cast<RuleWithOperator *>(rule.get());
         if (r && ids != nullptr && std::binary_search(ids->begin(), ids->end(), r->m_ruleId)) {
             if (err != nullptr) {
                 *err << "Rule id: " << std::to_string(r->m_ruleId) \
diff --git a/headers/modsecurity/rules_set.h b/headers/modsecurity/rules_set.h
index 4af55f405e..3a85fd533a 100644
--- a/headers/modsecurity/rules_set.h
+++ b/headers/modsecurity/rules_set.h
@@ -93,7 +93,7 @@ extern "C" {
 #endif
 
 RulesSet *msc_create_rules_set(void);
-void msc_rules_dump(RulesSet *rules);
+void msc_rules_dump(const RulesSet *rules);
 int msc_rules_merge(RulesSet *rules_dst, RulesSet *rules_from, const char **error);
 int msc_rules_add_remote(RulesSet *rules, const char *key, const char *uri,
     const char **error);
diff --git a/headers/modsecurity/rules_set_properties.h b/headers/modsecurity/rules_set_properties.h
index 77b112698c..7abf70b07d 100644
--- a/headers/modsecurity/rules_set_properties.h
+++ b/headers/modsecurity/rules_set_properties.h
@@ -70,7 +70,7 @@ class ConfigInt {
     bool m_set;
     int m_value;
 
-    void merge(ConfigInt *from) {
+    void merge(const ConfigInt *from) {
         if (m_set == true || from->m_set == false) {
             return;
         }
@@ -87,7 +87,7 @@ class ConfigDouble {
     bool m_set;
     double m_value;
 
-    void merge(ConfigDouble *from) {
+    void merge(const ConfigDouble *from) {
         if (m_set == true || from->m_set == false) {
             return;
         }
@@ -104,7 +104,7 @@ class ConfigString {
     bool m_set;
     std::string m_value;
 
-    void merge(ConfigString *from) {
+    void merge(const ConfigString *from) {
         if (m_set == true || from->m_set == false) {
             return;
         }
@@ -150,7 +150,7 @@ class ConfigUnicodeMap {
     static void loadConfig(std::string f, double codePage,
         RulesSetProperties *driver, std::string *errg);
 
-    void merge(ConfigUnicodeMap *from) {
+    void merge(const ConfigUnicodeMap *from) {
         if (from->m_set == false) {
             return;
         }
diff --git a/headers/modsecurity/transaction.h b/headers/modsecurity/transaction.h
index 83d850122d..7d5a01be09 100644
--- a/headers/modsecurity/transaction.h
+++ b/headers/modsecurity/transaction.h
@@ -704,7 +704,7 @@ int msc_process_uri(Transaction *transaction, const char *uri,
     const char *protocol, const char *http_version);
 
 /** @ingroup ModSecurity_C_API */
-const char *msc_get_response_body(Transaction *transaction);
+const char *msc_get_response_body(const Transaction *transaction);
 
 /** @ingroup ModSecurity_C_API */
 size_t msc_get_response_body_length(Transaction *transaction);
diff --git a/src/engine/lua.cc b/src/engine/lua.cc
index 0fac4f6477..bad9800c5d 100644
--- a/src/engine/lua.cc
+++ b/src/engine/lua.cc
@@ -114,7 +114,7 @@ int Lua::blob_keeper(lua_State *L, const void *p, size_t sz, void *ud) {
 
 
 const char *Lua::blob_reader(lua_State *L, void *ud, size_t *size) {
-    LuaScriptBlob *lsb = static_cast<LuaScriptBlob *>(ud);
+    const LuaScriptBlob *lsb = static_cast<LuaScriptBlob *>(ud);
     const char *data = lsb->read(size);
     return data;
 }
diff --git a/src/operators/pm.cc b/src/operators/pm.cc
index ebf31c4077..cf49b494fb 100644
--- a/src/operators/pm.cc
+++ b/src/operators/pm.cc
@@ -132,7 +132,7 @@ bool Pm::init(const std::string &file, std::string *error) {
         std::istream_iterator<std::string>(),
         back_inserter(vec));
 
-    for (auto &a : vec) {
+    for (const auto &a : vec) {
         acmp_add_pattern(m_p, a.c_str(), NULL, NULL, a.length());
     }
 
diff --git a/src/operators/verify_cpf.cc b/src/operators/verify_cpf.cc
index 1dcf18444f..a7cf60110c 100644
--- a/src/operators/verify_cpf.cc
+++ b/src/operators/verify_cpf.cc
@@ -38,7 +38,7 @@ int VerifyCPF::convert_to_int(const char c) {
 }
 
 
-bool VerifyCPF::verify(const char *cpfnumber, int len) {
+bool VerifyCPF::verify(const char *cpfnumber, int len) const {
     int factor, part_1, part_2, var_len = len;
     unsigned int sum = 0, i = 0, cpf_len = 11, c;
     int cpf[11];
diff --git a/src/operators/verify_cpf.h b/src/operators/verify_cpf.h
index eecf71b1a2..9309324902 100644
--- a/src/operators/verify_cpf.h
+++ b/src/operators/verify_cpf.h
@@ -50,7 +50,7 @@ class VerifyCPF : public Operator {
         const std::string& input,
         std::shared_ptr<RuleMessage> ruleMessage) override;
 
-    bool verify(const char *ssnumber, int len);
+    bool verify(const char *ssnumber, int len) const;
 
  private:
     static int convert_to_int(const char c);
diff --git a/src/operators/verify_svnr.cc b/src/operators/verify_svnr.cc
index 87834dd4d3..f3fc07296a 100644
--- a/src/operators/verify_svnr.cc
+++ b/src/operators/verify_svnr.cc
@@ -24,7 +24,7 @@ int VerifySVNR::convert_to_int(const char c) {
 }
 
 
-bool VerifySVNR::verify(const char *svnrnumber, int len) {
+bool VerifySVNR::verify(const char *svnrnumber, int len) const {
     int var_len = len;
     int sum = 0;
     unsigned int i = 0, svnr_len = 10;
diff --git a/src/operators/verify_svnr.h b/src/operators/verify_svnr.h
index 6fe9df9afb..15fab58168 100644
--- a/src/operators/verify_svnr.h
+++ b/src/operators/verify_svnr.h
@@ -36,7 +36,7 @@ class VerifySVNR : public Operator {
         const std::string& input,
         std::shared_ptr<RuleMessage> ruleMessage) override;
 
-    bool verify(const char *ssnumber, int len);
+    bool verify(const char *ssnumber, int len) const;
 
  private:
     Regex *m_re;
diff --git a/src/parser/driver.cc b/src/parser/driver.cc
index a6a9755c9a..a83259c5ec 100644
--- a/src/parser/driver.cc
+++ b/src/parser/driver.cc
@@ -108,9 +108,9 @@ int Driver::addSecRule(std::unique_ptr<RuleWithActions> r) {
     }
 
     for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
-        Rules *rules = m_rulesSetPhases[i];
+        const Rules *rules = m_rulesSetPhases[i];
         for (int j = 0; j < rules->size(); j++) {
-            RuleWithOperator *lr = dynamic_cast<RuleWithOperator *>(rules->at(j).get());
+            const RuleWithOperator *lr = dynamic_cast<RuleWithOperator *>(rules->at(j).get());
             if (lr && lr->m_ruleId == rule->m_ruleId) {
                 m_parserError << "Rule id: " << std::to_string(rule->m_ruleId) \
                     << " is duplicated" << std::endl;
diff --git a/src/request_body_processor/json.cc b/src/request_body_processor/json.cc
index 585976b48a..f56704effa 100644
--- a/src/request_body_processor/json.cc
+++ b/src/request_body_processor/json.cc
@@ -131,7 +131,7 @@ int JSON::addArgument(const std::string& value) {
     std::string path;
 
     for (size_t i =  0; i < m_containers.size(); i++) {
-        JSONContainerArray *a = dynamic_cast<JSONContainerArray *>(
+        const JSONContainerArray *a = dynamic_cast<JSONContainerArray *>(
             m_containers[i]);
         path = path + m_containers[i]->m_name;
         if (a != NULL) {
diff --git a/src/rule_with_actions.cc b/src/rule_with_actions.cc
index 7c9471c197..eb620495fc 100644
--- a/src/rule_with_actions.cc
+++ b/src/rule_with_actions.cc
@@ -365,7 +365,7 @@ void RuleWithActions::executeTransformations(
             std::shared_ptr<std::string>(new std::string(path))));
     }
 
-    for (Action *a : m_transformations) {
+    for (const Action *a : m_transformations) {
         if (a->m_isNone) {
             none++;
         }
@@ -406,7 +406,7 @@ void RuleWithActions::executeTransformations(
         if (m_ruleId != b.first) {
             continue;
         }
-        Transformation *a = dynamic_cast<Transformation*>(b.second.get());
+        const Transformation *a = dynamic_cast<Transformation*>(b.second.get());
         if (a->m_isNone) {
             none++;
         }
diff --git a/src/rule_with_operator.cc b/src/rule_with_operator.cc
index 89ba45cecd..b86de76935 100644
--- a/src/rule_with_operator.cc
+++ b/src/rule_with_operator.cc
@@ -217,7 +217,7 @@ inline void RuleWithOperator::getFinalVars(variables::Variables *vars,
 bool RuleWithOperator::evaluate(Transaction *trans,
     std::shared_ptr<RuleMessage> ruleMessage) {
     bool globalRet = false;
-    variables::Variables *variables = this->m_variables;
+    const variables::Variables *variables = this->m_variables; // cppcheck-suppress unreadVariable ; false positive
     bool recursiveGlobalRet;
     bool containsBlock = hasBlockAction();
     std::string eparam;
diff --git a/src/rules_set.cc b/src/rules_set.cc
index 883c78e126..977e41316a 100644
--- a/src/rules_set.cc
+++ b/src/rules_set.cc
@@ -266,7 +266,7 @@ extern "C" RulesSet *msc_create_rules_set(void) {
 }
 
 
-extern "C" void msc_rules_dump(RulesSet *rules) {
+extern "C" void msc_rules_dump(const RulesSet *rules) {
     rules->dump();
 }
 
diff --git a/src/transaction.cc b/src/transaction.cc
index cf52288d9b..1ed9d84d9e 100644
--- a/src/transaction.cc
+++ b/src/transaction.cc
@@ -1289,7 +1289,7 @@ int Transaction::processResponseBody() {
 int Transaction::appendResponseBody(const unsigned char *buf, size_t len) {
     int current_size = this->m_responseBody.tellp();
 
-    std::set<std::string> &bi = \
+    const std::set<std::string> &bi = \
         this->m_rules->m_responseBodyTypeToBeInspected.m_value;
     auto t = bi.find(m_variableResponseContentType.m_value);
     if (t == bi.end() && bi.empty() == false) {
@@ -2282,7 +2282,7 @@ extern "C" int msc_intervention(Transaction *transaction,
  * @retval NULL Nothing was updated.
  *
  */
-extern "C" const char *msc_get_response_body(Transaction *transaction) {
+extern "C" const char *msc_get_response_body(const Transaction *transaction) {
     return transaction->getResponseBody();
 }
 
diff --git a/src/utils/regex.cc b/src/utils/regex.cc
index 5facd2b195..731ffc9795 100644
--- a/src/utils/regex.cc
+++ b/src/utils/regex.cc
@@ -154,7 +154,7 @@ std::list<SMatch> Regex::searchAll(const std::string& s) const {
             rc = pcre2_match(m_pc, pcre2_s, s.length(),
                             offset, PCRE2_NO_JIT, match_data, NULL);
         }
-        PCRE2_SIZE *ovector = pcre2_get_ovector_pointer(match_data);
+        const PCRE2_SIZE *ovector = pcre2_get_ovector_pointer(match_data);
 #else
     const char *subject = s.c_str();
     int ovector[OVECCOUNT];
@@ -207,7 +207,7 @@ RegexResult Regex::searchOneMatch(const std::string& s, std::vector<SMatchCaptur
     if (m_pcje != 0 || rc == PCRE2_ERROR_JIT_STACKLIMIT) {
         rc = pcre2_match(m_pc, pcre2_s, s.length(), 0, PCRE2_NO_JIT, match_data, match_context);
     }
-    PCRE2_SIZE *ovector = pcre2_get_ovector_pointer(match_data);
+    const PCRE2_SIZE *ovector = pcre2_get_ovector_pointer(match_data);
 #else
     const char *subject = s.c_str();
     int ovector[OVECCOUNT];
@@ -261,7 +261,7 @@ RegexResult Regex::searchGlobal(const std::string& s, std::vector<SMatchCapture>
         }
         int rc = pcre2_match(m_pc, pcre2_s, s.length(),
                             startOffset, pcre2_options, match_data, match_context);
-        PCRE2_SIZE *ovector = pcre2_get_ovector_pointer(match_data);
+        const PCRE2_SIZE *ovector = pcre2_get_ovector_pointer(match_data);
 
 #else
     const char *subject = s.c_str();
diff --git a/src/variables/env.cc b/src/variables/env.cc
index dfb2c3f03d..b40a3be3e9 100644
--- a/src/variables/env.cc
+++ b/src/variables/env.cc
@@ -47,7 +47,7 @@ void Env::evaluate(Transaction *transaction,
         transaction->m_variableEnvs.insert(a);
     }
 
-    for (auto& x : transaction->m_variableEnvs) {
+    for (const auto& x : transaction->m_variableEnvs) {
         if (x.first != m_name && m_name.length() > 0) {
             continue;
         }
diff --git a/src/variables/variable.cc b/src/variables/variable.cc
index 043b8ede72..9b6286bc31 100644
--- a/src/variables/variable.cc
+++ b/src/variables/variable.cc
@@ -48,15 +48,15 @@ Variable::Variable(const std::string &name)
 }
 
 
-Variable::Variable(Variable *var) :
+Variable::Variable(const Variable *var) :
     m_name(var->m_name),
     m_collectionName(var->m_collectionName),
     m_fullName(var->m_fullName) { }
 
 
-void Variable::addsKeyExclusion(Variable *v) {
+void Variable::addsKeyExclusion(const Variable *v) {
     std::unique_ptr<KeyExclusion> r;
-    VariableModificatorExclusion *ve = \
+    const VariableModificatorExclusion *ve = \
         dynamic_cast<VariableModificatorExclusion *>(v);
     VariableRegex *vr;
 
@@ -76,12 +76,12 @@ void Variable::addsKeyExclusion(Variable *v) {
 }
 
 
-std::string operator+(const std::string &a, Variable *v) {
+std::string operator+(const std::string &a, const Variable *v) {
     return a + *v->m_fullName.get();
 }
 
 
-std::string operator+(const std::string &a, Variables *v) {
+std::string operator+(const std::string &a, const Variables *v) {
     std::string test;
     for (const auto &b : *v) {
         if (test.empty()) {
diff --git a/src/variables/variable.h b/src/variables/variable.h
index e854aca713..6ff4ab6256 100644
--- a/src/variables/variable.h
+++ b/src/variables/variable.h
@@ -589,7 +589,7 @@ class VariableMonkeyResolution {
 class Variable : public VariableMonkeyResolution {
  public:
     explicit Variable(const std::string &name);
-    explicit Variable(Variable *_name);
+    explicit Variable(const Variable *_name);
     virtual ~Variable() { }
 
 
@@ -608,7 +608,7 @@ class Variable : public VariableMonkeyResolution {
     }
 
 
-    void addsKeyExclusion(Variable *v);
+    void addsKeyExclusion(const Variable *v);
 
 
     bool operator==(const Variable& b) const {
@@ -719,8 +719,8 @@ class VariableModificatorCount : public Variable {
 };
 
 
-std::string operator+(const std::string &a, modsecurity::variables::Variable *v);
-std::string operator+(const std::string &a, modsecurity::variables::Variables *v);
+std::string operator+(const std::string &a, const modsecurity::variables::Variable *v);
+std::string operator+(const std::string &a, const modsecurity::variables::Variables *v);
 
 
 }  // namespace variables
diff --git a/test/benchmark/benchmark.cc b/test/benchmark/benchmark.cc
index a1037a470b..8d5d306d57 100644
--- a/test/benchmark/benchmark.cc
+++ b/test/benchmark/benchmark.cc
@@ -44,7 +44,7 @@ char rules_file[] = "basic_rules.conf";
 
 const char* const help_message = "Usage: benchmark [num_iterations|-h|-?|--help]";
 
-int main(int argc, char *argv[]) {
+int main(int argc, const char *argv[]) {
 
     unsigned long long NUM_REQUESTS(1000000);
 
diff --git a/test/optimization/optimization.cc b/test/optimization/optimization.cc
index f4014058c3..8d4db8f7dd 100644
--- a/test/optimization/optimization.cc
+++ b/test/optimization/optimization.cc
@@ -54,7 +54,7 @@ int main(int argc, char **argv) {
     }
 
 
-    for (auto &x : files) {
+    for (const auto &x : files) {
         std::cout << "Loading file: " << x << std::endl;
         if (modsecRules->loadFromUri(x.c_str()) < 0) {
             std::cout << "Not able to load the rules" << std::endl;
@@ -97,7 +97,7 @@ int main(int argc, char **argv) {
             }
 
             if (dynamic_cast<modsecurity::RuleWithOperator *>(z.get()) != nullptr) {
-                auto *rwo = dynamic_cast<modsecurity::RuleWithOperator *>(z.get());
+                const auto *rwo = dynamic_cast<modsecurity::RuleWithOperator *>(z.get());
 
                 std::string op = rwo->getOperatorName();
                 if (operators.count(op) > 0) {
diff --git a/test/regression/regression.cc b/test/regression/regression.cc
index 6343c9e1c3..fe27d03c90 100644
--- a/test/regression/regression.cc
+++ b/test/regression/regression.cc
@@ -115,8 +115,8 @@ void logCb(void *data, const void *msgv) {
 }
 
 
-void perform_unit_test(ModSecurityTest<RegressionTest> *test,
-    std::vector<RegressionTest *> *tests,
+void perform_unit_test(const ModSecurityTest<RegressionTest> *test,
+    const std::vector<RegressionTest *> *tests,
     ModSecurityTestResults<RegressionTestResult> *res, int *count) {
 
     for (RegressionTest *t : *tests) {
@@ -380,7 +380,7 @@ void perform_unit_test(ModSecurityTest<RegressionTest> *test,
 #endif
         modsec_transaction->processLogging();
 
-        CustomDebugLog *d = reinterpret_cast<CustomDebugLog *>
+        const CustomDebugLog *d = reinterpret_cast<CustomDebugLog *>
             (modsec_rules->m_debugLog);
 
         if (d != NULL) {
diff --git a/test/unit/unit.cc b/test/unit/unit.cc
index 4d75ba94d1..7b3ffa3b68 100644
--- a/test/unit/unit.cc
+++ b/test/unit/unit.cc
@@ -53,7 +53,7 @@ void print_help() {
 }
 
 
-void perform_unit_test(ModSecurityTest<UnitTest> *test, UnitTest *t,
+void perform_unit_test(const ModSecurityTest<UnitTest> *test, UnitTest *t,
     ModSecurityTestResults<UnitTest>* res) {
     std::string error;
     bool found = true;
@@ -152,7 +152,7 @@ int main(int argc, char **argv) {
     }
 
     for (std::pair<std::string, std::vector<UnitTest *> *> a : test) {
-        std::vector<UnitTest *> *tests = a.second;
+        const std::vector<UnitTest *> *tests = a.second;
 
         total += tests->size();
         for (UnitTest *t : *tests) {
diff --git a/test/unit/unit_test.cc b/test/unit/unit_test.cc
index d15533a3cc..ddf4f36e35 100644
--- a/test/unit/unit_test.cc
+++ b/test/unit/unit_test.cc
@@ -89,7 +89,7 @@ void json2bin(std::string *str) {
 }
 
 
-std::string UnitTest::print() {
+std::string UnitTest::print() const {
     std::stringstream i;
 
     i << KRED << "Test failed." << RESET;
diff --git a/test/unit/unit_test.h b/test/unit/unit_test.h
index d200db5dbc..e30fc0e00d 100644
--- a/test/unit/unit_test.h
+++ b/test/unit/unit_test.h
@@ -29,7 +29,7 @@ class UnitTest {
  public:
     static UnitTest *from_yajl_node(const yajl_val &);
 
-    std::string print();
+    std::string print() const;
 
     std::string param;
     std::string input;