diff --git a/hack/.shellcheck_failures b/hack/.shellcheck_failures
index 1e1b0914d1..c3c767f27a 100644
--- a/hack/.shellcheck_failures
+++ b/hack/.shellcheck_failures
@@ -119,9 +119,6 @@
 ./hack/verify-test-images.sh
 ./hack/verify-test-owners.sh
 ./hack/verify-typecheck.sh
-./pkg/kubectl/cmd/edit/testdata/record_testcase.sh
-./pkg/util/verify-util-pkg.sh
-./plugin/pkg/admission/imagepolicy/gencerts.sh
 ./test/cmd/apply.sh
 ./test/cmd/apps.sh
 ./test/cmd/authorization.sh
diff --git a/pkg/kubectl/cmd/edit/testdata/record_testcase.sh b/pkg/kubectl/cmd/edit/testdata/record_testcase.sh
index c7685c4d3b..541d98175b 100755
--- a/pkg/kubectl/cmd/edit/testdata/record_testcase.sh
+++ b/pkg/kubectl/cmd/edit/testdata/record_testcase.sh
@@ -25,7 +25,7 @@ fi
 
 # Clean up the test server
 function cleanup {
-    if [[ ! -z "${pid-}" ]]; then
+    if [[ -n "${pid-}" ]]; then
         echo "Stopping recording server (${pid})"
         # kill the process `go run` launched
         pkill -P "${pid}"
@@ -36,7 +36,7 @@ function cleanup {
 
 testcase="${1}"
 
-test_root="$(dirname "${BASH_SOURCE}")"
+test_root="$(dirname "${BASH_SOURCE[0]}")"
 testcase_dir="${test_root}/testcase-${testcase}"
 mkdir -p "${testcase_dir}"
 
diff --git a/pkg/util/verify-util-pkg.sh b/pkg/util/verify-util-pkg.sh
index 5c1fbecc71..92f4dedd1f 100755
--- a/pkg/util/verify-util-pkg.sh
+++ b/pkg/util/verify-util-pkg.sh
@@ -21,7 +21,7 @@ set -o errexit
 set -o nounset
 set -o pipefail
 
-BASH_DIR=$(dirname "${BASH_SOURCE}")
+BASH_DIR=$(dirname "${BASH_SOURCE[0]}")
 
 find_go_files() {
   find . -maxdepth 1 -not \( \
@@ -34,8 +34,8 @@ find_go_files() {
 ret=0
 
 pushd "${BASH_DIR}" > /dev/null
-  for path in `find_go_files`; do
-    file=$(basename $path)
+  for path in $(find_go_files); do
+    file=$(basename "$path")
     echo "Found pkg/util/${file}, but should be moved into util sub-pkgs." 1>&2
     ret=1
   done
diff --git a/plugin/pkg/admission/imagepolicy/gencerts.sh b/plugin/pkg/admission/imagepolicy/gencerts.sh
index 30304922d8..46e0ea858a 100755
--- a/plugin/pkg/admission/imagepolicy/gencerts.sh
+++ b/plugin/pkg/admission/imagepolicy/gencerts.sh
@@ -83,12 +83,12 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
+// This file was generated using openssl by the gencerts.sh script
+// and holds raw certificates for the imagepolicy webhook tests.
+
+package imagepolicy
 EOF
 
-echo "// This file was generated using openssl by the gencerts.sh script" >> $outfile
-echo "// and holds raw certificates for the imagepolicy webhook tests." >> $outfile
-echo "" >> $outfile
-echo "package imagepolicy" >> $outfile
 for file in caKey caCert badCAKey badCACert serverKey serverCert clientKey clientCert; do
 	data=$(cat ${file}.pem)
 	echo "" >> $outfile
@@ -96,7 +96,7 @@ for file in caKey caCert badCAKey badCACert serverKey serverCert clientKey clien
 done
 
 # Clean up after we're done.
-rm *.pem
-rm *.csr
-rm *.srl
-rm *.conf
+rm ./*.pem
+rm ./*.csr
+rm ./*.srl
+rm ./*.conf