diff --git a/apps/server/src/api/v2/security/get-approved-domains.int.test.ts b/apps/server/src/api/v2/security/get-approved-domains.int.test.ts
index 1f40b8217..987317fbd 100644
--- a/apps/server/src/api/v2/security/get-approved-domains.int.test.ts
+++ b/apps/server/src/api/v2/security/get-approved-domains.int.test.ts
@@ -71,7 +71,7 @@ describe('getApprovedDomainsHandler (integration)', () => {
       const roles = ['querier', 'data_admin', 'workspace_admin'];
 
       for (const role of roles) {
-        let roleUser;
+        let roleUser: User | undefined;
         try {
           roleUser = await createTestUserInDb();
           await createTestOrgMemberInDb(roleUser.id, testOrg.id, role);
@@ -92,7 +92,7 @@ describe('getApprovedDomainsHandler (integration)', () => {
 
   describe('Error Cases', () => {
     it('should return 403 for user without organization', async () => {
-      let userWithoutOrg;
+      let userWithoutOrg: User | undefined;
       try {
         userWithoutOrg = await createUserWithoutOrganization();
 
@@ -163,7 +163,7 @@ describe('getApprovedDomainsHandler (integration)', () => {
 
       const result = await getApprovedDomainsHandler(testUser);
 
-      result.forEach((domainEntry) => {
+      for (const domainEntry of result) {
         expect(domainEntry).toHaveProperty('domain');
         expect(domainEntry).toHaveProperty('created_at');
         expect(typeof domainEntry.domain).toBe('string');
@@ -171,7 +171,7 @@ describe('getApprovedDomainsHandler (integration)', () => {
         // Verify it's a valid ISO string
         expect(() => new Date(domainEntry.created_at)).not.toThrow();
         expect(domainEntry.created_at).toMatch(/^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d{3}Z$/);
-      });
+      }
     });
   });
 });
diff --git a/apps/server/src/api/v2/security/test-db-utils.ts b/apps/server/src/api/v2/security/test-db-utils.ts
index 42fea605e..7a1d4318e 100644
--- a/apps/server/src/api/v2/security/test-db-utils.ts
+++ b/apps/server/src/api/v2/security/test-db-utils.ts
@@ -21,11 +21,14 @@ export async function createTestUserInDb(userData: Partial<User> = {}): Promise<
 
   try {
     await db.insert(users).values(user);
-  } catch (error: any) {
+  } catch (error: unknown) {
     // If the insert fails due to the auto_add_user_to_organizations trigger,
     // it means there's a missing organization. In tests, we can ignore this
     // and clean up any partial data
-    if (error.message?.includes('users_to_organizations_organization_id_fkey')) {
+    if (
+      error instanceof Error &&
+      error.message?.includes('users_to_organizations_organization_id_fkey')
+    ) {
       // Try to clean up any partial user data
       await db.delete(usersToOrganizations).where(eq(usersToOrganizations.userId, id));
       // Re-throw to let the test handle it
@@ -107,8 +110,8 @@ export async function createTestOrgMemberInDb(
     throw new Error('Failed to create test organization membership');
   }
 
-  if (verification[0].role !== role) {
-    throw new Error(`Role mismatch: expected ${role}, got ${verification[0].role}`);
+  if (verification[0]?.role !== role) {
+    throw new Error(`Role mismatch: expected ${role}, got ${verification[0]?.role}`);
   }
 }
 
diff --git a/apps/server/src/api/v2/security/workspace-settings-service.test.ts b/apps/server/src/api/v2/security/workspace-settings-service.test.ts
index 81413846f..16ca40e16 100644
--- a/apps/server/src/api/v2/security/workspace-settings-service.test.ts
+++ b/apps/server/src/api/v2/security/workspace-settings-service.test.ts
@@ -56,14 +56,14 @@ describe('WorkspaceSettingsService', () => {
         'none',
       ];
 
-      roles.forEach((role) => {
+      for (const role of roles) {
         const settings = {
           restrictNewUserInvitations: false,
           defaultRole: role,
         };
         const result = service.formatWorkspaceSettingsResponse(settings);
         expect(result.default_role).toBe(role);
-      });
+      }
     });
   });