diff --git a/internal/controller/postgrescluster/cluster.go b/internal/controller/postgrescluster/cluster.go
index 940f457838..3886feb775 100644
--- a/internal/controller/postgrescluster/cluster.go
+++ b/internal/controller/postgrescluster/cluster.go
@@ -403,10 +403,12 @@ func (r *Reconciler) reconcileDataSource(ctx context.Context,
 	var configs []string
 	switch {
 	case dataSource != nil:
-		configs = []string{dataSource.ClusterName, dataSource.RepoName}
+		configs = make([]string, 0, 2+len(dataSource.Options))
+		configs = append(configs, dataSource.ClusterName, dataSource.RepoName)
 		configs = append(configs, dataSource.Options...)
 	case cloudDataSource != nil:
-		configs = []string{cloudDataSource.Stanza, cloudDataSource.Repo.Name}
+		configs = make([]string, 0, 2+len(cloudDataSource.Options))
+		configs = append(configs, cloudDataSource.Stanza, cloudDataSource.Repo.Name)
 		configs = append(configs, cloudDataSource.Options...)
 	}
 	configHash, err := hashFunc(configs)
diff --git a/internal/controller/postgrescluster/instance.go b/internal/controller/postgrescluster/instance.go
index 42712be555..d2ac7537a2 100644
--- a/internal/controller/postgrescluster/instance.go
+++ b/internal/controller/postgrescluster/instance.go
@@ -951,7 +951,11 @@ func (r *Reconciler) scaleDownInstances(
 	}
 
 	// grab all pods for the cluster using the observed instances
-	pods := []corev1.Pod{}
+	var podCount int
+	for i := range observedInstances.forCluster {
+		podCount += len(observedInstances.forCluster[i].Pods)
+	}
+	pods := make([]corev1.Pod, 0, podCount)
 	for instanceIndex := range observedInstances.forCluster {
 		for podIndex := range observedInstances.forCluster[instanceIndex].Pods {
 			pods = append(pods, *observedInstances.forCluster[instanceIndex].Pods[podIndex])
@@ -1003,7 +1007,8 @@ func podsToKeep(instances []corev1.Pod, want map[string]int) []corev1.Pod {
 		return keep
 	}
 
-	keepPodList := []corev1.Pod{}
+	// preallocate with the total number of instance Pods
+	keepPodList := make([]corev1.Pod, 0, len(instances))
 	for name, num := range want {
 		list := []corev1.Pod{}
 		for _, instance := range instances {
diff --git a/internal/controller/standalone_pgadmin/configmap.go b/internal/controller/standalone_pgadmin/configmap.go
index 79c482f7e9..9b403456fe 100644
--- a/internal/controller/standalone_pgadmin/configmap.go
+++ b/internal/controller/standalone_pgadmin/configmap.go
@@ -199,7 +199,7 @@ func generateClusterConfig(
 	// which we can do by
 	// a) sorting the ServerGroup name used as a key; and
 	// b) sorting the clusters by name;
-	keys := []string{}
+	keys := make([]string, 0, len(clusters))
 	for key := range clusters {
 		keys = append(keys, key)
 	}
diff --git a/internal/pgbouncer/config.go b/internal/pgbouncer/config.go
index cec703441c..c9c78901a3 100644
--- a/internal/pgbouncer/config.go
+++ b/internal/pgbouncer/config.go
@@ -192,19 +192,20 @@ func podConfigFiles(
 	// Start with an empty file at /etc/pgbouncer/pgbouncer.ini. This file can
 	// be overridden by the user, but it must exist because our configuration
 	// file refers to it.
-	projections := []corev1.VolumeProjection{
-		{
-			ConfigMap: &corev1.ConfigMapProjection{
-				LocalObjectReference: corev1.LocalObjectReference{
-					Name: configmap.Name,
-				},
-				Items: []corev1.KeyToPath{{
-					Key:  emptyConfigMapKey,
-					Path: emptyFileProjectionPath,
-				}},
+	// Preallocate: 3 (empty ini file + configmap projection + secret projection)
+	// plus the number of specified files, len(config.Files)
+	projections := make([]corev1.VolumeProjection, 0, 3+len(config.Files))
+	projections = append(projections, corev1.VolumeProjection{
+		ConfigMap: &corev1.ConfigMapProjection{
+			LocalObjectReference: corev1.LocalObjectReference{
+				Name: configmap.Name,
 			},
+			Items: []corev1.KeyToPath{{
+				Key:  emptyConfigMapKey,
+				Path: emptyFileProjectionPath,
+			}},
 		},
-	}
+	})
 
 	// Add any specified projections. These may override the files above.
 	// - https://docs.k8s.io/concepts/storage/volumes/#projected
diff --git a/internal/postgres/exec.go b/internal/postgres/exec.go
index 6b9de85541..b8c6c8c140 100644
--- a/internal/postgres/exec.go
+++ b/internal/postgres/exec.go
@@ -74,7 +74,11 @@ func (exec Executor) ExecInDatabasesFromQuery(
 	// database is passed via standard input while the database query is passed
 	// as the first argument. Remaining arguments are passed through to `psql`.
 	stdin := strings.NewReader(sql)
-	args := []string{databases}
+
+	// Using make to preallocate args (using 1 (databases) + len(variables)) triggered
+	// a CodeQL scanning error that a potentially large value might cause an overflow.
+	// To address this, don't preallocate args and have the linter ignore this line.
+	args := []string{databases} //nolint:prealloc
 	for k, v := range variables {
 		args = append(args, "--set="+k+"="+v)
 	}
diff --git a/internal/util/volumes.go b/internal/util/volumes.go
index 925eda6161..08fcd076ea 100644
--- a/internal/util/volumes.go
+++ b/internal/util/volumes.go
@@ -55,7 +55,11 @@ func AddCloudLogVolumeToPod(podSpec *corev1.PodSpec, pvcName string) {
 }
 
 func addVolumesAndMounts(pod *corev1.PodSpec, volumes []v1beta1.AdditionalVolume, namer func(string, bool) corev1.VolumeMount) []string {
-	missingContainers := []string{}
+	var containerRefCount int
+	for _, v := range volumes {
+		containerRefCount += len(v.Containers)
+	}
+	missingContainers := make([]string, 0, containerRefCount)
 
 	for _, spec := range volumes {
 		// If it is an image volume, override readOnly to true