diff --git a/components/wpa_supplicant/src/ap/wpa_auth.c b/components/wpa_supplicant/src/ap/wpa_auth.c
index 58625bb553..8b43098790 100644
--- a/components/wpa_supplicant/src/ap/wpa_auth.c
+++ b/components/wpa_supplicant/src/ap/wpa_auth.c
@@ -2036,7 +2036,7 @@ SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
                (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
                rsc, gsm->GNonce, kde, pos - kde, gsm->GN, 1);
     if (sm->wpa == WPA_VERSION_WPA2)
-        os_free(kde);
+        os_free(kde);  // NOLINT(clang-analyzer-unix.Malloc)
 }
 
 
diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_wpa2.c b/components/wpa_supplicant/src/esp_supplicant/esp_wpa2.c
index 7d0ab8cd10..3a7949adaf 100644
--- a/components/wpa_supplicant/src/esp_supplicant/esp_wpa2.c
+++ b/components/wpa_supplicant/src/esp_supplicant/esp_wpa2.c
@@ -752,7 +752,7 @@ static int eap_peer_sm_init(void)
 
     s_wpa2_data_lock = xSemaphoreCreateRecursiveMutex();
     if (!s_wpa2_data_lock) {
-        wpa_printf(MSG_ERROR, "wpa2 eap_peer_sm_init: failed to alloc data lock");
+        wpa_printf(MSG_ERROR, "wpa2 eap_peer_sm_init: failed to alloc data lock");  // NOLINT(clang-analyzer-unix.Malloc)
         return ESP_ERR_NO_MEM;
     }
 
diff --git a/components/wpa_supplicant/src/wps/wps.c b/components/wpa_supplicant/src/wps/wps.c
index b19e187a46..51c728b681 100644
--- a/components/wpa_supplicant/src/wps/wps.c
+++ b/components/wpa_supplicant/src/wps/wps.c
@@ -275,7 +275,7 @@ int wps_ap_priority_compar(const struct wpabuf *wps_a,
     }
 
     if (wps_a == NULL || wps_parse_msg(wps_a, attr_a) < 0)
-        return 1;
+        return 1;   // NOLINT(clang-analyzer-unix.Malloc)
     if (wps_b == NULL || wps_parse_msg(wps_b, attr_b) < 0)
         return -1;
 
diff --git a/components/wpa_supplicant/src/wps/wps_registrar.c b/components/wpa_supplicant/src/wps/wps_registrar.c
index 33f0859b20..76eb2ea63c 100644
--- a/components/wpa_supplicant/src/wps/wps_registrar.c
+++ b/components/wpa_supplicant/src/wps/wps_registrar.c
@@ -1644,11 +1644,11 @@ int wps_build_cred(struct wps_data *wps, struct wpabuf *msg)
 			return -1;
 		wps->new_psk_len--; /* remove newline */
 		while (wps->new_psk_len &&
-		       wps->new_psk[wps->new_psk_len - 1] == '=')
+		       wps->new_psk[wps->new_psk_len - 1] == '=')	// NOLINT(clang-analyzer-unix.Malloc)
 			wps->new_psk_len--;
 		wpa_hexdump_ascii_key(MSG_DEBUG, "WPS: Generated passphrase",
 				      wps->new_psk, wps->new_psk_len);
-		os_memcpy(wps->cred.key, wps->new_psk, wps->new_psk_len);
+		os_memcpy(wps->cred.key, wps->new_psk, wps->new_psk_len);	// NOLINT(clang-analyzer-unix.Malloc)
 		wps->cred.key_len = wps->new_psk_len;
 	} else if (wps->use_psk_key && wps->wps->psk_set) {
 		char hex[65];