diff --git a/.golangci.yml b/.golangci.yml
index 9ef1ce69..1f82359b 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -3,19 +3,15 @@ run:
 linters:
   enable:
     - govet
-    - golint
     - ineffassign
     - goconst
-    - deadcode
     - gofmt
     - goimports
     - gosec
     - gosimple
     - staticcheck
-    - structcheck
     - typecheck
     - unused
-    - varcheck
     - bodyclose
     - dogsled
     - goprintffuncname
@@ -25,6 +21,7 @@ linters:
     - stylecheck
     - unconvert
     - gocritic
+    - revive
   disable-all: true
 issues:
   exclude-rules:
@@ -38,6 +35,6 @@ issues:
     # If we have tests in shared test folders, these can be less strictly linted
     - path: tests/.*_tests\.go
       linters:
-        - golint
+        - revive
         - bodyclose
         - stylecheck
diff --git a/oauthproxy_test.go b/oauthproxy_test.go
index 0d8bc91a..366ca7ee 100644
--- a/oauthproxy_test.go
+++ b/oauthproxy_test.go
@@ -448,9 +448,8 @@ func (patTest *PassAccessTokenTest) getEndpointWithCookie(cookie string, endpoin
 		value = strings.TrimPrefix(field, keyPrefix)
 		if value != field {
 			break
-		} else {
-			value = ""
 		}
+		value = ""
 	}
 	if value == "" {
 		return 0, ""
@@ -612,7 +611,7 @@ func (sipTest *SignInPageTest) GetEndpoint(endpoint string) (int, string) {
 type AlwaysSuccessfulValidator struct {
 }
 
-func (AlwaysSuccessfulValidator) Validate(user, password string) bool {
+func (AlwaysSuccessfulValidator) Validate(_, _ string) bool {
 	return true
 }
 
diff --git a/pkg/apis/sessions/lock.go b/pkg/apis/sessions/lock.go
index dd080770..15f8dd1f 100644
--- a/pkg/apis/sessions/lock.go
+++ b/pkg/apis/sessions/lock.go
@@ -7,18 +7,18 @@ import (
 
 type NoOpLock struct{}
 
-func (l *NoOpLock) Obtain(ctx context.Context, expiration time.Duration) error {
+func (l *NoOpLock) Obtain(_ context.Context, _ time.Duration) error {
 	return nil
 }
 
-func (l *NoOpLock) Peek(ctx context.Context) (bool, error) {
+func (l *NoOpLock) Peek(_ context.Context) (bool, error) {
 	return false, nil
 }
 
-func (l *NoOpLock) Refresh(ctx context.Context, expiration time.Duration) error {
+func (l *NoOpLock) Refresh(_ context.Context, _ time.Duration) error {
 	return nil
 }
 
-func (l *NoOpLock) Release(ctx context.Context) error {
+func (l *NoOpLock) Release(_ context.Context) error {
 	return nil
 }
diff --git a/pkg/providers/oidc/verifier_test.go b/pkg/providers/oidc/verifier_test.go
index c82de7af..dd125e77 100755
--- a/pkg/providers/oidc/verifier_test.go
+++ b/pkg/providers/oidc/verifier_test.go
@@ -199,7 +199,7 @@ type testVerifier struct {
 	jwk jose.JSONWebKey
 }
 
-func (t *testVerifier) VerifySignature(ctx context.Context, jwt string) ([]byte, error) {
+func (t *testVerifier) VerifySignature(_ context.Context, jwt string) ([]byte, error) {
 	jws, err := jose.ParseSigned(jwt)
 	if err != nil {
 		return nil, fmt.Errorf("oidc: malformed jwt: %v", err)
diff --git a/pkg/sessions/tests/mock_lock.go b/pkg/sessions/tests/mock_lock.go
index dbf3d638..ff29b52c 100644
--- a/pkg/sessions/tests/mock_lock.go
+++ b/pkg/sessions/tests/mock_lock.go
@@ -12,19 +12,19 @@ type MockLock struct {
 	elapsed    time.Duration
 }
 
-func (l *MockLock) Obtain(ctx context.Context, expiration time.Duration) error {
+func (l *MockLock) Obtain(_ context.Context, expiration time.Duration) error {
 	l.expiration = expiration
 	return nil
 }
 
-func (l *MockLock) Peek(ctx context.Context) (bool, error) {
+func (l *MockLock) Peek(_ context.Context) (bool, error) {
 	if l.elapsed < l.expiration {
 		return true, nil
 	}
 	return false, nil
 }
 
-func (l *MockLock) Refresh(ctx context.Context, expiration time.Duration) error {
+func (l *MockLock) Refresh(_ context.Context, expiration time.Duration) error {
 	if l.expiration <= l.elapsed {
 		return sessions.ErrNotLocked
 	}
@@ -33,7 +33,7 @@ func (l *MockLock) Refresh(ctx context.Context, expiration time.Duration) error
 	return nil
 }
 
-func (l *MockLock) Release(ctx context.Context) error {
+func (l *MockLock) Release(_ context.Context) error {
 	if l.expiration <= l.elapsed {
 		return sessions.ErrNotLocked
 	}
diff --git a/pkg/validation/header.go b/pkg/validation/header.go
index 603feaf4..b1258144 100644
--- a/pkg/validation/header.go
+++ b/pkg/validation/header.go
@@ -38,7 +38,7 @@ func validateHeader(header options.Header, names map[string]struct{}) []string {
 	return msgs
 }
 
-func validateHeaderValue(name string, value options.HeaderValue) []string {
+func validateHeaderValue(_ string, value options.HeaderValue) []string {
 	switch {
 	case value.SecretSource != nil && value.ClaimSource == nil:
 		return []string{validateSecretSource(*value.SecretSource)}
diff --git a/providers/adfs.go b/providers/adfs.go
index ca8af44c..586b0420 100644
--- a/providers/adfs.go
+++ b/providers/adfs.go
@@ -93,7 +93,7 @@ func (p *ADFSProvider) RefreshSession(ctx context.Context, s *sessions.SessionSt
 	return refreshed, err
 }
 
-func (p *ADFSProvider) fallbackUPN(ctx context.Context, s *sessions.SessionState) error {
+func (p *ADFSProvider) fallbackUPN(_ context.Context, s *sessions.SessionState) error {
 	claims, err := p.getClaimExtractor(s.IDToken, s.AccessToken)
 	if err != nil {
 		return fmt.Errorf("could not extract claims: %v", err)
diff --git a/providers/internal_util_test.go b/providers/internal_util_test.go
index c8ab3f4f..545e83cb 100644
--- a/providers/internal_util_test.go
+++ b/providers/internal_util_test.go
@@ -26,13 +26,13 @@ type ValidateSessionTestProvider struct {
 
 var _ Provider = (*ValidateSessionTestProvider)(nil)
 
-func (tp *ValidateSessionTestProvider) GetEmailAddress(ctx context.Context, s *sessions.SessionState) (string, error) {
+func (tp *ValidateSessionTestProvider) GetEmailAddress(_ context.Context, _ *sessions.SessionState) (string, error) {
 	return "", errors.New("not implemented")
 }
 
 // Note that we're testing the internal validateToken() used to implement
 // several Provider's ValidateSession() implementations
-func (tp *ValidateSessionTestProvider) ValidateSession(ctx context.Context, s *sessions.SessionState) bool {
+func (tp *ValidateSessionTestProvider) ValidateSession(_ context.Context, _ *sessions.SessionState) bool {
 	return false
 }
 
diff --git a/providers/oidc.go b/providers/oidc.go
index 2ac6acb0..1225141d 100644
--- a/providers/oidc.go
+++ b/providers/oidc.go
@@ -93,7 +93,7 @@ func (p *OIDCProvider) Redeem(ctx context.Context, redirectURL, code, codeVerifi
 
 // EnrichSession is called after Redeem to allow providers to enrich session fields
 // such as User, Email, Groups with provider specific API calls.
-func (p *OIDCProvider) EnrichSession(ctx context.Context, s *sessions.SessionState) error {
+func (p *OIDCProvider) EnrichSession(_ context.Context, s *sessions.SessionState) error {
 	// If a mandatory email wasn't set, error at this point.
 	if s.Email == "" {
 		return errors.New("neither the id_token nor the profileURL set an email")