From 7cf472dc30e0dc3f6ea5122a7b1839eed9cc474d Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Fri, 14 Mar 2025 12:55:14 +0000
Subject: [PATCH 01/79] new workflow

---
 .github/workflows/bucket-upload.yaml | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 .github/workflows/bucket-upload.yaml

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
new file mode 100644
index 00000000..e69de29b

From d66ac45373812a6a9c3761fecb4e1405beee8265 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Fri, 14 Mar 2025 13:07:12 +0000
Subject: [PATCH 02/79] test new version

---
 .github/workflows/bucket-upload.yaml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index e69de29b..ab9660dd 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -0,0 +1,16 @@
+name: Upload Results to S3
+
+on:
+  push:
+
+jobs:
+  upload:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: shallwefootball/s3-upload-action@master
+        with:
+          aws_key_id: ${{ secrets.AWS_KEY_ID }}
+          aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY}}
+          aws_bucket: ${{ secrets.AWS_BUCKET }}
+          source_dir: 'dirname'
\ No newline at end of file

From 49025e9f467d681ca1f39f4f83dbf2193b0dc0df Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Fri, 14 Mar 2025 15:56:13 +0000
Subject: [PATCH 03/79] =?UTF-8?q?Descri=C3=A7=C3=A3o=20das=20altera=C3=A7?=
 =?UTF-8?q?=C3=B5es=20que=20fiz?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/ast-scan.yml           |  25 ----
 .github/workflows/bucket-upload.yaml     |  52 +++++++--
 .github/workflows/codecov.yaml           |  45 --------
 .github/workflows/new-rules.yml          |  17 ---
 .github/workflows/pr-labels.yml          |  23 ----
 .github/workflows/pr-title.yml           |  18 ---
 .github/workflows/pr-validation.yml      |  76 -------------
 .github/workflows/release.yml            | 139 -----------------------
 .github/workflows/security.yml           |  76 -------------
 .github/workflows/update-trivy-cache.yml |  39 -------
 .github/workflows/validate-readme.yml    |  30 -----
 11 files changed, 41 insertions(+), 499 deletions(-)
 delete mode 100644 .github/workflows/ast-scan.yml
 delete mode 100644 .github/workflows/codecov.yaml
 delete mode 100644 .github/workflows/new-rules.yml
 delete mode 100644 .github/workflows/pr-labels.yml
 delete mode 100644 .github/workflows/pr-title.yml
 delete mode 100644 .github/workflows/pr-validation.yml
 delete mode 100644 .github/workflows/release.yml
 delete mode 100644 .github/workflows/security.yml
 delete mode 100644 .github/workflows/update-trivy-cache.yml
 delete mode 100644 .github/workflows/validate-readme.yml

diff --git a/.github/workflows/ast-scan.yml b/.github/workflows/ast-scan.yml
deleted file mode 100644
index 805a6348..00000000
--- a/.github/workflows/ast-scan.yml
+++ /dev/null
@@ -1,25 +0,0 @@
-name: Checkmarx One Scan
-
-on:
-  workflow_dispatch:
-  pull_request:
-  push:
-    branches:
-      - main
-  schedule:
-    - cron: '00 7 * * *'
-
-jobs:
-  cx-scan:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - name: Checkmarx One CLI Action
-        uses: checkmarx/ast-github-action@dd0f9365942f29a99c3be5bdb308958ede8f906b # v.2.0.25
-        with:
-          base_uri: ${{ secrets.AST_RND_SCANS_BASE_URI }}
-          cx_tenant: ${{ secrets.AST_RND_SCANS_TENANT }}
-          cx_client_id: ${{ secrets.AST_RND_SCANS_CLIENT_ID }}
-          cx_client_secret: ${{ secrets.AST_RND_SCANS_CLIENT_SECRET }}
-          additional_params: --tags scs --threshold "sast-high=1; sast-medium=1; sast-low=1; sca-high=1; sca-medium=1; iac-security-high=1; iac-security-medium=1; iac-security-low=1"
diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index ab9660dd..37700252 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -1,16 +1,46 @@
-name: Upload Results to S3
+name: Run 2ms Scan and Upload to S3
 
 on:
-  push:
-
+    push:
+      branches:
+        - main
+    pull_request:
+      branches:
+        - main
+  
 jobs:
-  upload:
-    runs-on: ubuntu-latest
+  scan-and-upload:
+    runs-on: ubuntu-latest  
+
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - uses: shallwefootball/s3-upload-action@master
+      - name: Check out repository
+        uses: actions/checkout@v4  
+
+      - name: Run 2ms Scan
+        uses: miguel-neiva01/2ms-github-action@v1.5.19  
+        id: twoms_scan
+        
+      - name: Set S3 Destination Path
+        id: set_s3_path
+        run: |
+          BRANCH_NAME="${GITHUB_REF#refs/heads/}"
+          PR_NUMBER="${{ github.event.pull_request.number || 'no-pr' }}"
+          VERSION="v3.17.0"
+          echo "destination_dir=2ms/${BRANCH_NAME}/${VERSION}/pr-${PR_NUMBER}" >> $GITHUB_ENV
+
+      - name: Upload results to S3
+        uses: shallwefootball/s3-upload-action@master
+        with:
+          aws_key_id: ${{ secrets.CES_BUCKET_AWS_ACCESS_KEY }}
+          aws_secret_access_key: ${{ secrets.CES_BUCKET_AWS_SECRET_ACCESS_KEY }}
+          aws_bucket: "ces-results" 
+          source_dir: ${{ steps.twoms_scan.outputs.results_dir }}
+          destination_dir: ${{ env.destination_dir }}
+
+      - name: Update deployment status
+        uses: chrnorm/deployment-status@releases/v1
         with:
-          aws_key_id: ${{ secrets.AWS_KEY_ID }}
-          aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY}}
-          aws_bucket: ${{ secrets.AWS_BUCKET }}
-          source_dir: 'dirname'
\ No newline at end of file
+          token: ${{ secrets.GITHUB_TOKEN }}
+          target_url: "https://${{ secrets.AWS_BUCKET }}.s3.amazonaws.com/uploads/index.html"
+          state: 'success'
+          deployment_id: '123456'
diff --git a/.github/workflows/codecov.yaml b/.github/workflows/codecov.yaml
deleted file mode 100644
index c833fad4..00000000
--- a/.github/workflows/codecov.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
-
-name: Codecov Scan
-
-on:
-  push:
-    branches:
-      - main 
-  pull_request:
-  workflow_dispatch:
-
-jobs:
-  run:
-    runs-on: ubuntu-latest
-    env:
-      go-version: 'stable'
-
-    steps:
-    - name: Checkout code
-      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
-    - name: Set up Go
-      uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
-      with:
-        go-version: ${{ env.go-version }}
-      env:
-        GOPROXY: direct
-        GONOSUMDB: "*"
-        GOPRIVATE: https://github.com/CheckmarxDev/ # Add your private organization url here
-
-    - name: Install dependencies 
-      run: go install golang.org/x/tools/cmd/cover@latest
-
-    - name: Run tests and generate coverage 
-      run: |
-        go test ./... -coverpkg=./... -v -coverprofile cover.out
-                  
-         
-    - name: Upload coverage to Codecov
-      uses: codecov/codecov-action@84508663e988701840491b86de86b666e8a86bed # v4.3.0
-      with:
-        token: ${{ secrets.CODECOV_TOKEN }} 
-        files: ./cover.out  
-        flags: target=auto
-        fail_ci_if_error: true
-        verbose: false
diff --git a/.github/workflows/new-rules.yml b/.github/workflows/new-rules.yml
deleted file mode 100644
index 61b5043a..00000000
--- a/.github/workflows/new-rules.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-name: New Rules from Gitleaks
-
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: "0 2 * * 6" # At 02:00 on Saturday
-
-jobs:
-  update_secrets:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
-        with:
-          go-version: "^1.22"
-      - name: Check Gitleaks new rules
-        run: go run .ci/check_new_rules.go
diff --git a/.github/workflows/pr-labels.yml b/.github/workflows/pr-labels.yml
deleted file mode 100644
index be06a2b5..00000000
--- a/.github/workflows/pr-labels.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-name: PR Labels
-
-on:
-  pull_request_target:
-    types: [opened]
-    
-jobs:
-  mark_as_community:
-    runs-on: ubuntu-latest
-    permissions:
-      pull-requests: write
-    steps:
-      - name: Mark as Community if PR is from a fork
-        if: github.event.pull_request.head.repo.full_name != github.repository
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
-        with:
-          script: |
-            github.rest.issues.addLabels({
-              issue_number: context.issue.number,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              labels: ['Community']
-            })
diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml
deleted file mode 100644
index c3143efb..00000000
--- a/.github/workflows/pr-title.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-name: Validate Conventional Commit title
-
-on:
-  pull_request:
-    types: [opened, edited, synchronize, reopened]
-
-jobs:
-  validate:
-    runs-on: ubuntu-latest
-    steps:
-      - name: install commitlint
-        run: npm install -g @commitlint/cli @commitlint/config-conventional
-      - name: config commitlint
-        run: |
-          echo "module.exports = {extends: ['@commitlint/config-conventional']}" > commitlint.config.js
-      - name: validate PR title
-        run: |
-          echo ${{ github.event.pull_request.title }} | commitlint
diff --git a/.github/workflows/pr-validation.yml b/.github/workflows/pr-validation.yml
deleted file mode 100644
index 0b349558..00000000
--- a/.github/workflows/pr-validation.yml
+++ /dev/null
@@ -1,76 +0,0 @@
-name: PR Validation
-
-on:
-  pull_request:
-    branches:
-      - master
-  merge_group:
-
-jobs:
-  test:
-    strategy:
-      matrix:
-        os: [ubuntu-latest]
-
-    runs-on: ${{ matrix.os }}
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-        with:
-          fetch-depth: 0 # Required for 2ms to have visibility to all commit history
-        
-      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
-        with:
-          go-version: "^1.22"
-
-      - name: go mod tidy
-        run: |
-          go mod tidy
-          git diff --exit-code
-
-      - name: Go Linter
-        run: docker run --rm -v $(pwd):/app -w /app golangci/golangci-lint:v1.61.0 golangci-lint run -v -E gofmt --timeout=5m --out-format github-actions
-
-      - name: Go Test
-        run: go test -v ./...
-
-      - name: Run 2ms Scan
-        run: go run . git . --config .2ms.yml
-
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb #v3.3.0
-
-      - run: make build
-      - name: docker run
-        run: |
-          docker run -v "$(pwd)":/repo -t checkmarx/2ms:latest git /repo --report-path output/results.json --ignore-on-exit results
-
-  kics:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - run: mkdir -p kics-results
-
-      - name: Run KICS scan
-        uses: checkmarx/kics-github-action@03c9abe351b01c3e4dbe60fa00ff79ee07d73f44 # master
-        with:
-          path: .
-          output_path: kics-results
-          output_formats: json,sarif
-          enable_comments: ${{ github.event_name == 'pull_request'}}
-          fail_on: high,medium
-          enable_jobs_summary: true
-      - name: Show KICS results
-        if: failure()
-        run: cat kics-results/results.json
-      # - name: Upload SARIF file
-      #   uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a #v3.24.10
-      #   with:
-      #     sarif_file: kics-results/results.sarif
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
deleted file mode 100644
index daeea115..00000000
--- a/.github/workflows/release.yml
+++ /dev/null
@@ -1,139 +0,0 @@
-name: Release
-
-on:
-  workflow_dispatch:
-  push:
-    branches: [master]
-
-jobs:
-  test:
-    name: Test
-    runs-on: ubuntu-latest
-
-    outputs:
-      git_tag: ${{ steps.semantic_release_info.outputs.git_tag }}
-      version: ${{ steps.semantic_release_info.outputs.version }}
-      notes: ${{ steps.semantic_release_info.outputs.notes }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-        with:
-          fetch-depth: 0 # Required for 2ms to have visibility to all commit history
-
-      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
-        with:
-          go-version: "^1.22"
-      - name: Go Linter
-        run: docker run --rm -v $(pwd):/app -w /app golangci/golangci-lint:v1.61.0 golangci-lint run -v -E gofmt --timeout=5m
-
-      - name: Unit Tests
-        run: go test ./...
-
-      - name: Gets release info
-        id: semantic_release_info
-        if: github.event_name == 'workflow_dispatch'
-        uses: jossef/action-semantic-release-info@277fc891fc5ac40ed0e8d6bf59a0e24a25dfdeac #v3.0.0
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-  build:
-    name: Build and Release
-    runs-on: ubuntu-latest
-    needs: test
-    if: ${{ needs.test.outputs.git_tag }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
-      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
-        with:
-          go-version: "^1.22"
-
-      - name: Go Mod Tidy
-        run: go mod tidy
-
-      - name: Compile for Linux amd64
-        env:
-          VERSION: ${{ needs.test.outputs.version }}
-          CGO_ENABLED: 0
-          GOOS: linux
-          GOARCH: amd64
-        run: |
-          go build -ldflags "-s -w -X github.com/checkmarx/2ms/cmd.Version=$VERSION" -a -installsuffix cgo -o dist/2ms main.go
-          zip -j dist/linux-amd64.zip dist/2ms
-          rm dist/2ms
-
-      - name: Compile for MacOS amd64
-        env:
-          VERSION: ${{ needs.test.outputs.version }}
-          CGO_ENABLED: 0
-          GOOS: darwin
-          GOARCH: amd64
-        run: |
-          go build -ldflags "-s -w -X github.com/checkmarx/2ms/cmd.Version=$VERSION" -a -installsuffix cgo -o dist/2ms main.go
-          zip -j dist/macos-amd64.zip dist/2ms
-          rm dist/2ms
-
-      - name: Compile for MacOS arm64
-        env:
-          VERSION: ${{ needs.test.outputs.version }}
-          CGO_ENABLED: 0
-          GOOS: darwin
-          GOARCH: arm64
-        run: |
-          go build -ldflags "-s -w -X github.com/checkmarx/2ms/cmd.Version=$VERSION" -a -installsuffix cgo -o dist/2ms main.go
-          zip -j dist/macos-arm64.zip dist/2ms
-          rm dist/2ms
-
-      - name: Compile for Windows amd64
-        env:
-          VERSION: ${{ needs.test.outputs.version }}
-          CGO_ENABLED: 0
-          GOOS: windows
-          GOARCH: amd64
-        run: |
-          go build -ldflags "-s -w -X github.com/checkmarx/2ms/cmd.Version=$VERSION" -a -installsuffix cgo -o dist/2ms.exe main.go
-          zip -j dist/windows-amd64.zip dist/2ms.exe
-          rm dist/2ms.exe
-          
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@5927c834f5b4fdf503fca6f4c7eccda82949e1ee # v2
-        with:
-          image: tonistiigi/binfmt:latest
-          platforms: linux/amd64,linux/arm64
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb #v3.3.0
-
-      - name: Login to DockerHub
-        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 #v3.1.0
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Creating Release
-        uses: softprops/action-gh-release@975c1b265e11dd76618af1c374e7981f9a6ff44a
-        with:
-          tag_name: ${{ needs.test.outputs.git_tag }}
-          name: ${{ needs.test.outputs.git_tag }}
-          body: ${{ needs.test.outputs.notes }}
-          target_commitish: ${{ steps.commit_and_push.outputs.latest_commit_hash }}
-          files: |
-            dist/*.zip
-
-      - name: Build and push
-        uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: |
-            checkmarx/2ms:latest
-            checkmarx/2ms:${{ needs.test.outputs.version }}
-
-      - name: Update Docker repo description
-        uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # v4.0.0
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-          repository: checkmarx/2ms
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
deleted file mode 100644
index 4178ad23..00000000
--- a/.github/workflows/security.yml
+++ /dev/null
@@ -1,76 +0,0 @@
-name: Security Scans
-
-on:
-  push:
-    branches:
-      - master
-  pull_request:
-    branches:
-      - master
-  merge_group:
-  schedule:
-    - cron: "0 0 * * *"
-
-jobs:
-  gosec:
-    runs-on: ubuntu-latest
-    env:
-      GO111MODULE: on
-    steps:
-      - name: Checkout Source
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
-      - name: Run Gosec Security Scanner
-        uses: securego/gosec@26e57d6b340778c2983cd61775bc7e8bb41d002a # v2.19.0
-        with:
-          args: "-no-fail -fmt sarif -out results.sarif -exclude-dir=.ci -exclude-dir=tests ./..."
-
-      - name: Upload Gosec Results
-        uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a #v3.24.10
-        with:
-          sarif_file: results.sarif
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb #v3.3.0
-
-  trivy-scanning:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout Source
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
-      - name: Build and load (not push)
-        uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
-        with:
-          load: true
-          context: .
-          file: ./Dockerfile
-          platforms: linux/amd64
-          push: false
-          tags: checkmarx/2ms:scanme
-
-      - name: Run Trivy Scan
-        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0
-        with:
-          image-ref: checkmarx/2ms:scanme
-          vuln-type: os,library
-          format: table
-          ignore-unfixed: true
-          severity: CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN
-          trivy-config: trivy.yaml
-          exit-code: '1'
-        env:
-          TRIVY_SKIP_DB_UPDATE: true
-          TRIVY_SKIP_JAVA_DB_UPDATE: true
-
-
-  secret-scanning:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout Source
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-        with:
-          fetch-depth: 0
-
-      - name: Run 2ms Scan
-        run: docker run -v $(pwd):/repo checkmarx/2ms:latest git /repo --config /repo/.2ms.yml
\ No newline at end of file
diff --git a/.github/workflows/update-trivy-cache.yml b/.github/workflows/update-trivy-cache.yml
deleted file mode 100644
index 394ceb53..00000000
--- a/.github/workflows/update-trivy-cache.yml
+++ /dev/null
@@ -1,39 +0,0 @@
-# Note: This workflow only updates the cache. You should create a separate workflow for your actual Trivy scans.
-# In your scan workflow, set TRIVY_SKIP_DB_UPDATE=true and TRIVY_SKIP_JAVA_DB_UPDATE=true.
-name: Update Trivy Cache
-
-on:
-  schedule:
-    - cron: '0 0 * * *'  # Run daily at midnight UTC
-  workflow_dispatch:  # Allow manual triggering
-
-jobs:
-  update-trivy-db:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Setup oras
-        uses: oras-project/setup-oras@5c0b487ce3fe0ce3ab0d034e63669e426e294e4d #v1.2.2
-
-      - name: Get current date
-        id: date
-        run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
-
-      - name: Download and extract the vulnerability DB
-        run: |
-          mkdir -p $GITHUB_WORKSPACE/.cache/trivy/db
-          oras pull ghcr.io/aquasecurity/trivy-db:2
-          tar -xzf db.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/db
-          rm db.tar.gz
-
-      - name: Download and extract the Java DB
-        run: |
-          mkdir -p $GITHUB_WORKSPACE/.cache/trivy/java-db
-          oras pull ghcr.io/aquasecurity/trivy-java-db:1
-          tar -xzf javadb.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/java-db
-          rm javadb.tar.gz
-
-      - name: Cache DBs
-        uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 #v4.2.0
-        with:
-          path: ${{ github.workspace }}/.cache/trivy
-          key: cache-trivy-${{ steps.date.outputs.date }}
\ No newline at end of file
diff --git a/.github/workflows/validate-readme.yml b/.github/workflows/validate-readme.yml
deleted file mode 100644
index dfd36871..00000000
--- a/.github/workflows/validate-readme.yml
+++ /dev/null
@@ -1,30 +0,0 @@
-name: Validate README
-
-on:
-  pull_request:
-    branches:
-      - master
-  merge_group:
-
-jobs:
-  validate:
-    name: README should be updated
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
-        with:
-          go-version: "^1.22"
-
-      - name: update README
-        run: ./.ci/update-readme.sh
-      - name: validate README wasn't updated
-        run: |
-          if ! git diff-index --quiet HEAD; then
-            # Find the line numbers of the start and end markers
-            start_line=$(grep -n '<!-- command-line:start -->' README.md | cut -d ":" -f 1)
-            end_line=$(grep -n '<!-- command-line:end -->' README.md | cut -d ":" -f 1)
-            
-            echo "::error file=README.md,title=Outdated README,line=$start_line,endLine=$end_line::README.md is outdated, please run ./.ci/update-readme.sh"
-            exit 1
-          fi

From 3611e7ee0de7f6073dda251f5c92dac48c4a98c8 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Fri, 14 Mar 2025 16:08:42 +0000
Subject: [PATCH 04/79] Updated workflow

---
 .github/workflows/bucket-upload.yaml | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 37700252..6d5ecfc1 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -19,12 +19,17 @@ jobs:
       - name: Run 2ms Scan
         uses: miguel-neiva01/2ms-github-action@v1.5.19  
         id: twoms_scan
-        
+
+      - name: Get Results Directory
+        id: get_results_dir
+        run: |
+           echo "results_dir=${{ steps.twoms_scan.outputs.results_dir }}" >> $GITHUB_ENV
+
       - name: Set S3 Destination Path
         id: set_s3_path
         run: |
-          BRANCH_NAME="${GITHUB_REF#refs/heads/}"
-          PR_NUMBER="${{ github.event.pull_request.number || 'no-pr' }}"
+          BRANCH_NAME="${{ github.head_ref || github.ref_name }} 
+          PR_NUMBER="${{ github.event.pull_request.number }}"
           VERSION="v3.17.0"
           echo "destination_dir=2ms/${BRANCH_NAME}/${VERSION}/pr-${PR_NUMBER}" >> $GITHUB_ENV
 
@@ -36,11 +41,3 @@ jobs:
           aws_bucket: "ces-results" 
           source_dir: ${{ steps.twoms_scan.outputs.results_dir }}
           destination_dir: ${{ env.destination_dir }}
-
-      - name: Update deployment status
-        uses: chrnorm/deployment-status@releases/v1
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          target_url: "https://${{ secrets.AWS_BUCKET }}.s3.amazonaws.com/uploads/index.html"
-          state: 'success'
-          deployment_id: '123456'

From 45a35f41092af50b42387e18cbff73311f1a9797 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Fri, 14 Mar 2025 16:13:21 +0000
Subject: [PATCH 05/79] Workflow updatedd

---
 .github/workflows/ast-scan.yml           |  25 ++++
 .github/workflows/bucket-upload.yaml     |   7 +-
 .github/workflows/codecov.yaml           |  45 ++++++++
 .github/workflows/new-rules.yml          |  17 +++
 .github/workflows/pr-labels.yml          |  23 ++++
 .github/workflows/pr-title.yml           |  18 +++
 .github/workflows/pr-validation.yml      |  76 +++++++++++++
 .github/workflows/release.yml            | 139 +++++++++++++++++++++++
 .github/workflows/security.yml           |  76 +++++++++++++
 .github/workflows/update-trivy-cache.yml |  39 +++++++
 .github/workflows/validate-readme.yml    |  30 +++++
 11 files changed, 489 insertions(+), 6 deletions(-)
 create mode 100644 .github/workflows/ast-scan.yml
 create mode 100644 .github/workflows/codecov.yaml
 create mode 100644 .github/workflows/new-rules.yml
 create mode 100644 .github/workflows/pr-labels.yml
 create mode 100644 .github/workflows/pr-title.yml
 create mode 100644 .github/workflows/pr-validation.yml
 create mode 100644 .github/workflows/release.yml
 create mode 100644 .github/workflows/security.yml
 create mode 100644 .github/workflows/update-trivy-cache.yml
 create mode 100644 .github/workflows/validate-readme.yml

diff --git a/.github/workflows/ast-scan.yml b/.github/workflows/ast-scan.yml
new file mode 100644
index 00000000..805a6348
--- /dev/null
+++ b/.github/workflows/ast-scan.yml
@@ -0,0 +1,25 @@
+name: Checkmarx One Scan
+
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+    branches:
+      - main
+  schedule:
+    - cron: '00 7 * * *'
+
+jobs:
+  cx-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Checkmarx One CLI Action
+        uses: checkmarx/ast-github-action@dd0f9365942f29a99c3be5bdb308958ede8f906b # v.2.0.25
+        with:
+          base_uri: ${{ secrets.AST_RND_SCANS_BASE_URI }}
+          cx_tenant: ${{ secrets.AST_RND_SCANS_TENANT }}
+          cx_client_id: ${{ secrets.AST_RND_SCANS_CLIENT_ID }}
+          cx_client_secret: ${{ secrets.AST_RND_SCANS_CLIENT_SECRET }}
+          additional_params: --tags scs --threshold "sast-high=1; sast-medium=1; sast-low=1; sca-high=1; sca-medium=1; iac-security-high=1; iac-security-medium=1; iac-security-low=1"
diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 6d5ecfc1..d83d24b9 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -2,12 +2,7 @@ name: Run 2ms Scan and Upload to S3
 
 on:
     push:
-      branches:
-        - main
-    pull_request:
-      branches:
-        - main
-  
+        
 jobs:
   scan-and-upload:
     runs-on: ubuntu-latest  
diff --git a/.github/workflows/codecov.yaml b/.github/workflows/codecov.yaml
new file mode 100644
index 00000000..c833fad4
--- /dev/null
+++ b/.github/workflows/codecov.yaml
@@ -0,0 +1,45 @@
+
+name: Codecov Scan
+
+on:
+  push:
+    branches:
+      - main 
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  run:
+    runs-on: ubuntu-latest
+    env:
+      go-version: 'stable'
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+    - name: Set up Go
+      uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+      with:
+        go-version: ${{ env.go-version }}
+      env:
+        GOPROXY: direct
+        GONOSUMDB: "*"
+        GOPRIVATE: https://github.com/CheckmarxDev/ # Add your private organization url here
+
+    - name: Install dependencies 
+      run: go install golang.org/x/tools/cmd/cover@latest
+
+    - name: Run tests and generate coverage 
+      run: |
+        go test ./... -coverpkg=./... -v -coverprofile cover.out
+                  
+         
+    - name: Upload coverage to Codecov
+      uses: codecov/codecov-action@84508663e988701840491b86de86b666e8a86bed # v4.3.0
+      with:
+        token: ${{ secrets.CODECOV_TOKEN }} 
+        files: ./cover.out  
+        flags: target=auto
+        fail_ci_if_error: true
+        verbose: false
diff --git a/.github/workflows/new-rules.yml b/.github/workflows/new-rules.yml
new file mode 100644
index 00000000..61b5043a
--- /dev/null
+++ b/.github/workflows/new-rules.yml
@@ -0,0 +1,17 @@
+name: New Rules from Gitleaks
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 2 * * 6" # At 02:00 on Saturday
+
+jobs:
+  update_secrets:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        with:
+          go-version: "^1.22"
+      - name: Check Gitleaks new rules
+        run: go run .ci/check_new_rules.go
diff --git a/.github/workflows/pr-labels.yml b/.github/workflows/pr-labels.yml
new file mode 100644
index 00000000..be06a2b5
--- /dev/null
+++ b/.github/workflows/pr-labels.yml
@@ -0,0 +1,23 @@
+name: PR Labels
+
+on:
+  pull_request_target:
+    types: [opened]
+    
+jobs:
+  mark_as_community:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    steps:
+      - name: Mark as Community if PR is from a fork
+        if: github.event.pull_request.head.repo.full_name != github.repository
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          script: |
+            github.rest.issues.addLabels({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              labels: ['Community']
+            })
diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml
new file mode 100644
index 00000000..c3143efb
--- /dev/null
+++ b/.github/workflows/pr-title.yml
@@ -0,0 +1,18 @@
+name: Validate Conventional Commit title
+
+on:
+  pull_request:
+    types: [opened, edited, synchronize, reopened]
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: install commitlint
+        run: npm install -g @commitlint/cli @commitlint/config-conventional
+      - name: config commitlint
+        run: |
+          echo "module.exports = {extends: ['@commitlint/config-conventional']}" > commitlint.config.js
+      - name: validate PR title
+        run: |
+          echo ${{ github.event.pull_request.title }} | commitlint
diff --git a/.github/workflows/pr-validation.yml b/.github/workflows/pr-validation.yml
new file mode 100644
index 00000000..0b349558
--- /dev/null
+++ b/.github/workflows/pr-validation.yml
@@ -0,0 +1,76 @@
+name: PR Validation
+
+on:
+  pull_request:
+    branches:
+      - master
+  merge_group:
+
+jobs:
+  test:
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0 # Required for 2ms to have visibility to all commit history
+        
+      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        with:
+          go-version: "^1.22"
+
+      - name: go mod tidy
+        run: |
+          go mod tidy
+          git diff --exit-code
+
+      - name: Go Linter
+        run: docker run --rm -v $(pwd):/app -w /app golangci/golangci-lint:v1.61.0 golangci-lint run -v -E gofmt --timeout=5m --out-format github-actions
+
+      - name: Go Test
+        run: go test -v ./...
+
+      - name: Run 2ms Scan
+        run: go run . git . --config .2ms.yml
+
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb #v3.3.0
+
+      - run: make build
+      - name: docker run
+        run: |
+          docker run -v "$(pwd)":/repo -t checkmarx/2ms:latest git /repo --report-path output/results.json --ignore-on-exit results
+
+  kics:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - run: mkdir -p kics-results
+
+      - name: Run KICS scan
+        uses: checkmarx/kics-github-action@03c9abe351b01c3e4dbe60fa00ff79ee07d73f44 # master
+        with:
+          path: .
+          output_path: kics-results
+          output_formats: json,sarif
+          enable_comments: ${{ github.event_name == 'pull_request'}}
+          fail_on: high,medium
+          enable_jobs_summary: true
+      - name: Show KICS results
+        if: failure()
+        run: cat kics-results/results.json
+      # - name: Upload SARIF file
+      #   uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a #v3.24.10
+      #   with:
+      #     sarif_file: kics-results/results.sarif
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 00000000..daeea115
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,139 @@
+name: Release
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [master]
+
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+
+    outputs:
+      git_tag: ${{ steps.semantic_release_info.outputs.git_tag }}
+      version: ${{ steps.semantic_release_info.outputs.version }}
+      notes: ${{ steps.semantic_release_info.outputs.notes }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0 # Required for 2ms to have visibility to all commit history
+
+      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        with:
+          go-version: "^1.22"
+      - name: Go Linter
+        run: docker run --rm -v $(pwd):/app -w /app golangci/golangci-lint:v1.61.0 golangci-lint run -v -E gofmt --timeout=5m
+
+      - name: Unit Tests
+        run: go test ./...
+
+      - name: Gets release info
+        id: semantic_release_info
+        if: github.event_name == 'workflow_dispatch'
+        uses: jossef/action-semantic-release-info@277fc891fc5ac40ed0e8d6bf59a0e24a25dfdeac #v3.0.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  build:
+    name: Build and Release
+    runs-on: ubuntu-latest
+    needs: test
+    if: ${{ needs.test.outputs.git_tag }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        with:
+          go-version: "^1.22"
+
+      - name: Go Mod Tidy
+        run: go mod tidy
+
+      - name: Compile for Linux amd64
+        env:
+          VERSION: ${{ needs.test.outputs.version }}
+          CGO_ENABLED: 0
+          GOOS: linux
+          GOARCH: amd64
+        run: |
+          go build -ldflags "-s -w -X github.com/checkmarx/2ms/cmd.Version=$VERSION" -a -installsuffix cgo -o dist/2ms main.go
+          zip -j dist/linux-amd64.zip dist/2ms
+          rm dist/2ms
+
+      - name: Compile for MacOS amd64
+        env:
+          VERSION: ${{ needs.test.outputs.version }}
+          CGO_ENABLED: 0
+          GOOS: darwin
+          GOARCH: amd64
+        run: |
+          go build -ldflags "-s -w -X github.com/checkmarx/2ms/cmd.Version=$VERSION" -a -installsuffix cgo -o dist/2ms main.go
+          zip -j dist/macos-amd64.zip dist/2ms
+          rm dist/2ms
+
+      - name: Compile for MacOS arm64
+        env:
+          VERSION: ${{ needs.test.outputs.version }}
+          CGO_ENABLED: 0
+          GOOS: darwin
+          GOARCH: arm64
+        run: |
+          go build -ldflags "-s -w -X github.com/checkmarx/2ms/cmd.Version=$VERSION" -a -installsuffix cgo -o dist/2ms main.go
+          zip -j dist/macos-arm64.zip dist/2ms
+          rm dist/2ms
+
+      - name: Compile for Windows amd64
+        env:
+          VERSION: ${{ needs.test.outputs.version }}
+          CGO_ENABLED: 0
+          GOOS: windows
+          GOARCH: amd64
+        run: |
+          go build -ldflags "-s -w -X github.com/checkmarx/2ms/cmd.Version=$VERSION" -a -installsuffix cgo -o dist/2ms.exe main.go
+          zip -j dist/windows-amd64.zip dist/2ms.exe
+          rm dist/2ms.exe
+          
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@5927c834f5b4fdf503fca6f4c7eccda82949e1ee # v2
+        with:
+          image: tonistiigi/binfmt:latest
+          platforms: linux/amd64,linux/arm64
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb #v3.3.0
+
+      - name: Login to DockerHub
+        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 #v3.1.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Creating Release
+        uses: softprops/action-gh-release@975c1b265e11dd76618af1c374e7981f9a6ff44a
+        with:
+          tag_name: ${{ needs.test.outputs.git_tag }}
+          name: ${{ needs.test.outputs.git_tag }}
+          body: ${{ needs.test.outputs.notes }}
+          target_commitish: ${{ steps.commit_and_push.outputs.latest_commit_hash }}
+          files: |
+            dist/*.zip
+
+      - name: Build and push
+        uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            checkmarx/2ms:latest
+            checkmarx/2ms:${{ needs.test.outputs.version }}
+
+      - name: Update Docker repo description
+        uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # v4.0.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          repository: checkmarx/2ms
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
new file mode 100644
index 00000000..4178ad23
--- /dev/null
+++ b/.github/workflows/security.yml
@@ -0,0 +1,76 @@
+name: Security Scans
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+  merge_group:
+  schedule:
+    - cron: "0 0 * * *"
+
+jobs:
+  gosec:
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@26e57d6b340778c2983cd61775bc7e8bb41d002a # v2.19.0
+        with:
+          args: "-no-fail -fmt sarif -out results.sarif -exclude-dir=.ci -exclude-dir=tests ./..."
+
+      - name: Upload Gosec Results
+        uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a #v3.24.10
+        with:
+          sarif_file: results.sarif
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb #v3.3.0
+
+  trivy-scanning:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Build and load (not push)
+        uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
+        with:
+          load: true
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64
+          push: false
+          tags: checkmarx/2ms:scanme
+
+      - name: Run Trivy Scan
+        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0
+        with:
+          image-ref: checkmarx/2ms:scanme
+          vuln-type: os,library
+          format: table
+          ignore-unfixed: true
+          severity: CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN
+          trivy-config: trivy.yaml
+          exit-code: '1'
+        env:
+          TRIVY_SKIP_DB_UPDATE: true
+          TRIVY_SKIP_JAVA_DB_UPDATE: true
+
+
+  secret-scanning:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0
+
+      - name: Run 2ms Scan
+        run: docker run -v $(pwd):/repo checkmarx/2ms:latest git /repo --config /repo/.2ms.yml
\ No newline at end of file
diff --git a/.github/workflows/update-trivy-cache.yml b/.github/workflows/update-trivy-cache.yml
new file mode 100644
index 00000000..394ceb53
--- /dev/null
+++ b/.github/workflows/update-trivy-cache.yml
@@ -0,0 +1,39 @@
+# Note: This workflow only updates the cache. You should create a separate workflow for your actual Trivy scans.
+# In your scan workflow, set TRIVY_SKIP_DB_UPDATE=true and TRIVY_SKIP_JAVA_DB_UPDATE=true.
+name: Update Trivy Cache
+
+on:
+  schedule:
+    - cron: '0 0 * * *'  # Run daily at midnight UTC
+  workflow_dispatch:  # Allow manual triggering
+
+jobs:
+  update-trivy-db:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Setup oras
+        uses: oras-project/setup-oras@5c0b487ce3fe0ce3ab0d034e63669e426e294e4d #v1.2.2
+
+      - name: Get current date
+        id: date
+        run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
+
+      - name: Download and extract the vulnerability DB
+        run: |
+          mkdir -p $GITHUB_WORKSPACE/.cache/trivy/db
+          oras pull ghcr.io/aquasecurity/trivy-db:2
+          tar -xzf db.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/db
+          rm db.tar.gz
+
+      - name: Download and extract the Java DB
+        run: |
+          mkdir -p $GITHUB_WORKSPACE/.cache/trivy/java-db
+          oras pull ghcr.io/aquasecurity/trivy-java-db:1
+          tar -xzf javadb.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/java-db
+          rm javadb.tar.gz
+
+      - name: Cache DBs
+        uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 #v4.2.0
+        with:
+          path: ${{ github.workspace }}/.cache/trivy
+          key: cache-trivy-${{ steps.date.outputs.date }}
\ No newline at end of file
diff --git a/.github/workflows/validate-readme.yml b/.github/workflows/validate-readme.yml
new file mode 100644
index 00000000..dfd36871
--- /dev/null
+++ b/.github/workflows/validate-readme.yml
@@ -0,0 +1,30 @@
+name: Validate README
+
+on:
+  pull_request:
+    branches:
+      - master
+  merge_group:
+
+jobs:
+  validate:
+    name: README should be updated
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        with:
+          go-version: "^1.22"
+
+      - name: update README
+        run: ./.ci/update-readme.sh
+      - name: validate README wasn't updated
+        run: |
+          if ! git diff-index --quiet HEAD; then
+            # Find the line numbers of the start and end markers
+            start_line=$(grep -n '<!-- command-line:start -->' README.md | cut -d ":" -f 1)
+            end_line=$(grep -n '<!-- command-line:end -->' README.md | cut -d ":" -f 1)
+            
+            echo "::error file=README.md,title=Outdated README,line=$start_line,endLine=$end_line::README.md is outdated, please run ./.ci/update-readme.sh"
+            exit 1
+          fi

From e4774ed61423d4a10522ef279474e3f7e61c1615 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Fri, 14 Mar 2025 16:16:13 +0000
Subject: [PATCH 06/79] updated

---
 .github/workflows/bucket-upload.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index d83d24b9..396191fe 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -1,8 +1,8 @@
 name: Run 2ms Scan and Upload to S3
 
 on:
-    push:
-        
+  push:
+
 jobs:
   scan-and-upload:
     runs-on: ubuntu-latest  

From dd504f88d27141804a9316d83fd455a4004d6f10 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Fri, 14 Mar 2025 17:09:32 +0000
Subject: [PATCH 07/79] Updated workflow

---
 .github/workflows/bucket-upload.yaml | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 396191fe..59e704d5 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -12,7 +12,7 @@ jobs:
         uses: actions/checkout@v4  
 
       - name: Run 2ms Scan
-        uses: miguel-neiva01/2ms-github-action@v1.5.19  
+        uses: miguel-neiva01/2ms-github-action@v1.5.18  
         id: twoms_scan
 
       - name: Get Results Directory
@@ -20,10 +20,16 @@ jobs:
         run: |
            echo "results_dir=${{ steps.twoms_scan.outputs.results_dir }}" >> $GITHUB_ENV
 
+      - name: Upload 2ms Scan Artifact
+        uses: actions/upload-artifact@v2
+        with:
+            name: 2ms-scan-results
+            path: ${{ steps.twoms_scan.outputs.results_dir }}
+
       - name: Set S3 Destination Path
         id: set_s3_path
         run: |
-          BRANCH_NAME="${{ github.head_ref || github.ref_name }} 
+          BRANCH_NAME="${{ github.head_ref || github.ref_name }}"
           PR_NUMBER="${{ github.event.pull_request.number }}"
           VERSION="v3.17.0"
           echo "destination_dir=2ms/${BRANCH_NAME}/${VERSION}/pr-${PR_NUMBER}" >> $GITHUB_ENV

From dd6a3d92755d035820684bd570a3b04ab91d8a61 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Fri, 14 Mar 2025 17:10:34 +0000
Subject: [PATCH 08/79] Updated workflow artifact version 3

---
 .github/workflows/bucket-upload.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 59e704d5..3fb6f54e 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -21,7 +21,7 @@ jobs:
            echo "results_dir=${{ steps.twoms_scan.outputs.results_dir }}" >> $GITHUB_ENV
 
       - name: Upload 2ms Scan Artifact
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
             name: 2ms-scan-results
             path: ${{ steps.twoms_scan.outputs.results_dir }}

From ee23e140329609c3ef517ba6678b9bbd8c0165e7 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Fri, 14 Mar 2025 17:15:03 +0000
Subject: [PATCH 09/79] Updated workflow artifact version 4

---
 .github/workflows/bucket-upload.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 3fb6f54e..43b38103 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -21,7 +21,7 @@ jobs:
            echo "results_dir=${{ steps.twoms_scan.outputs.results_dir }}" >> $GITHUB_ENV
 
       - name: Upload 2ms Scan Artifact
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
             name: 2ms-scan-results
             path: ${{ steps.twoms_scan.outputs.results_dir }}

From c9dce6881ec16ddec662b0df7bec9a4363ee5a5c Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Fri, 14 Mar 2025 17:20:37 +0000
Subject: [PATCH 10/79] Add debug feature

---
 .github/workflows/bucket-upload.yaml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 43b38103..e515df35 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -18,14 +18,15 @@ jobs:
       - name: Get Results Directory
         id: get_results_dir
         run: |
-           echo "results_dir=${{ steps.twoms_scan.outputs.results_dir }}" >> $GITHUB_ENV
+          echo "results_dir=${{ steps.twoms_scan.outputs.results_dir }}" >> $GITHUB_ENV
+          echo "Results Directory: ${{ steps.twoms_scan.outputs.results_dir }}"  # para ver o valor
 
       - name: Upload 2ms Scan Artifact
         uses: actions/upload-artifact@v4
         with:
-            name: 2ms-scan-results
-            path: ${{ steps.twoms_scan.outputs.results_dir }}
-
+          name: 2ms-results
+          path: ${{ env.results_dir }}
+          
       - name: Set S3 Destination Path
         id: set_s3_path
         run: |

From 39f6ffb94525a54e6f972949898668b0047841e6 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Fri, 14 Mar 2025 17:29:37 +0000
Subject: [PATCH 11/79] Added print

---
 .github/workflows/bucket-upload.yaml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index e515df35..12ae3a92 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -18,15 +18,16 @@ jobs:
       - name: Get Results Directory
         id: get_results_dir
         run: |
+         echo "Results directory from 2ms scan: ${{ steps.twoms_scan.outputs.results_dir }}"
           echo "results_dir=${{ steps.twoms_scan.outputs.results_dir }}" >> $GITHUB_ENV
-          echo "Results Directory: ${{ steps.twoms_scan.outputs.results_dir }}"  # para ver o valor
+          echo "Results Directory: ${{ steps.twoms_scan.outputs.results_dir }}"  
 
       - name: Upload 2ms Scan Artifact
         uses: actions/upload-artifact@v4
         with:
           name: 2ms-results
           path: ${{ env.results_dir }}
-          
+
       - name: Set S3 Destination Path
         id: set_s3_path
         run: |

From 8e31257310e0a4baf6c9b3b610ca6c004ecd4aea Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Fri, 14 Mar 2025 17:38:59 +0000
Subject: [PATCH 12/79] Change artifact upload

---
 .github/workflows/bucket-upload.yaml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 12ae3a92..991d2a04 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -18,9 +18,8 @@ jobs:
       - name: Get Results Directory
         id: get_results_dir
         run: |
-         echo "Results directory from 2ms scan: ${{ steps.twoms_scan.outputs.results_dir }}"
-          echo "results_dir=${{ steps.twoms_scan.outputs.results_dir }}" >> $GITHUB_ENV
-          echo "Results Directory: ${{ steps.twoms_scan.outputs.results_dir }}"  
+          echo "results_dir=results" >> $GITHUB_ENV
+          echo "Results Directory: ${{ env.results_dir }}"  
 
       - name: Upload 2ms Scan Artifact
         uses: actions/upload-artifact@v4

From 06ee450f0646505fb4ad685aaa0bb2d0d440d0c8 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Fri, 14 Mar 2025 18:06:15 +0000
Subject: [PATCH 13/79] Add trigger

---
 .github/workflows/bucket-upload.yaml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 991d2a04..ab433d78 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -2,7 +2,12 @@ name: Run 2ms Scan and Upload to S3
 
 on:
   push:
+    branches:
+      - '*'
 
+  pull_request:
+    branches:
+      - '*'  
 jobs:
   scan-and-upload:
     runs-on: ubuntu-latest  
@@ -41,5 +46,5 @@ jobs:
           aws_key_id: ${{ secrets.CES_BUCKET_AWS_ACCESS_KEY }}
           aws_secret_access_key: ${{ secrets.CES_BUCKET_AWS_SECRET_ACCESS_KEY }}
           aws_bucket: "ces-results" 
-          source_dir: ${{ steps.twoms_scan.outputs.results_dir }}
+          source_dir: ${{ env.results_dir }}
           destination_dir: ${{ env.destination_dir }}

From 3c79e90a0c36c3495c14afec0980109b852337a0 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Mon, 17 Mar 2025 10:02:59 +0000
Subject: [PATCH 14/79] Add pr-number hardcoded

---
 .github/workflows/bucket-upload.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index ab433d78..d6aab324 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -36,7 +36,7 @@ jobs:
         id: set_s3_path
         run: |
           BRANCH_NAME="${{ github.head_ref || github.ref_name }}"
-          PR_NUMBER="${{ github.event.pull_request.number }}"
+          PR_NUMBER="275"
           VERSION="v3.17.0"
           echo "destination_dir=2ms/${BRANCH_NAME}/${VERSION}/pr-${PR_NUMBER}" >> $GITHUB_ENV
 

From e99ae93d45ea857ef50a7d178e8158178e65da63 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Mon, 17 Mar 2025 10:57:24 +0000
Subject: [PATCH 15/79] Add pr-number env

---
 .github/workflows/bucket-upload.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index d6aab324..4aa61ed8 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -36,7 +36,7 @@ jobs:
         id: set_s3_path
         run: |
           BRANCH_NAME="${{ github.head_ref || github.ref_name }}"
-          PR_NUMBER="275"
+          PR_NUMBER="${{ github.event.number }}""
           VERSION="v3.17.0"
           echo "destination_dir=2ms/${BRANCH_NAME}/${VERSION}/pr-${PR_NUMBER}" >> $GITHUB_ENV
 

From 7cbdabdc9f97aa3d9e3191572d9ee072453e76cd Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Mon, 17 Mar 2025 11:11:30 +0000
Subject: [PATCH 16/79] Add metadados.json

---
 .github/workflows/bucket-upload.yaml | 46 +++++++++++++++++++++-------
 1 file changed, 35 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 4aa61ed8..6b51e8c1 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -2,12 +2,7 @@ name: Run 2ms Scan and Upload to S3
 
 on:
   push:
-    branches:
-      - '*'
 
-  pull_request:
-    branches:
-      - '*'  
 jobs:
   scan-and-upload:
     runs-on: ubuntu-latest  
@@ -38,13 +33,42 @@ jobs:
           BRANCH_NAME="${{ github.head_ref || github.ref_name }}"
           PR_NUMBER="${{ github.event.number }}""
           VERSION="v3.17.0"
-          echo "destination_dir=2ms/${BRANCH_NAME}/${VERSION}/pr-${PR_NUMBER}" >> $GITHUB_ENV
+          echo "destination_dir=2ms/${BRANCH_NAME}/${VERSION}/pr-${PR_NUMBER}" >> $GITHUB_ENV 
+          echo "results_dir=${RESULTS_DIR}" >> $GITHUB_ENV
+          echo "destination_dir=2ms/master/${BRANCH_NAME}/${VERSION}/pr-${PR_NUMBER}" >> $GITHUB_ENV
 
+      - name: Organize Results in Correct Structure
+        run: |
+            mkdir -p "${{ env.results_dir }}"
+            
+    
+            for artifact_dir in $(find $GITHUB_WORKSPACE -type d -name "results"); do
+              artifact_name=$(basename $(dirname $artifact_dir))  # Nome do repositório (projeto)
+              mkdir -p "${{ env.results_dir }}/${artifact_name}"
+  
+              # Mover o arquivo SARIF para o diretório do artefato
+              mv "${artifact_dir}"/*.sarif "${{ env.results_dir }}/${artifact_name}/"
+  
+              echo "Moved SARIF file for artifact: ${artifact_name}"
+            done
+  
+            # Criar o metadata.json
+            TIMESTAMP=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+            echo '{
+              "timestamp": "'"${TIMESTAMP}"'",
+              "branch": "'"${{ github.head_ref || github.ref_name }}"'",
+              "pr_number": "'"${{ github.event.number }}"'",
+              "version": "'"${VERSION}"'"
+            }' > "${{ env.results_dir }}/metadata.json"
+  
+            echo "Created directory structure:"
+            tree "${{ env.results_dir }}"
+  
       - name: Upload results to S3
         uses: shallwefootball/s3-upload-action@master
         with:
-          aws_key_id: ${{ secrets.CES_BUCKET_AWS_ACCESS_KEY }}
-          aws_secret_access_key: ${{ secrets.CES_BUCKET_AWS_SECRET_ACCESS_KEY }}
-          aws_bucket: "ces-results" 
-          source_dir: ${{ env.results_dir }}
-          destination_dir: ${{ env.destination_dir }}
+            aws_key_id: ${{ secrets.CES_BUCKET_AWS_ACCESS_KEY }}
+            aws_secret_access_key: ${{ secrets.CES_BUCKET_AWS_SECRET_ACCESS_KEY }}
+            aws_bucket: "ces-results" 
+            source_dir: ${{ env.results_dir }}
+            destination_dir: ${{ env.destination_dir }}
\ No newline at end of file

From a485a12e0794c34a85fcba6240355df1d7aa8def Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Mon, 17 Mar 2025 11:14:23 +0000
Subject: [PATCH 17/79] Add metadados.json

---
 .github/workflows/bucket-upload.yaml | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 6b51e8c1..34013623 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -31,11 +31,10 @@ jobs:
         id: set_s3_path
         run: |
           BRANCH_NAME="${{ github.head_ref || github.ref_name }}"
-          PR_NUMBER="${{ github.event.number }}""
+          PR_NUMBER="${{ github.event.number }}"
           VERSION="v3.17.0"
-          echo "destination_dir=2ms/${BRANCH_NAME}/${VERSION}/pr-${PR_NUMBER}" >> $GITHUB_ENV 
+          echo "destination_dir=2ms/master/${BRANCH_NAME}/${VERSION}/pr-${PR_NUMBER}" >> $GITHUB_ENV 
           echo "results_dir=${RESULTS_DIR}" >> $GITHUB_ENV
-          echo "destination_dir=2ms/master/${BRANCH_NAME}/${VERSION}/pr-${PR_NUMBER}" >> $GITHUB_ENV
 
       - name: Organize Results in Correct Structure
         run: |
@@ -46,13 +45,11 @@ jobs:
               artifact_name=$(basename $(dirname $artifact_dir))  # Nome do repositório (projeto)
               mkdir -p "${{ env.results_dir }}/${artifact_name}"
   
-              # Mover o arquivo SARIF para o diretório do artefato
               mv "${artifact_dir}"/*.sarif "${{ env.results_dir }}/${artifact_name}/"
   
               echo "Moved SARIF file for artifact: ${artifact_name}"
             done
   
-            # Criar o metadata.json
             TIMESTAMP=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
             echo '{
               "timestamp": "'"${TIMESTAMP}"'",

From f3350746aec44fdb37d84b10bb5ef4d7cf11e832 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Mon, 17 Mar 2025 14:29:59 +0000
Subject: [PATCH 18/79] Sintaxe update

---
 .github/workflows/bucket-upload.yaml | 57 ++++++++++++++++------------
 1 file changed, 32 insertions(+), 25 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 34013623..9f9501b6 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -12,7 +12,7 @@ jobs:
         uses: actions/checkout@v4  
 
       - name: Run 2ms Scan
-        uses: miguel-neiva01/2ms-github-action@v1.5.18  
+        uses: miguel-neiva01/2ms-github-action@v1.6.5 
         id: twoms_scan
 
       - name: Get Results Directory
@@ -24,7 +24,7 @@ jobs:
       - name: Upload 2ms Scan Artifact
         uses: actions/upload-artifact@v4
         with:
-          name: 2ms-results
+          name: results
           path: ${{ env.results_dir }}
 
       - name: Set S3 Destination Path
@@ -33,39 +33,46 @@ jobs:
           BRANCH_NAME="${{ github.head_ref || github.ref_name }}"
           PR_NUMBER="${{ github.event.number }}"
           VERSION="v3.17.0"
-          echo "destination_dir=2ms/master/${BRANCH_NAME}/${VERSION}/pr-${PR_NUMBER}" >> $GITHUB_ENV 
-          echo "results_dir=${RESULTS_DIR}" >> $GITHUB_ENV
+          ENGINE="2ms"
+          COMMIT_HASH="${{ github.sha }}"
+          PR_OWNER="${{ github.actor }}"
+          TARGET_BRANCH="master"  
 
-      - name: Organize Results in Correct Structure
+          echo "destination_dir=s3://ces-results/${ENGINE}/${TARGET_BRANCH}/${BRANCH_NAME}/${VERSION}/pr-${PR_NUMBER}" >> $GITHUB_ENV 
+          echo "results_dir=${{ env.results_dir }}" >> $GITHUB_ENV
+
+      - name: Create metadata
         run: |
-            mkdir -p "${{ env.results_dir }}"
-            
+          mkdir -p "${{ env.results_dir }}"
     
-            for artifact_dir in $(find $GITHUB_WORKSPACE -type d -name "results"); do
-              artifact_name=$(basename $(dirname $artifact_dir))  # Nome do repositório (projeto)
-              mkdir -p "${{ env.results_dir }}/${artifact_name}"
-  
-              mv "${artifact_dir}"/*.sarif "${{ env.results_dir }}/${artifact_name}/"
+          for artifact_dir in $(find $GITHUB_WORKSPACE -type d -name "results"); do
+            artifact_name=$(basename $(dirname $artifact_dir))  # Nome do repositório (projeto)
+            mkdir -p "${{ env.results_dir }}/${artifact_name}"
   
-              echo "Moved SARIF file for artifact: ${artifact_name}"
-            done
+            mv "${artifact_dir}"/*.sarif "${{ env.results_dir }}/${artifact_name}/"
   
-            TIMESTAMP=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
-            echo '{
-              "timestamp": "'"${TIMESTAMP}"'",
-              "branch": "'"${{ github.head_ref || github.ref_name }}"'",
-              "pr_number": "'"${{ github.event.number }}"'",
-              "version": "'"${VERSION}"'"
-            }' > "${{ env.results_dir }}/metadata.json"
+            echo "Moved SARIF file for artifact: ${artifact_name}"
+          done
   
-            echo "Created directory structure:"
-            tree "${{ env.results_dir }}"
+          TIMESTAMP=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+          echo '{
+            "timestamp": "'"${TIMESTAMP}"'",
+            "branch": "'"${{ github.head_ref || github.ref_name }}"'",
+            "pr_number": "'"${{ github.event.number }}"'",
+            "version": "'"${VERSION}"'",
+            "commit_hash": "'"${COMMIT_HASH}"'",
+            "pr_owner": "'"${PR_OWNER}"'",
+            "engine": "'"${ENGINE}"'"
+          }' > "${{ env.results_dir }}/metadata.json"
   
+          echo "Created directory structure:"
+          tree "${{ env.results_dir }}"
+
       - name: Upload results to S3
         uses: shallwefootball/s3-upload-action@master
         with:
             aws_key_id: ${{ secrets.CES_BUCKET_AWS_ACCESS_KEY }}
             aws_secret_access_key: ${{ secrets.CES_BUCKET_AWS_SECRET_ACCESS_KEY }}
-            aws_bucket: "ces-results" 
+            aws_bucket:  ${{ secrets.CES_AWS_BUCKET }} 
             source_dir: ${{ env.results_dir }}
-            destination_dir: ${{ env.destination_dir }}
\ No newline at end of file
+            destination_dir: ${{ env.destination_dir }}

From 46c5891fdca4033340f1fa3696b71c064c22e7d5 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Mon, 17 Mar 2025 14:35:49 +0000
Subject: [PATCH 19/79] New working directory

---
 .github/workflows/bucket-upload.yaml | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 9f9501b6..52fc779c 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -41,19 +41,19 @@ jobs:
           echo "destination_dir=s3://ces-results/${ENGINE}/${TARGET_BRANCH}/${BRANCH_NAME}/${VERSION}/pr-${PR_NUMBER}" >> $GITHUB_ENV 
           echo "results_dir=${{ env.results_dir }}" >> $GITHUB_ENV
 
-      - name: Create metadata
-        run: |
+          - name: Create metadata
+         run: |
           mkdir -p "${{ env.results_dir }}"
     
-          for artifact_dir in $(find $GITHUB_WORKSPACE -type d -name "results"); do
-            artifact_name=$(basename $(dirname $artifact_dir))  # Nome do repositório (projeto)
-            mkdir -p "${{ env.results_dir }}/${artifact_name}"
-  
-            mv "${artifact_dir}"/*.sarif "${{ env.results_dir }}/${artifact_name}/"
-  
-            echo "Moved SARIF file for artifact: ${artifact_name}"
+          for sarif_file in $GITHUB_WORKSPACE/results/*.sarif; do
+            if [[ -f "$sarif_file" ]]; then
+              project_name=$(basename "$sarif_file" .sarif)  # Nome do projeto (sem extensão)
+              mkdir -p "${{ env.results_dir }}/$project_name"
+              mv "$sarif_file" "${{ env.results_dir }}/$project_name/results.sarif"
+              echo "Moved $sarif_file to $project_name/results.sarif"
+            fi
           done
-  
+
           TIMESTAMP=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
           echo '{
             "timestamp": "'"${TIMESTAMP}"'",

From b08cb32cd50d7a63800f8e21085a45e592777381 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Mon, 17 Mar 2025 14:39:04 +0000
Subject: [PATCH 20/79] New working directory

---
 .github/workflows/bucket-upload.yaml | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 52fc779c..ab1f992b 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -36,15 +36,19 @@ jobs:
           ENGINE="2ms"
           COMMIT_HASH="${{ github.sha }}"
           PR_OWNER="${{ github.actor }}"
-          TARGET_BRANCH="master"  
+          TARGET_BRANCH="master"
 
           echo "destination_dir=s3://ces-results/${ENGINE}/${TARGET_BRANCH}/${BRANCH_NAME}/${VERSION}/pr-${PR_NUMBER}" >> $GITHUB_ENV 
           echo "results_dir=${{ env.results_dir }}" >> $GITHUB_ENV
 
-          - name: Create metadata
-         run: |
+      - name: Create metadata
+        run: |
           mkdir -p "${{ env.results_dir }}"
-    
+          
+          # Debug: Listar ficheiros no diretório results
+          echo "Listing SARIF files before processing..."
+          ls -la $GITHUB_WORKSPACE/results/
+
           for sarif_file in $GITHUB_WORKSPACE/results/*.sarif; do
             if [[ -f "$sarif_file" ]]; then
               project_name=$(basename "$sarif_file" .sarif)  # Nome do projeto (sem extensão)
@@ -64,15 +68,15 @@ jobs:
             "pr_owner": "'"${PR_OWNER}"'",
             "engine": "'"${ENGINE}"'"
           }' > "${{ env.results_dir }}/metadata.json"
-  
+
           echo "Created directory structure:"
           tree "${{ env.results_dir }}"
 
       - name: Upload results to S3
         uses: shallwefootball/s3-upload-action@master
         with:
-            aws_key_id: ${{ secrets.CES_BUCKET_AWS_ACCESS_KEY }}
-            aws_secret_access_key: ${{ secrets.CES_BUCKET_AWS_SECRET_ACCESS_KEY }}
-            aws_bucket:  ${{ secrets.CES_AWS_BUCKET }} 
-            source_dir: ${{ env.results_dir }}
-            destination_dir: ${{ env.destination_dir }}
+          aws_key_id: ${{ secrets.CES_BUCKET_AWS_ACCESS_KEY }}
+          aws_secret_access_key: ${{ secrets.CES_BUCKET_AWS_SECRET_ACCESS_KEY }}
+          aws_bucket: ${{ secrets.CES_AWS_BUCKET }} 
+          source_dir: ${{ env.results_dir }}
+          destination_dir: ${{ env.destination_dir }}

From 744056e4287c7e1de14c79184094e2896c1b9555 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Mon, 17 Mar 2025 14:43:55 +0000
Subject: [PATCH 21/79] New Iam Policies

---
 .github/workflows/bucket-upload.yaml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index ab1f992b..1817c3cd 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -73,8 +73,10 @@ jobs:
           tree "${{ env.results_dir }}"
 
       - name: Upload results to S3
-        uses: shallwefootball/s3-upload-action@master
-        with:
+        run: |
+            aws s3 cp --recursive "${{ env.results_dir }}" "s3://${{ secrets.CES_AWS_BUCKET }}/${{ env.destination_dir }}" \
+              --storage-class STANDARD
+        env:
           aws_key_id: ${{ secrets.CES_BUCKET_AWS_ACCESS_KEY }}
           aws_secret_access_key: ${{ secrets.CES_BUCKET_AWS_SECRET_ACCESS_KEY }}
           aws_bucket: ${{ secrets.CES_AWS_BUCKET }} 

From 9eee8d4bf63c7ca1cd96e64a67f2058a4a8d080d Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Mon, 17 Mar 2025 14:52:31 +0000
Subject: [PATCH 22/79]  organized

---
 .github/workflows/bucket-upload.yaml | 38 +++++++++++++++-------------
 1 file changed, 20 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 1817c3cd..9598cb20 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -38,27 +38,32 @@ jobs:
           PR_OWNER="${{ github.actor }}"
           TARGET_BRANCH="master"
 
-          echo "destination_dir=s3://ces-results/${ENGINE}/${TARGET_BRANCH}/${BRANCH_NAME}/${VERSION}/pr-${PR_NUMBER}" >> $GITHUB_ENV 
+          DEST_DIR="${ENGINE}/${TARGET_BRANCH}/${BRANCH_NAME}/${VERSION}/pr-${PR_NUMBER}"
+          
+          echo "destination_dir=$DEST_DIR" >> $GITHUB_ENV
           echo "results_dir=${{ env.results_dir }}" >> $GITHUB_ENV
 
-      - name: Create metadata
+      - name: Organize SARIF files
         run: |
-          mkdir -p "${{ env.results_dir }}"
+          mkdir -p "${{ env.results_dir }}/pr-${{ github.event.number }}"
           
-          # Debug: Listar ficheiros no diretório results
           echo "Listing SARIF files before processing..."
           ls -la $GITHUB_WORKSPACE/results/
 
           for sarif_file in $GITHUB_WORKSPACE/results/*.sarif; do
             if [[ -f "$sarif_file" ]]; then
-              project_name=$(basename "$sarif_file" .sarif)  # Nome do projeto (sem extensão)
-              mkdir -p "${{ env.results_dir }}/$project_name"
-              mv "$sarif_file" "${{ env.results_dir }}/$project_name/results.sarif"
-              echo "Moved $sarif_file to $project_name/results.sarif"
+              project_name=$(basename "$sarif_file" .sarif)
+              mkdir -p "${{ env.results_dir }}/pr-${{ github.event.number }}/$project_name"
+              mv "$sarif_file" "${{ env.results_dir }}/pr-${{ github.event.number }}/$project_name/results.sarif"
+              echo "Moved $sarif_file to pr-${{ github.event.number }}/$project_name/results.sarif"
             fi
           done
 
+      - name: Create Metadata File
+        run: |
           TIMESTAMP=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+          METADATA_PATH="${{ env.results_dir }}/pr-${{ github.event.number }}/metadata.json"
+
           echo '{
             "timestamp": "'"${TIMESTAMP}"'",
             "branch": "'"${{ github.head_ref || github.ref_name }}"'",
@@ -67,18 +72,15 @@ jobs:
             "commit_hash": "'"${COMMIT_HASH}"'",
             "pr_owner": "'"${PR_OWNER}"'",
             "engine": "'"${ENGINE}"'"
-          }' > "${{ env.results_dir }}/metadata.json"
+          }' > "$METADATA_PATH"
 
-          echo "Created directory structure:"
-          tree "${{ env.results_dir }}"
+          echo "Created metadata file at $METADATA_PATH"
+          cat "$METADATA_PATH"
 
       - name: Upload results to S3
         run: |
-            aws s3 cp --recursive "${{ env.results_dir }}" "s3://${{ secrets.CES_AWS_BUCKET }}/${{ env.destination_dir }}" \
-              --storage-class STANDARD
+          aws s3 cp --recursive "${{ env.results_dir }}/pr-${{ github.event.number }}" "s3://${{ secrets.CES_AWS_BUCKET }}/${{ env.destination_dir }}/pr-${{ github.event.number }}" \
+            --storage-class STANDARD
         env:
-          aws_key_id: ${{ secrets.CES_BUCKET_AWS_ACCESS_KEY }}
-          aws_secret_access_key: ${{ secrets.CES_BUCKET_AWS_SECRET_ACCESS_KEY }}
-          aws_bucket: ${{ secrets.CES_AWS_BUCKET }} 
-          source_dir: ${{ env.results_dir }}
-          destination_dir: ${{ env.destination_dir }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.CES_BUCKET_AWS_ACCESS_KEY }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.CES_BUCKET_AWS_SECRET_ACCESS_KEY }}

From 0f426e532438d2258b631242b2d484d15c17feaa Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Mon, 17 Mar 2025 15:11:53 +0000
Subject: [PATCH 23/79] Change to pull request

---
 .github/workflows/bucket-upload.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 9598cb20..5c3dfcfd 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -1,7 +1,7 @@
 name: Run 2ms Scan and Upload to S3
 
 on:
-  push:
+  pull_request:
 
 jobs:
   scan-and-upload:
@@ -79,7 +79,7 @@ jobs:
 
       - name: Upload results to S3
         run: |
-          aws s3 cp --recursive "${{ env.results_dir }}/pr-${{ github.event.number }}" "s3://${{ secrets.CES_AWS_BUCKET }}/${{ env.destination_dir }}/pr-${{ github.event.number }}" \
+          aws s3 cp --recursive "${{ env.results_dir }}/pr-${{ github.event.number }}" "s3://${{ secrets.CES_AWS_BUCKET }}/${{ env.destination_dir }}" \
             --storage-class STANDARD
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.CES_BUCKET_AWS_ACCESS_KEY }}

From d5211bbf522859772b20eae9974c832ffe5862b9 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Mon, 17 Mar 2025 15:25:21 +0000
Subject: [PATCH 24/79] change syntax

---
 .github/workflows/bucket-upload.yaml | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 5c3dfcfd..8daa4723 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -27,12 +27,16 @@ jobs:
           name: results
           path: ${{ env.results_dir }}
 
+
+      
+          
+
       - name: Set S3 Destination Path
         id: set_s3_path
         run: |
           BRANCH_NAME="${{ github.head_ref || github.ref_name }}"
           PR_NUMBER="${{ github.event.number }}"
-          VERSION="v3.17.0"
+          echo "twoms_version=$(curl -s https://api.github.com/repos/checkmarx/2ms/releases/latest | jq -r '.tag_name')" >> $GITHUB_ENV
           ENGINE="2ms"
           COMMIT_HASH="${{ github.sha }}"
           PR_OWNER="${{ github.actor }}"
@@ -66,11 +70,11 @@ jobs:
 
           echo '{
             "timestamp": "'"${TIMESTAMP}"'",
-            "branch": "'"${{ github.head_ref || github.ref_name }}"'",
+            "branch": " ${{ github.head_ref || github.ref_name }} ",
             "pr_number": "'"${{ github.event.number }}"'",
-            "version": "'"${VERSION}"'",
-            "commit_hash": "'"${COMMIT_HASH}"'",
-            "pr_owner": "'"${PR_OWNER}"'",
+            "version": "${{ env.twoms_version }}",
+            "commit_hash": "'"${{ github.sha }}"'",
+            "pr_owner": " ${{ github.event.pull_request.user.login }} ",
             "engine": "'"${ENGINE}"'"
           }' > "$METADATA_PATH"
 

From 7510c31a164fed34c5609230c5fefa42302bb89d Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Mon, 17 Mar 2025 15:51:58 +0000
Subject: [PATCH 25/79] Final version

---
 .github/workflows/bucket-upload.yaml | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 8daa4723..b267c427 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -27,10 +27,6 @@ jobs:
           name: results
           path: ${{ env.results_dir }}
 
-
-      
-          
-
       - name: Set S3 Destination Path
         id: set_s3_path
         run: |
@@ -42,7 +38,7 @@ jobs:
           PR_OWNER="${{ github.actor }}"
           TARGET_BRANCH="master"
 
-          DEST_DIR="${ENGINE}/${TARGET_BRANCH}/${BRANCH_NAME}/${VERSION}/pr-${PR_NUMBER}"
+          DEST_DIR="${ENGINE}/${TARGET_BRANCH}/${BRANCH_NAME}/v3.17.0/pr-${PR_NUMBER}"
           
           echo "destination_dir=$DEST_DIR" >> $GITHUB_ENV
           echo "results_dir=${{ env.results_dir }}" >> $GITHUB_ENV
@@ -70,12 +66,12 @@ jobs:
 
           echo '{
             "timestamp": "'"${TIMESTAMP}"'",
-            "branch": " ${{ github.head_ref || github.ref_name }} ",
-            "pr_number": "'"${{ github.event.number }}"'",
+            "branch": "'"${{ github.head_ref || github.ref_name }}"'",
+            "pr_number": "'"${{ github.event.number }}",
             "version": "${{ env.twoms_version }}",
-            "commit_hash": "'"${{ github.sha }}"'",
-            "pr_owner": " ${{ github.event.pull_request.user.login }} ",
-            "engine": "'"${ENGINE}"'"
+            "commit_hash": "${{ github.sha }}",
+            "pr_owner": "${{ github.actor }}",
+            "engine": "2ms"
           }' > "$METADATA_PATH"
 
           echo "Created metadata file at $METADATA_PATH"

From 6996bec72ce7db62d93bea8a2711cbe348bf4db1 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Mon, 17 Mar 2025 15:58:35 +0000
Subject: [PATCH 26/79] Syntax error updated

---
 .github/workflows/bucket-upload.yaml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index b267c427..89376b81 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -67,10 +67,10 @@ jobs:
           echo '{
             "timestamp": "'"${TIMESTAMP}"'",
             "branch": "'"${{ github.head_ref || github.ref_name }}"'",
-            "pr_number": "'"${{ github.event.number }}",
-            "version": "${{ env.twoms_version }}",
-            "commit_hash": "${{ github.sha }}",
-            "pr_owner": "${{ github.actor }}",
+            "pr_number": "'"${{ github.event.number }}"'",
+            "version": "'"${{ env.twoms_version }}"'",
+            "commit_hash": "'"${{ github.sha }}"'",
+            "pr_owner": "'"${{ github.actor }}"'",
             "engine": "2ms"
           }' > "$METADATA_PATH"
 

From 9189a6de9a0518f19da7fc69fb5bafc01c9018b2 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Mon, 17 Mar 2025 16:13:15 +0000
Subject: [PATCH 27/79] New timestamp

---
 .github/workflows/bucket-upload.yaml | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 89376b81..e16077d7 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -61,21 +61,23 @@ jobs:
 
       - name: Create Metadata File
         run: |
-          TIMESTAMP=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
-          METADATA_PATH="${{ env.results_dir }}/pr-${{ github.event.number }}/metadata.json"
+           echo "COMMIT_TIMESTAMP=$(git log -1 --format=%ct)" >> $GITHUB_ENV
+ 
+           METADATA_PATH="${{ env.results_dir }}/pr-${{ github.event.number }}/metadata.json"
 
-          echo '{
-            "timestamp": "'"${TIMESTAMP}"'",
+           echo '{
+            "seq": "'"${{ env.COMMIT_TIMESTAMP }}"'",
+            "tag": "'"${{ github.event.number }}"'",
+            "comment":"'"${{ github.event.pull_request.title }}"'",
+            "commit": "'"${{ github.sha }}"'",
+            "owner": "'"${{ github.actor }}"'",
             "branch": "'"${{ github.head_ref || github.ref_name }}"'",
-            "pr_number": "'"${{ github.event.number }}"'",
-            "version": "'"${{ env.twoms_version }}"'",
-            "commit_hash": "'"${{ github.sha }}"'",
-            "pr_owner": "'"${{ github.actor }}"'",
-            "engine": "2ms"
-          }' > "$METADATA_PATH"
+            "engine": "2ms",
+            "version": "1.0.0"
+           }' > "$METADATA_PATH"
 
-          echo "Created metadata file at $METADATA_PATH"
-          cat "$METADATA_PATH"
+           echo "Created metadata file at $METADATA_PATH"
+           cat "$METADATA_PATH"
 
       - name: Upload results to S3
         run: |

From c42f7df9e6885b42573ed10bac4cadf0828e4803 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Mon, 17 Mar 2025 16:16:02 +0000
Subject: [PATCH 28/79] Correct Timestamp

---
 .github/workflows/bucket-upload.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index e16077d7..3b60f282 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -4,7 +4,7 @@ on:
   pull_request:
 
 jobs:
-  scan-and-upload:
+  bucket-upload-S3:
     runs-on: ubuntu-latest  
 
     steps:
@@ -61,12 +61,12 @@ jobs:
 
       - name: Create Metadata File
         run: |
-           echo "COMMIT_TIMESTAMP=$(git log -1 --format=%ct)" >> $GITHUB_ENV
+           COMMIT_TIMESTAMP=$(git log -1 --format=%ct)
  
            METADATA_PATH="${{ env.results_dir }}/pr-${{ github.event.number }}/metadata.json"
 
            echo '{
-            "seq": "'"${{ env.COMMIT_TIMESTAMP }}"'",
+            "seq": "'"${COMMIT_TIMESTAMP}"'",
             "tag": "'"${{ github.event.number }}"'",
             "comment":"'"${{ github.event.pull_request.title }}"'",
             "commit": "'"${{ github.sha }}"'",

From af09117535dfe08a8bd0268476651322fa83cbb2 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Mon, 17 Mar 2025 16:19:31 +0000
Subject: [PATCH 29/79] Final version

---
 .github/workflows/bucket-upload.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 3b60f282..3db021f1 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -38,7 +38,7 @@ jobs:
           PR_OWNER="${{ github.actor }}"
           TARGET_BRANCH="master"
 
-          DEST_DIR="${ENGINE}/${TARGET_BRANCH}/${BRANCH_NAME}/v3.17.0/pr-${PR_NUMBER}"
+          DEST_DIR="${ENGINE}/${TARGET_BRANCH}/${BRANCH_NAME}/${{ env.twoms_version }}pr-${PR_NUMBER}"
           
           echo "destination_dir=$DEST_DIR" >> $GITHUB_ENV
           echo "results_dir=${{ env.results_dir }}" >> $GITHUB_ENV

From 15626d9dfcebd5904a4e551d70ed680cfe8ca38e Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Mon, 17 Mar 2025 16:21:28 +0000
Subject: [PATCH 30/79] Final version v2

---
 .github/workflows/bucket-upload.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 3db021f1..da9854fc 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -38,7 +38,7 @@ jobs:
           PR_OWNER="${{ github.actor }}"
           TARGET_BRANCH="master"
 
-          DEST_DIR="${ENGINE}/${TARGET_BRANCH}/${BRANCH_NAME}/${{ env.twoms_version }}pr-${PR_NUMBER}"
+          DEST_DIR="${ENGINE}/${TARGET_BRANCH}/${BRANCH_NAME}/${{ env.twoms_version }}/pr-${PR_NUMBER}"
           
           echo "destination_dir=$DEST_DIR" >> $GITHUB_ENV
           echo "results_dir=${{ env.results_dir }}" >> $GITHUB_ENV

From 261ccebbe3c2069bbe970e836f17e1562a32df7d Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Mon, 17 Mar 2025 18:23:12 +0000
Subject: [PATCH 31/79] Change 2ms version

---
 .github/workflows/bucket-upload.yaml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index da9854fc..c5b73e0e 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -73,11 +73,9 @@ jobs:
             "owner": "'"${{ github.actor }}"'",
             "branch": "'"${{ github.head_ref || github.ref_name }}"'",
             "engine": "2ms",
-            "version": "1.0.0"
+            "version": "'"${{ env.twoms_version }}"'"
            }' > "$METADATA_PATH"
 
-           echo "Created metadata file at $METADATA_PATH"
-           cat "$METADATA_PATH"
 
       - name: Upload results to S3
         run: |

From 9e9570d2c15fbb9716d8ca2361761f4e19e17a0a Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Tue, 18 Mar 2025 09:35:15 +0000
Subject: [PATCH 32/79] Change 2ms version not showing

---
 .github/workflows/bucket-upload.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index c5b73e0e..59344137 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -32,7 +32,8 @@ jobs:
         run: |
           BRANCH_NAME="${{ github.head_ref || github.ref_name }}"
           PR_NUMBER="${{ github.event.number }}"
-          echo "twoms_version=$(curl -s https://api.github.com/repos/checkmarx/2ms/releases/latest | jq -r '.tag_name')" >> $GITHUB_ENV
+          TWOMS_VERSION=$(curl -s https://api.github.com/repos/checkmarx/2ms/releases/latest | jq -r '.tag_name')
+          echo "twoms_version=$TWOMS_VERSION" >> $GITHUB_ENV
           ENGINE="2ms"
           COMMIT_HASH="${{ github.sha }}"
           PR_OWNER="${{ github.actor }}"

From f063855cafccd92425a533366b3a60959737c33b Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Tue, 18 Mar 2025 09:42:19 +0000
Subject: [PATCH 33/79] Final Version

---
 .github/workflows/bucket-upload.yaml | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 59344137..5d8d4332 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -19,21 +19,24 @@ jobs:
         id: get_results_dir
         run: |
           echo "results_dir=results" >> $GITHUB_ENV
-          echo "Results Directory: ${{ env.results_dir }}"  
+          
 
       - name: Upload 2ms Scan Artifact
         uses: actions/upload-artifact@v4
         with:
           name: results
-          path: ${{ env.results_dir }}
+          path: ${{ env.results_dir }}~
+
+      - name: Get 2ms Version
+        id: get_twoms_version
+        run: |
+         echo "twoms_version=$(curl -s https://api.github.com/repos/checkmarx/2ms/releases/latest | jq -r '.tag_name')" >> $GITHUB_ENV
 
       - name: Set S3 Destination Path
         id: set_s3_path
         run: |
           BRANCH_NAME="${{ github.head_ref || github.ref_name }}"
           PR_NUMBER="${{ github.event.number }}"
-          TWOMS_VERSION=$(curl -s https://api.github.com/repos/checkmarx/2ms/releases/latest | jq -r '.tag_name')
-          echo "twoms_version=$TWOMS_VERSION" >> $GITHUB_ENV
           ENGINE="2ms"
           COMMIT_HASH="${{ github.sha }}"
           PR_OWNER="${{ github.actor }}"

From f668b39de5ad9ee131f7de51f5337bb011c1869b Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Tue, 18 Mar 2025 10:28:55 +0000
Subject: [PATCH 34/79] Updated 2ms version

---
 .github/workflows/bucket-upload.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 5d8d4332..ce1aa2fe 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -12,7 +12,7 @@ jobs:
         uses: actions/checkout@v4  
 
       - name: Run 2ms Scan
-        uses: miguel-neiva01/2ms-github-action@v1.6.5 
+        uses: miguel-neiva01/2ms-github-action@v2.0.1
         id: twoms_scan
 
       - name: Get Results Directory

From 5d9a163ec892cc1b57875024c795fd7eae9fd731 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Tue, 18 Mar 2025 11:23:03 +0000
Subject: [PATCH 35/79] Remove artifact

---
 .github/workflows/bucket-upload.yaml | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index ce1aa2fe..64ebd52f 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -19,13 +19,6 @@ jobs:
         id: get_results_dir
         run: |
           echo "results_dir=results" >> $GITHUB_ENV
-          
-
-      - name: Upload 2ms Scan Artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: results
-          path: ${{ env.results_dir }}~
 
       - name: Get 2ms Version
         id: get_twoms_version

From 0349ebe514d8e6bd343967c796d80bea534994ce Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Tue, 18 Mar 2025 15:25:21 +0000
Subject: [PATCH 36/79] Build and compile 2ms from a commit or pr

---
 .github/workflows/bucket-upload.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 64ebd52f..7e66f64a 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -12,8 +12,10 @@ jobs:
         uses: actions/checkout@v4  
 
       - name: Run 2ms Scan
-        uses: miguel-neiva01/2ms-github-action@v2.0.1
+        uses: miguel-neiva01/2ms-github-action@v2.0.3
         id: twoms_scan
+        with:
+          commit_hash: ${{ github.sha }}  
 
       - name: Get Results Directory
         id: get_results_dir

From acd3e6f76d62495f6c84dbbdda0671afedad9fb4 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Tue, 18 Mar 2025 15:37:22 +0000
Subject: [PATCH 37/79] Corrected YAML syntaxe

---
 .github/workflows/bucket-upload.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 7e66f64a..c53269e3 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -12,7 +12,7 @@ jobs:
         uses: actions/checkout@v4  
 
       - name: Run 2ms Scan
-        uses: miguel-neiva01/2ms-github-action@v2.0.3
+        uses: miguel-neiva01/2ms-github-action@v2.0.4
         id: twoms_scan
         with:
           commit_hash: ${{ github.sha }}  

From 3c61dda2c71277199ef7fb988b5b529a54cae6f3 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Tue, 18 Mar 2025 15:40:03 +0000
Subject: [PATCH 38/79] Added shell

---
 .github/workflows/bucket-upload.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index c53269e3..452e771c 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -12,7 +12,7 @@ jobs:
         uses: actions/checkout@v4  
 
       - name: Run 2ms Scan
-        uses: miguel-neiva01/2ms-github-action@v2.0.4
+        uses: miguel-neiva01/2ms-github-action@v2.0.5
         id: twoms_scan
         with:
           commit_hash: ${{ github.sha }}  

From c16e17731bdc68ec6710a21deff851951a20c1e7 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Tue, 18 Mar 2025 15:43:11 +0000
Subject: [PATCH 39/79] Added shell to every step

---
 .github/workflows/bucket-upload.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 452e771c..6b91e65b 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -12,7 +12,7 @@ jobs:
         uses: actions/checkout@v4  
 
       - name: Run 2ms Scan
-        uses: miguel-neiva01/2ms-github-action@v2.0.5
+        uses: miguel-neiva01/2ms-github-action@v2.0.6
         id: twoms_scan
         with:
           commit_hash: ${{ github.sha }}  

From fa250e1634b06a05444d40bdfe5235b19be09b54 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Tue, 18 Mar 2025 15:47:32 +0000
Subject: [PATCH 40/79] Remove Composite

---
 .github/workflows/bucket-upload.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 6b91e65b..858a3e4b 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -12,7 +12,7 @@ jobs:
         uses: actions/checkout@v4  
 
       - name: Run 2ms Scan
-        uses: miguel-neiva01/2ms-github-action@v2.0.6
+        uses: miguel-neiva01/2ms-github-action@v2.0.7
         id: twoms_scan
         with:
           commit_hash: ${{ github.sha }}  

From 1f0c819235624e03d8a9ad6d8aa59fb0ec14eca0 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 11:23:19 +0000
Subject: [PATCH 41/79] Run 2ms in workflow

---
 .github/workflows/bucket-upload.yaml | 83 +++++++++++++---------------
 1 file changed, 39 insertions(+), 44 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 858a3e4b..bb36f4f9 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -1,32 +1,58 @@
 name: Run 2ms Scan and Upload to S3
 
 on:
-  pull_request:
+  push:
+    branches:
+      - main
 
 jobs:
   bucket-upload-S3:
     runs-on: ubuntu-latest  
 
     steps:
-      - name: Check out repository
-        uses: actions/checkout@v4  
-
-      - name: Run 2ms Scan
-        uses: miguel-neiva01/2ms-github-action@v2.0.7
-        id: twoms_scan
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          commit_hash: ${{ github.sha }}  
+          go-version: "^1.22"
+
+      - name: Clone 2ms Repository and Checkout Commit SHA
+        run: |
+          # Clonar o repositório 2ms
+          git clone https://github.com/checkmarx/2ms.git /tmp/2ms
+          cd /tmp/2ms
+
+          git checkout ${{ github.sha }}
+
+          go build -o dist/2ms main.go
+          ls -la dist/2ms
+
+      - name: Load Repos from JSON
+        run: |
+          # Baixar o arquivo repos.json diretamente
+          curl -o /tmp/repos.json https://raw.githubusercontent.com/cx-miguel-neiva/2ms-github-action/main/repos.json
+          REPOS_LIST=$(jq -r '.projects[]' /tmp/repos.json)
+          echo "repos=$REPOS_LIST" >> $GITHUB_ENV
+
+      - name: Run 2ms Scan for each repo
+        run: |
+          mkdir -p $GITHUB_WORKSPACE/results
+
+          for repo_url in $REPOS_LIST; do
+            repo_name=$(basename $repo_url .git)
+            echo "Cloning repository: $repo_url"
+            
+            # Clonar o repositório
+            git clone $repo_url $GITHUB_WORKSPACE/$repo_name
+
+            # Rodar o 2ms scan no repositório clonado
+            /tmp/2ms filesystem --path $GITHUB_WORKSPACE/$repo_name --ignore-on-exit results --report-path $GITHUB_WORKSPACE/results/$repo_name.sarif
+          done
 
       - name: Get Results Directory
         id: get_results_dir
         run: |
           echo "results_dir=results" >> $GITHUB_ENV
 
-      - name: Get 2ms Version
-        id: get_twoms_version
-        run: |
-         echo "twoms_version=$(curl -s https://api.github.com/repos/checkmarx/2ms/releases/latest | jq -r '.tag_name')" >> $GITHUB_ENV
-
       - name: Set S3 Destination Path
         id: set_s3_path
         run: |
@@ -45,41 +71,10 @@ jobs:
       - name: Organize SARIF files
         run: |
           mkdir -p "${{ env.results_dir }}/pr-${{ github.event.number }}"
-          
-          echo "Listing SARIF files before processing..."
-          ls -la $GITHUB_WORKSPACE/results/
 
           for sarif_file in $GITHUB_WORKSPACE/results/*.sarif; do
             if [[ -f "$sarif_file" ]]; then
               project_name=$(basename "$sarif_file" .sarif)
               mkdir -p "${{ env.results_dir }}/pr-${{ github.event.number }}/$project_name"
               mv "$sarif_file" "${{ env.results_dir }}/pr-${{ github.event.number }}/$project_name/results.sarif"
-              echo "Moved $sarif_file to pr-${{ github.event.number }}/$project_name/results.sarif"
             fi
-          done
-
-      - name: Create Metadata File
-        run: |
-           COMMIT_TIMESTAMP=$(git log -1 --format=%ct)
- 
-           METADATA_PATH="${{ env.results_dir }}/pr-${{ github.event.number }}/metadata.json"
-
-           echo '{
-            "seq": "'"${COMMIT_TIMESTAMP}"'",
-            "tag": "'"${{ github.event.number }}"'",
-            "comment":"'"${{ github.event.pull_request.title }}"'",
-            "commit": "'"${{ github.sha }}"'",
-            "owner": "'"${{ github.actor }}"'",
-            "branch": "'"${{ github.head_ref || github.ref_name }}"'",
-            "engine": "2ms",
-            "version": "'"${{ env.twoms_version }}"'"
-           }' > "$METADATA_PATH"
-
-
-      - name: Upload results to S3
-        run: |
-          aws s3 cp --recursive "${{ env.results_dir }}/pr-${{ github.event.number }}" "s3://${{ secrets.CES_AWS_BUCKET }}/${{ env.destination_dir }}" \
-            --storage-class STANDARD
-        env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.CES_BUCKET_AWS_ACCESS_KEY }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.CES_BUCKET_AWS_SECRET_ACCESS_KEY }}

From 68ec44260376bcb4c81c0510dd9c5f598fb45750 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 11:28:34 +0000
Subject: [PATCH 42/79] Trigger on pull_request

---
 .github/workflows/bucket-upload.yaml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index bb36f4f9..b8d3789f 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -1,9 +1,7 @@
 name: Run 2ms Scan and Upload to S3
 
 on:
-  push:
-    branches:
-      - main
+  pull_request:
 
 jobs:
   bucket-upload-S3:

From 5c0c9daa5772dad329e8ae259ea82b444a463833 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 11:30:09 +0000
Subject: [PATCH 43/79] added git fetch

---
 .github/workflows/bucket-upload.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index b8d3789f..3d7f88f6 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -18,7 +18,8 @@ jobs:
           # Clonar o repositório 2ms
           git clone https://github.com/checkmarx/2ms.git /tmp/2ms
           cd /tmp/2ms
-
+          
+          git fetch --all
           git checkout ${{ github.sha }}
 
           go build -o dist/2ms main.go

From 7ea6c7120a1c44319e8754dc08b521827b92d690 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 11:35:19 +0000
Subject: [PATCH 44/79] Changed worflow trigger

---
 .github/workflows/bucket-upload.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 3d7f88f6..6261a0de 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -2,6 +2,8 @@ name: Run 2ms Scan and Upload to S3
 
 on:
   pull_request:
+    branches:
+      - add-bucket-upload-workflow
 
 jobs:
   bucket-upload-S3:
@@ -9,6 +11,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+         ref: ${{ github.sha }} 
       - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
           go-version: "^1.22"

From 5028e9d008c512181e3b7aeb897fde75d909606d Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 11:37:42 +0000
Subject: [PATCH 45/79] Changed workflow trigger v2

---
 .github/workflows/bucket-upload.yaml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 6261a0de..cbe47f6c 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -1,10 +1,12 @@
-name: Run 2ms Scan and Upload to S3
-
 on:
+  push:
+    branches:
+      - add-bucket-upload-workflow  
   pull_request:
     branches:
       - add-bucket-upload-workflow
 
+
 jobs:
   bucket-upload-S3:
     runs-on: ubuntu-latest  

From 7b0945c8b223abb1c8163a7205215536ef6146e2 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 11:40:40 +0000
Subject: [PATCH 46/79] Change Load Repos from JSON

---
 .github/workflows/bucket-upload.yaml | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index cbe47f6c..3db64e15 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -31,13 +31,20 @@ jobs:
           go build -o dist/2ms main.go
           ls -la dist/2ms
 
+
       - name: Load Repos from JSON
         run: |
-          # Baixar o arquivo repos.json diretamente
-          curl -o /tmp/repos.json https://raw.githubusercontent.com/cx-miguel-neiva/2ms-github-action/main/repos.json
-          REPOS_LIST=$(jq -r '.projects[]' /tmp/repos.json)
-          echo "repos=$REPOS_LIST" >> $GITHUB_ENV
+            # Baixar o arquivo repos.json diretamente
+            curl -o /tmp/repos.json https://raw.githubusercontent.com/cx-miguel-neiva/2ms-github-action/main/repos.json
+            REPOS_LIST=$(jq -r '.projects[]' /tmp/repos.json)
+        
+            # Exibir o conteúdo de REPOS_LIST para depuração
+            echo "REPOS_LIST: $REPOS_LIST"
+        
+            # Passar a variável corretamente ao ambiente
+            echo "REPOS_LIST=$REPOS_LIST" >> $GITHUB_ENV
 
+            
       - name: Run 2ms Scan for each repo
         run: |
           mkdir -p $GITHUB_WORKSPACE/results

From 598344c69f806ba3920dbd81e22a79ae478e2a11 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 11:43:00 +0000
Subject: [PATCH 47/79] Change Load Repos from JSON v2

---
 .github/workflows/bucket-upload.yaml | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 3db64e15..2ee14a0d 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -36,15 +36,18 @@ jobs:
         run: |
             # Baixar o arquivo repos.json diretamente
             curl -o /tmp/repos.json https://raw.githubusercontent.com/cx-miguel-neiva/2ms-github-action/main/repos.json
-            REPOS_LIST=$(jq -r '.projects[]' /tmp/repos.json)
         
+            # Extrair os repositórios e criar uma string separada por vírgulas
+            REPOS_LIST=$(jq -r '.projects[]' /tmp/repos.json)
+            
             # Exibir o conteúdo de REPOS_LIST para depuração
-            echo "REPOS_LIST: $REPOS_LIST"
+            echo "Repos List: $REPOS_LIST"
+            
+            # Converter a lista de repositórios para uma string separada por vírgulas e passá-la para o GITHUB_ENV
+            REPOS_LIST_CSV=$(echo $REPOS_LIST | tr '\n' ',')
+            echo "repos=$REPOS_LIST_CSV" >> $GITHUB_ENV
         
-            # Passar a variável corretamente ao ambiente
-            echo "REPOS_LIST=$REPOS_LIST" >> $GITHUB_ENV
 
-            
       - name: Run 2ms Scan for each repo
         run: |
           mkdir -p $GITHUB_WORKSPACE/results

From 8ea3e96ed2594bd1f4bdd7bf8b0a18574c94f256 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 11:46:43 +0000
Subject: [PATCH 48/79] CChange structure

---
 .github/workflows/bucket-upload.yaml | 85 ++++++++++++++++++++--------
 1 file changed, 61 insertions(+), 24 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 2ee14a0d..4125c4a1 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -63,33 +63,70 @@ jobs:
             /tmp/2ms filesystem --path $GITHUB_WORKSPACE/$repo_name --ignore-on-exit results --report-path $GITHUB_WORKSPACE/results/$repo_name.sarif
           done
 
-      - name: Get Results Directory
-        id: get_results_dir
-        run: |
-          echo "results_dir=results" >> $GITHUB_ENV
 
+          - name: Get Results Directory
+          id: get_results_dir
+          run: |
+            echo "results_dir=results" >> $GITHUB_ENV
+  
+      - name: Get 2ms Version
+        id: get_twoms_version
+        run: |
+           echo "twoms_version=$(curl -s https://api.github.com/repos/checkmarx/2ms/releases/latest | jq -r '.tag_name')" >> $GITHUB_ENV
+  
       - name: Set S3 Destination Path
         id: set_s3_path
         run: |
-          BRANCH_NAME="${{ github.head_ref || github.ref_name }}"
-          PR_NUMBER="${{ github.event.number }}"
-          ENGINE="2ms"
-          COMMIT_HASH="${{ github.sha }}"
-          PR_OWNER="${{ github.actor }}"
-          TARGET_BRANCH="master"
-
-          DEST_DIR="${ENGINE}/${TARGET_BRANCH}/${BRANCH_NAME}/${{ env.twoms_version }}/pr-${PR_NUMBER}"
-          
-          echo "destination_dir=$DEST_DIR" >> $GITHUB_ENV
-          echo "results_dir=${{ env.results_dir }}" >> $GITHUB_ENV
-
+            BRANCH_NAME="${{ github.head_ref || github.ref_name }}"
+            PR_NUMBER="${{ github.event.number }}"
+            ENGINE="2ms"
+            COMMIT_HASH="${{ github.sha }}"
+            PR_OWNER="${{ github.actor }}"
+            TARGET_BRANCH="master"
+  
+            DEST_DIR="${ENGINE}/${TARGET_BRANCH}/${BRANCH_NAME}/${{ env.twoms_version }}/pr-${PR_NUMBER}"
+            
+            echo "destination_dir=$DEST_DIR" >> $GITHUB_ENV
+            echo "results_dir=${{ env.results_dir }}" >> $GITHUB_ENV
+  
       - name: Organize SARIF files
         run: |
-          mkdir -p "${{ env.results_dir }}/pr-${{ github.event.number }}"
-
-          for sarif_file in $GITHUB_WORKSPACE/results/*.sarif; do
-            if [[ -f "$sarif_file" ]]; then
-              project_name=$(basename "$sarif_file" .sarif)
-              mkdir -p "${{ env.results_dir }}/pr-${{ github.event.number }}/$project_name"
-              mv "$sarif_file" "${{ env.results_dir }}/pr-${{ github.event.number }}/$project_name/results.sarif"
-            fi
+            mkdir -p "${{ env.results_dir }}/pr-${{ github.event.number }}"
+            
+            echo "Listing SARIF files before processing..."
+            ls -la $GITHUB_WORKSPACE/results/
+  
+            for sarif_file in $GITHUB_WORKSPACE/results/*.sarif; do
+              if [[ -f "$sarif_file" ]]; then
+                project_name=$(basename "$sarif_file" .sarif)
+                mkdir -p "${{ env.results_dir }}/pr-${{ github.event.number }}/$project_name"
+                mv "$sarif_file" "${{ env.results_dir }}/pr-${{ github.event.number }}/$project_name/results.sarif"
+                echo "Moved $sarif_file to pr-${{ github.event.number }}/$project_name/results.sarif"
+              fi
+            done
+  
+      - name: Create Metadata File
+        run: |
+             COMMIT_TIMESTAMP=$(git log -1 --format=%ct)
+   
+             METADATA_PATH="${{ env.results_dir }}/pr-${{ github.event.number }}/metadata.json"
+  
+             echo '{
+              "seq": "'"${COMMIT_TIMESTAMP}"'",
+              "tag": "'"${{ github.event.number }}"'",
+              "comment":"'"${{ github.event.pull_request.title }}"'",
+              "commit": "'"${{ github.sha }}"'",
+              "owner": "'"${{ github.actor }}"'",
+              "branch": "'"${{ github.head_ref || github.ref_name }}"'",
+              "engine": "2ms",
+              "version": "'"${{ env.twoms_version }}"'"
+             }' > "$METADATA_PATH"
+  
+  
+      - name: Upload results to S3
+        run: |
+            aws s3 cp --recursive "${{ env.results_dir }}/pr-${{ github.event.number }}" "s3://${{ secrets.CES_AWS_BUCKET }}/${{ env.destination_dir }}" \
+              --storage-class STANDARD
+        env:
+            AWS_ACCESS_KEY_ID: ${{ secrets.CES_BUCKET_AWS_ACCESS_KEY }}
+            AWS_SECRET_ACCESS_KEY: ${{ secrets.CES_BUCKET_AWS_SECRET_ACCESS_KEY }}
\ No newline at end of file

From 210541c42b2cd7fb27cf22b016f00ce029c6cced Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 11:50:35 +0000
Subject: [PATCH 49/79] Verify List of repos

---
 .github/workflows/bucket-upload.yaml | 39 +++++++++++++++-------------
 1 file changed, 21 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 4125c4a1..fe677dd9 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -50,24 +50,27 @@ jobs:
 
       - name: Run 2ms Scan for each repo
         run: |
-          mkdir -p $GITHUB_WORKSPACE/results
-
-          for repo_url in $REPOS_LIST; do
-            repo_name=$(basename $repo_url .git)
-            echo "Cloning repository: $repo_url"
-            
-            # Clonar o repositório
-            git clone $repo_url $GITHUB_WORKSPACE/$repo_name
-
-            # Rodar o 2ms scan no repositório clonado
-            /tmp/2ms filesystem --path $GITHUB_WORKSPACE/$repo_name --ignore-on-exit results --report-path $GITHUB_WORKSPACE/results/$repo_name.sarif
-          done
-
-
-          - name: Get Results Directory
-          id: get_results_dir
-          run: |
-            echo "results_dir=results" >> $GITHUB_ENV
+              mkdir -p $GITHUB_WORKSPACE/results
+          
+              # Dividir a variável 'repos' em uma lista separada por vírgulas
+              IFS=',' read -r -a REPOS_ARRAY <<< "$REPOS_LIST"
+              
+              # Iterar sobre os repositórios no array
+              for repo_url in "${REPOS_ARRAY[@]}"; do
+                repo_name=$(basename "$repo_url" .git)
+                echo "Cloning repository: $repo_url"
+                
+                # Clonar o repositório
+                git clone "$repo_url" "$GITHUB_WORKSPACE/$repo_name"
+                
+                # Rodar o 2ms scan no repositório clonado
+                /tmp/2ms filesystem --path "$GITHUB_WORKSPACE/$repo_name" --ignore-on-exit results --report-path "$GITHUB_WORKSPACE/results/$repo_name.sarif"
+              done
+          
+      - name: Get Results Directory
+        id: get_results_dir
+        run: |
+              echo "results_dir=results" >> $GITHUB_ENV
   
       - name: Get 2ms Version
         id: get_twoms_version

From f8bbefcaa09096d214384cc101973746c8a25c0b Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 11:57:02 +0000
Subject: [PATCH 50/79] Check 2ms Scan

---
 .github/workflows/bucket-upload.yaml | 166 +++++++++++++--------------
 1 file changed, 82 insertions(+), 84 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index fe677dd9..2940d413 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -6,7 +6,6 @@ on:
     branches:
       - add-bucket-upload-workflow
 
-
 jobs:
   bucket-upload-S3:
     runs-on: ubuntu-latest  
@@ -14,7 +13,8 @@ jobs:
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
-         ref: ${{ github.sha }} 
+          ref: ${{ github.sha }} 
+      
       - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
           go-version: "^1.22"
@@ -27,109 +27,107 @@ jobs:
           
           git fetch --all
           git checkout ${{ github.sha }}
-
+          
+          # Compilar o 2ms
           go build -o dist/2ms main.go
+          
+          # Verificar se o binário foi criado corretamente
           ls -la dist/2ms
-
-
-      - name: Load Repos from JSON
-        run: |
-            # Baixar o arquivo repos.json diretamente
-            curl -o /tmp/repos.json https://raw.githubusercontent.com/cx-miguel-neiva/2ms-github-action/main/repos.json
-        
-            # Extrair os repositórios e criar uma string separada por vírgulas
-            REPOS_LIST=$(jq -r '.projects[]' /tmp/repos.json)
-            
-            # Exibir o conteúdo de REPOS_LIST para depuração
-            echo "Repos List: $REPOS_LIST"
-            
-            # Converter a lista de repositórios para uma string separada por vírgulas e passá-la para o GITHUB_ENV
-            REPOS_LIST_CSV=$(echo $REPOS_LIST | tr '\n' ',')
-            echo "repos=$REPOS_LIST_CSV" >> $GITHUB_ENV
-        
+          
+          # Garantir permissões de execução
+          chmod +x dist/2ms
 
       - name: Run 2ms Scan for each repo
         run: |
-              mkdir -p $GITHUB_WORKSPACE/results
-          
-              # Dividir a variável 'repos' em uma lista separada por vírgulas
-              IFS=',' read -r -a REPOS_ARRAY <<< "$REPOS_LIST"
-              
-              # Iterar sobre os repositórios no array
-              for repo_url in "${REPOS_ARRAY[@]}"; do
-                repo_name=$(basename "$repo_url" .git)
-                echo "Cloning repository: $repo_url"
-                
-                # Clonar o repositório
-                git clone "$repo_url" "$GITHUB_WORKSPACE/$repo_name"
-                
-                # Rodar o 2ms scan no repositório clonado
-                /tmp/2ms filesystem --path "$GITHUB_WORKSPACE/$repo_name" --ignore-on-exit results --report-path "$GITHUB_WORKSPACE/results/$repo_name.sarif"
-              done
+          mkdir -p $GITHUB_WORKSPACE/results
+      
+          # Dividir a variável 'repos' em uma lista separada por vírgulas
+          IFS=',' read -r -a REPOS_ARRAY <<< "$REPOS_LIST"
           
+          # Iterar sobre os repositórios no array
+          for repo_url in "${REPOS_ARRAY[@]}"; do
+            repo_name=$(basename "$repo_url" .git)
+            echo "Cloning repository: $repo_url"
+            
+            # Clonar o repositório
+            git clone "$repo_url" "$GITHUB_WORKSPACE/$repo_name"
+            
+            # Verificar se o repositório foi clonado corretamente
+            ls -la "$GITHUB_WORKSPACE/$repo_name"
+            
+            # Rodar o 2ms scan no repositório clonado
+            echo "Running 2ms scan on $repo_name"
+            /tmp/2ms filesystem --path "$GITHUB_WORKSPACE/$repo_name" --ignore-on-exit results --report-path "$GITHUB_WORKSPACE/results/$repo_name.sarif"
+            
+            # Verificar se o comando 2ms foi executado
+            if [ $? -ne 0 ]; then
+              echo "2ms scan failed for $repo_name"
+              exit 1
+            fi
+          done
+      
       - name: Get Results Directory
         id: get_results_dir
         run: |
-              echo "results_dir=results" >> $GITHUB_ENV
-  
+          echo "results_dir=results" >> $GITHUB_ENV
+
       - name: Get 2ms Version
         id: get_twoms_version
         run: |
-           echo "twoms_version=$(curl -s https://api.github.com/repos/checkmarx/2ms/releases/latest | jq -r '.tag_name')" >> $GITHUB_ENV
-  
+          echo "twoms_version=$(curl -s https://api.github.com/repos/checkmarx/2ms/releases/latest | jq -r '.tag_name')" >> $GITHUB_ENV
+
       - name: Set S3 Destination Path
         id: set_s3_path
         run: |
-            BRANCH_NAME="${{ github.head_ref || github.ref_name }}"
-            PR_NUMBER="${{ github.event.number }}"
-            ENGINE="2ms"
-            COMMIT_HASH="${{ github.sha }}"
-            PR_OWNER="${{ github.actor }}"
-            TARGET_BRANCH="master"
-  
-            DEST_DIR="${ENGINE}/${TARGET_BRANCH}/${BRANCH_NAME}/${{ env.twoms_version }}/pr-${PR_NUMBER}"
-            
-            echo "destination_dir=$DEST_DIR" >> $GITHUB_ENV
-            echo "results_dir=${{ env.results_dir }}" >> $GITHUB_ENV
-  
+          BRANCH_NAME="${{ github.head_ref || github.ref_name }}"
+          PR_NUMBER="${{ github.event.number }}"
+          ENGINE="2ms"
+          COMMIT_HASH="${{ github.sha }}"
+          PR_OWNER="${{ github.actor }}"
+          TARGET_BRANCH="master"
+
+          DEST_DIR="${ENGINE}/${TARGET_BRANCH}/${BRANCH_NAME}/${{ env.twoms_version }}/pr-${PR_NUMBER}"
+          
+          echo "destination_dir=$DEST_DIR" >> $GITHUB_ENV
+          echo "results_dir=${{ env.results_dir }}" >> $GITHUB_ENV
+
       - name: Organize SARIF files
         run: |
-            mkdir -p "${{ env.results_dir }}/pr-${{ github.event.number }}"
-            
-            echo "Listing SARIF files before processing..."
-            ls -la $GITHUB_WORKSPACE/results/
-  
-            for sarif_file in $GITHUB_WORKSPACE/results/*.sarif; do
-              if [[ -f "$sarif_file" ]]; then
-                project_name=$(basename "$sarif_file" .sarif)
-                mkdir -p "${{ env.results_dir }}/pr-${{ github.event.number }}/$project_name"
-                mv "$sarif_file" "${{ env.results_dir }}/pr-${{ github.event.number }}/$project_name/results.sarif"
-                echo "Moved $sarif_file to pr-${{ github.event.number }}/$project_name/results.sarif"
-              fi
-            done
-  
+          mkdir -p "${{ env.results_dir }}/pr-${{ github.event.number }}"
+          
+          echo "Listing SARIF files before processing..."
+          ls -la $GITHUB_WORKSPACE/results/
+      
+          for sarif_file in $GITHUB_WORKSPACE/results/*.sarif; do
+            if [[ -f "$sarif_file" ]]; then
+              project_name=$(basename "$sarif_file" .sarif)
+              mkdir -p "${{ env.results_dir }}/pr-${{ github.event.number }}/$project_name"
+              mv "$sarif_file" "${{ env.results_dir }}/pr-${{ github.event.number }}/$project_name/results.sarif"
+              echo "Moved $sarif_file to pr-${{ github.event.number }}/$project_name/results.sarif"
+            fi
+          done
+
       - name: Create Metadata File
         run: |
-             COMMIT_TIMESTAMP=$(git log -1 --format=%ct)
-   
-             METADATA_PATH="${{ env.results_dir }}/pr-${{ github.event.number }}/metadata.json"
-  
-             echo '{
-              "seq": "'"${COMMIT_TIMESTAMP}"'",
-              "tag": "'"${{ github.event.number }}"'",
-              "comment":"'"${{ github.event.pull_request.title }}"'",
-              "commit": "'"${{ github.sha }}"'",
-              "owner": "'"${{ github.actor }}"'",
-              "branch": "'"${{ github.head_ref || github.ref_name }}"'",
-              "engine": "2ms",
-              "version": "'"${{ env.twoms_version }}"'"
-             }' > "$METADATA_PATH"
+          COMMIT_TIMESTAMP=$(git log -1 --format=%ct)
   
+          METADATA_PATH="${{ env.results_dir }}/pr-${{ github.event.number }}/metadata.json"
   
+          echo '{
+            "seq": "'"${COMMIT_TIMESTAMP}"'",
+            "tag": "'"${{ github.event.number }}"'",
+            "comment":"'"${{ github.event.pull_request.title }}"'",
+            "commit": "'"${{ github.sha }}"'",
+            "owner": "'"${{ github.actor }}"'",
+            "branch": "'"${{ github.head_ref || github.ref_name }}"'",
+            "engine": "2ms",
+            "version": "'"${{ env.twoms_version }}"'"
+          }' > "$METADATA_PATH"
+
       - name: Upload results to S3
         run: |
-            aws s3 cp --recursive "${{ env.results_dir }}/pr-${{ github.event.number }}" "s3://${{ secrets.CES_AWS_BUCKET }}/${{ env.destination_dir }}" \
-              --storage-class STANDARD
+          aws s3 cp --recursive "${{ env.results_dir }}/pr-${{ github.event.number }}" "s3://${{ secrets.CES_AWS_BUCKET }}/${{ env.destination_dir }}" \
+            --storage-class STANDARD
         env:
-            AWS_ACCESS_KEY_ID: ${{ secrets.CES_BUCKET_AWS_ACCESS_KEY }}
-            AWS_SECRET_ACCESS_KEY: ${{ secrets.CES_BUCKET_AWS_SECRET_ACCESS_KEY }}
\ No newline at end of file
+          AWS_ACCESS_KEY_ID: ${{ secrets.CES_BUCKET_AWS_ACCESS_KEY }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.CES_BUCKET_AWS_SECRET_ACCESS_KEY }}

From 2828f1ddf0d6cb12fa12069b4c6ed35aef95968a Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 12:00:22 +0000
Subject: [PATCH 51/79] add Repos Son

---
 .github/workflows/bucket-upload.yaml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 2940d413..2362d092 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -37,6 +37,23 @@ jobs:
           # Garantir permissões de execução
           chmod +x dist/2ms
 
+      
+      - name: Load Repos from JSON
+        run: |
+            # Baixar o arquivo repos.json diretamente
+            curl -o /tmp/repos.json https://raw.githubusercontent.com/cx-miguel-neiva/2ms-github-action/main/repos.json
+        
+            # Extrair os repositórios e criar uma string separada por vírgulas
+            REPOS_LIST=$(jq -r '.projects[]' /tmp/repos.json)
+            
+            # Exibir o conteúdo de REPOS_LIST para depuração
+            echo "Repos List: $REPOS_LIST"
+            
+            # Converter a lista de repositórios para uma string separada por vírgulas e passá-la para o GITHUB_ENV
+            REPOS_LIST_CSV=$(echo $REPOS_LIST | tr '\n' ',')
+            echo "repos=$REPOS_LIST_CSV" >> $GITHUB_ENV
+            
+
       - name: Run 2ms Scan for each repo
         run: |
           mkdir -p $GITHUB_WORKSPACE/results

From 5947f07c7d308692e536b7034f3bd00c1cd477d0 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 12:05:58 +0000
Subject: [PATCH 52/79] add binary 2ms

---
 .github/workflows/bucket-upload.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 2362d092..b044e593 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -52,7 +52,7 @@ jobs:
             # Converter a lista de repositórios para uma string separada por vírgulas e passá-la para o GITHUB_ENV
             REPOS_LIST_CSV=$(echo $REPOS_LIST | tr '\n' ',')
             echo "repos=$REPOS_LIST_CSV" >> $GITHUB_ENV
-            
+
 
       - name: Run 2ms Scan for each repo
         run: |
@@ -74,7 +74,7 @@ jobs:
             
             # Rodar o 2ms scan no repositório clonado
             echo "Running 2ms scan on $repo_name"
-            /tmp/2ms filesystem --path "$GITHUB_WORKSPACE/$repo_name" --ignore-on-exit results --report-path "$GITHUB_WORKSPACE/results/$repo_name.sarif"
+            /tmp/2ms/dist/2ms filesystem --path "$GITHUB_WORKSPACE/$repo_name" --ignore-on-exit results --report-path "$GITHUB_WORKSPACE/results/$repo_name.sarif"
             
             # Verificar se o comando 2ms foi executado
             if [ $? -ne 0 ]; then

From 340733a06bb68d8d6bdbcd480f8afe40acbb2fce Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 12:09:41 +0000
Subject: [PATCH 53/79] coment bugs

---
 .github/workflows/bucket-upload.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index b044e593..03883f28 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -71,6 +71,9 @@ jobs:
             
             # Verificar se o repositório foi clonado corretamente
             ls -la "$GITHUB_WORKSPACE/$repo_name"
+
+            ls -la /tmp/2ms/dist/
+
             
             # Rodar o 2ms scan no repositório clonado
             echo "Running 2ms scan on $repo_name"

From f2443c2073d24aaad0cdae6cb48e087434f21ef1 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 12:12:31 +0000
Subject: [PATCH 54/79] coment bugs v2

---
 .github/workflows/bucket-upload.yaml | 69 +++++++++++++++-------------
 1 file changed, 37 insertions(+), 32 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 03883f28..83d72cda 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -54,38 +54,43 @@ jobs:
             echo "repos=$REPOS_LIST_CSV" >> $GITHUB_ENV
 
 
-      - name: Run 2ms Scan for each repo
-        run: |
-          mkdir -p $GITHUB_WORKSPACE/results
-      
-          # Dividir a variável 'repos' em uma lista separada por vírgulas
-          IFS=',' read -r -a REPOS_ARRAY <<< "$REPOS_LIST"
-          
-          # Iterar sobre os repositórios no array
-          for repo_url in "${REPOS_ARRAY[@]}"; do
-            repo_name=$(basename "$repo_url" .git)
-            echo "Cloning repository: $repo_url"
-            
-            # Clonar o repositório
-            git clone "$repo_url" "$GITHUB_WORKSPACE/$repo_name"
-            
-            # Verificar se o repositório foi clonado corretamente
-            ls -la "$GITHUB_WORKSPACE/$repo_name"
-
-            ls -la /tmp/2ms/dist/
-
-            
-            # Rodar o 2ms scan no repositório clonado
-            echo "Running 2ms scan on $repo_name"
-            /tmp/2ms/dist/2ms filesystem --path "$GITHUB_WORKSPACE/$repo_name" --ignore-on-exit results --report-path "$GITHUB_WORKSPACE/results/$repo_name.sarif"
-            
-            # Verificar se o comando 2ms foi executado
-            if [ $? -ne 0 ]; then
-              echo "2ms scan failed for $repo_name"
-              exit 1
-            fi
-          done
-      
+            - name: Run 2ms Scan for each repo
+            run: |
+              mkdir -p $GITHUB_WORKSPACE/results
+    
+              IFS=',' read -r -a REPOS_ARRAY <<< "$REPOS_LIST"
+    
+              # Verificar se o binário 2ms existe
+              if [ ! -f /tmp/2ms/dist/2ms ]; then
+                echo "2ms binary not found!"
+                exit 1
+              fi
+    
+              for repo_url in "${REPOS_ARRAY[@]}"; do
+                repo_name=$(basename "$repo_url" .git)
+                echo "Cloning repository: $repo_url"
+                
+                # Clonar o repositório
+                git clone "$repo_url" "$GITHUB_WORKSPACE/$repo_name"
+                
+                # Verificar se o repositório foi clonado corretamente
+                ls -la "$GITHUB_WORKSPACE/$repo_name"
+                
+                # Verificar se o binário 2ms existe
+                ls -la /tmp/2ms/dist/
+    
+                echo "Running 2ms scan on $repo_name"
+                
+                # Executar o scan com 2ms
+                /tmp/2ms/dist/2ms filesystem --path "$GITHUB_WORKSPACE/$repo_name" --ignore-on-exit results --report-path "$GITHUB_WORKSPACE/results/$repo_name.sarif"
+                
+                # Verificar se o comando 2ms foi executado corretamente
+                if [ $? -ne 0 ]; then
+                  echo "2ms scan failed for $repo_name, continuing with the next repo."
+                  continue
+                fi
+              done
+              
       - name: Get Results Directory
         id: get_results_dir
         run: |

From 32cddc3be4b4c3b738209fb7003e74fc32884131 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 12:15:56 +0000
Subject: [PATCH 55/79] Yaml syntaxe

---
 .github/workflows/bucket-upload.yaml | 76 ++++++++++++++--------------
 1 file changed, 37 insertions(+), 39 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 83d72cda..da78b510 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -1,7 +1,7 @@
 on:
   push:
     branches:
-      - add-bucket-upload-workflow  
+      - add-bucket-upload-workflow
   pull_request:
     branches:
       - add-bucket-upload-workflow
@@ -37,7 +37,6 @@ jobs:
           # Garantir permissões de execução
           chmod +x dist/2ms
 
-      
       - name: Load Repos from JSON
         run: |
             # Baixar o arquivo repos.json diretamente
@@ -53,44 +52,43 @@ jobs:
             REPOS_LIST_CSV=$(echo $REPOS_LIST | tr '\n' ',')
             echo "repos=$REPOS_LIST_CSV" >> $GITHUB_ENV
 
+      - name: Run 2ms Scan for each repo
+        run: |
+          mkdir -p $GITHUB_WORKSPACE/results
+
+          IFS=',' read -r -a REPOS_ARRAY <<< "$REPOS_LIST"
+
+          # Verificar se o binário 2ms existe
+          if [ ! -f /tmp/2ms/dist/2ms ]; then
+            echo "2ms binary not found!"
+            exit 1
+          fi
+
+          for repo_url in "${REPOS_ARRAY[@]}"; do
+            repo_name=$(basename "$repo_url" .git)
+            echo "Cloning repository: $repo_url"
+            
+            # Clonar o repositório
+            git clone "$repo_url" "$GITHUB_WORKSPACE/$repo_name"
+            
+            # Verificar se o repositório foi clonado corretamente
+            ls -la "$GITHUB_WORKSPACE/$repo_name"
+            
+            # Verificar se o binário 2ms existe
+            ls -la /tmp/2ms/dist/
+
+            echo "Running 2ms scan on $repo_name"
+            
+            # Executar o scan com 2ms
+            /tmp/2ms/dist/2ms filesystem --path "$GITHUB_WORKSPACE/$repo_name" --ignore-on-exit results --report-path "$GITHUB_WORKSPACE/results/$repo_name.sarif"
+            
+            # Verificar se o comando 2ms foi executado corretamente
+            if [ $? -ne 0 ]; then
+              echo "2ms scan failed for $repo_name, continuing with the next repo."
+              continue
+            fi
+          done
 
-            - name: Run 2ms Scan for each repo
-            run: |
-              mkdir -p $GITHUB_WORKSPACE/results
-    
-              IFS=',' read -r -a REPOS_ARRAY <<< "$REPOS_LIST"
-    
-              # Verificar se o binário 2ms existe
-              if [ ! -f /tmp/2ms/dist/2ms ]; then
-                echo "2ms binary not found!"
-                exit 1
-              fi
-    
-              for repo_url in "${REPOS_ARRAY[@]}"; do
-                repo_name=$(basename "$repo_url" .git)
-                echo "Cloning repository: $repo_url"
-                
-                # Clonar o repositório
-                git clone "$repo_url" "$GITHUB_WORKSPACE/$repo_name"
-                
-                # Verificar se o repositório foi clonado corretamente
-                ls -la "$GITHUB_WORKSPACE/$repo_name"
-                
-                # Verificar se o binário 2ms existe
-                ls -la /tmp/2ms/dist/
-    
-                echo "Running 2ms scan on $repo_name"
-                
-                # Executar o scan com 2ms
-                /tmp/2ms/dist/2ms filesystem --path "$GITHUB_WORKSPACE/$repo_name" --ignore-on-exit results --report-path "$GITHUB_WORKSPACE/results/$repo_name.sarif"
-                
-                # Verificar se o comando 2ms foi executado corretamente
-                if [ $? -ne 0 ]; then
-                  echo "2ms scan failed for $repo_name, continuing with the next repo."
-                  continue
-                fi
-              done
-              
       - name: Get Results Directory
         id: get_results_dir
         run: |

From 8928700b72bca9550d5a6c95067fa58353d772c4 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 12:23:50 +0000
Subject: [PATCH 56/79] Change load Repos

---
 .github/workflows/bucket-upload.yaml | 101 +++++++++++++++------------
 1 file changed, 57 insertions(+), 44 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index da78b510..8da810fb 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -37,58 +37,71 @@ jobs:
           # Garantir permissões de execução
           chmod +x dist/2ms
 
-      - name: Load Repos from JSON
+      - name: Load Repos from JSON and Clone Each Repo
         run: |
             # Baixar o arquivo repos.json diretamente
             curl -o /tmp/repos.json https://raw.githubusercontent.com/cx-miguel-neiva/2ms-github-action/main/repos.json
-        
-            # Extrair os repositórios e criar uma string separada por vírgulas
+            
+            # Extrair os repositórios e iterar sobre eles
             REPOS_LIST=$(jq -r '.projects[]' /tmp/repos.json)
             
             # Exibir o conteúdo de REPOS_LIST para depuração
             echo "Repos List: $REPOS_LIST"
             
-            # Converter a lista de repositórios para uma string separada por vírgulas e passá-la para o GITHUB_ENV
-            REPOS_LIST_CSV=$(echo $REPOS_LIST | tr '\n' ',')
-            echo "repos=$REPOS_LIST_CSV" >> $GITHUB_ENV
-
-      - name: Run 2ms Scan for each repo
-        run: |
-          mkdir -p $GITHUB_WORKSPACE/results
-
-          IFS=',' read -r -a REPOS_ARRAY <<< "$REPOS_LIST"
-
-          # Verificar se o binário 2ms existe
-          if [ ! -f /tmp/2ms/dist/2ms ]; then
-            echo "2ms binary not found!"
-            exit 1
-          fi
-
-          for repo_url in "${REPOS_ARRAY[@]}"; do
-            repo_name=$(basename "$repo_url" .git)
-            echo "Cloning repository: $repo_url"
-            
-            # Clonar o repositório
-            git clone "$repo_url" "$GITHUB_WORKSPACE/$repo_name"
-            
-            # Verificar se o repositório foi clonado corretamente
-            ls -la "$GITHUB_WORKSPACE/$repo_name"
-            
-            # Verificar se o binário 2ms existe
-            ls -la /tmp/2ms/dist/
-
-            echo "Running 2ms scan on $repo_name"
-            
-            # Executar o scan com 2ms
-            /tmp/2ms/dist/2ms filesystem --path "$GITHUB_WORKSPACE/$repo_name" --ignore-on-exit results --report-path "$GITHUB_WORKSPACE/results/$repo_name.sarif"
-            
-            # Verificar se o comando 2ms foi executado corretamente
-            if [ $? -ne 0 ]; then
-              echo "2ms scan failed for $repo_name, continuing with the next repo."
-              continue
-            fi
-          done
-
+            # Iterar sobre cada repositório na lista
+            for repo_url in $REPOS_LIST; do
+              repo_name=$(basename "$repo_url" .git)
+              echo "Cloning repository: $repo_url"
+              
+              # Criar uma pasta para o repositório
+              mkdir -p "$GITHUB_WORKSPACE/$repo_name"
+              
+              # Clonar o repositório na pasta criada
+              git clone "$repo_url" "$GITHUB_WORKSPACE/$repo_name"
+              
+              # Verificar se o repositório foi clonado corretamente
+              ls -la "$GITHUB_WORKSPACE/$repo_name"
+            done
+        
+            - name: Run 2ms Scan for each repo
+            run: |
+              mkdir -p $GITHUB_WORKSPACE/results
+          
+              # Obter a lista de repositórios do GITHUB_ENV
+              IFS=',' read -r -a REPOS_ARRAY <<< "$REPOS_LIST"
+          
+              # Verificar se o binário 2ms existe no diretório correto
+              if [ ! -f /tmp/2ms/dist/2ms ]; then
+                echo "2ms binary not found!"
+                exit 1
+              fi
+          
+              # Iterar sobre cada repositório
+              for repo_url in "${REPOS_ARRAY[@]}"; do
+                repo_name=$(basename "$repo_url" .git)
+                echo "Cloning repository: $repo_url"
+          
+                # Criar pasta para o repositório e clonar o repositório
+                git clone "$repo_url" "$GITHUB_WORKSPACE/$repo_name"
+          
+                # Verificar se o repositório foi clonado corretamente
+                ls -la "$GITHUB_WORKSPACE/$repo_name"
+          
+                # Verificar se o binário 2ms existe no diretório onde foi compilado
+                ls -la /tmp/2ms/dist/
+          
+                echo "Running 2ms scan on $repo_name"
+          
+                # Executar o scan 2ms no repositório clonado, passando o path correto
+                /tmp/2ms/dist/2ms filesystem --path "$GITHUB_WORKSPACE/$repo_name" --ignore-on-exit results --report-path "$GITHUB_WORKSPACE/results/$repo_name.sarif"
+          
+                # Verificar se o comando 2ms foi executado corretamente
+                if [ $? -ne 0 ]; then
+                  echo "2ms scan failed for $repo_name, continuing with the next repo."
+                  continue
+                fi
+              done
+              
       - name: Get Results Directory
         id: get_results_dir
         run: |

From 579d29617ff9755d1a3fc407145066ba89185155 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 12:26:07 +0000
Subject: [PATCH 57/79] Correct Syntaxe

---
 .github/workflows/bucket-upload.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 8da810fb..c86cc1c6 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -63,8 +63,8 @@ jobs:
               ls -la "$GITHUB_WORKSPACE/$repo_name"
             done
         
-            - name: Run 2ms Scan for each repo
-            run: |
+      - name: Run 2ms Scan for each repo
+        run: |
               mkdir -p $GITHUB_WORKSPACE/results
           
               # Obter a lista de repositórios do GITHUB_ENV
@@ -101,7 +101,7 @@ jobs:
                   continue
                 fi
               done
-              
+
       - name: Get Results Directory
         id: get_results_dir
         run: |

From 5f15a7bc57a413ae40a54a0a9f17990d998d2257 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 12:34:54 +0000
Subject: [PATCH 58/79] New Strucure

---
 .github/workflows/bucket-upload.yaml | 131 +++++++++++++--------------
 1 file changed, 62 insertions(+), 69 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index c86cc1c6..85280510 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -21,86 +21,79 @@ jobs:
 
       - name: Clone 2ms Repository and Checkout Commit SHA
         run: |
-          # Clonar o repositório 2ms
-          git clone https://github.com/checkmarx/2ms.git /tmp/2ms
-          cd /tmp/2ms
-          
-          git fetch --all
-          git checkout ${{ github.sha }}
+            # Clonar o repositório 2ms no diretório do workspace
+            git clone https://github.com/checkmarx/2ms.git $GITHUB_WORKSPACE/2ms
+            cd $GITHUB_WORKSPACE/2ms
+            
+            # Buscar todos os commits e fazer checkout no commit correto
+            git fetch --all
+            git checkout ${{ github.sha }}
+            
+            # Compilar o 2ms
+            go build -o $GITHUB_WORKSPACE/2ms/dist/2ms main.go
+            
+            # Verificar se o binário foi criado corretamente
+            ls -la $GITHUB_WORKSPACE/2ms/dist/2ms
+            
+            # Garantir permissões de execução
+            chmod +x $GITHUB_WORKSPACE/2ms/dist/2ms
+
+      - name: Load Repos from JSON and Clone Each Repo
+        run: |
+          # Baixar o arquivo repos.json diretamente
+          curl -o /tmp/repos.json https://raw.githubusercontent.com/cx-miguel-neiva/2ms-github-action/main/repos.json
           
-          # Compilar o 2ms
-          go build -o dist/2ms main.go
+          # Extrair os repositórios e criar uma string separada por vírgulas
+          REPOS_LIST=$(jq -r '.projects[]' /tmp/repos.json)
           
-          # Verificar se o binário foi criado corretamente
-          ls -la dist/2ms
+          # Exibir o conteúdo de REPOS_LIST para depuração
+          echo "Repos List: $REPOS_LIST"
           
-          # Garantir permissões de execução
-          chmod +x dist/2ms
+          # Salvar a lista de repositórios em uma variável de ambiente
+          echo "repos=$REPOS_LIST" >> $GITHUB_ENV
 
-      - name: Load Repos from JSON and Clone Each Repo
-        run: |
-            # Baixar o arquivo repos.json diretamente
-            curl -o /tmp/repos.json https://raw.githubusercontent.com/cx-miguel-neiva/2ms-github-action/main/repos.json
+          # Iterar sobre cada repositório e cloná-los
+          for repo_url in $REPOS_LIST; do
+            repo_name=$(basename "$repo_url" .git)
+            echo "Cloning repository: $repo_url"
             
-            # Extrair os repositórios e iterar sobre eles
-            REPOS_LIST=$(jq -r '.projects[]' /tmp/repos.json)
+            # Criar uma pasta para o repositório
+            mkdir -p "$GITHUB_WORKSPACE/$repo_name"
             
-            # Exibir o conteúdo de REPOS_LIST para depuração
-            echo "Repos List: $REPOS_LIST"
+            # Clonar o repositório na pasta criada
+            git clone "$repo_url" "$GITHUB_WORKSPACE/$repo_name"
             
-            # Iterar sobre cada repositório na lista
-            for repo_url in $REPOS_LIST; do
-              repo_name=$(basename "$repo_url" .git)
-              echo "Cloning repository: $repo_url"
-              
-              # Criar uma pasta para o repositório
-              mkdir -p "$GITHUB_WORKSPACE/$repo_name"
-              
-              # Clonar o repositório na pasta criada
-              git clone "$repo_url" "$GITHUB_WORKSPACE/$repo_name"
-              
-              # Verificar se o repositório foi clonado corretamente
-              ls -la "$GITHUB_WORKSPACE/$repo_name"
-            done
-        
+            # Verificar se o repositório foi clonado corretamente
+            ls -la "$GITHUB_WORKSPACE/$repo_name"
+          done
+
       - name: Run 2ms Scan for each repo
         run: |
-              mkdir -p $GITHUB_WORKSPACE/results
-          
-              # Obter a lista de repositórios do GITHUB_ENV
-              IFS=',' read -r -a REPOS_ARRAY <<< "$REPOS_LIST"
-          
-              # Verificar se o binário 2ms existe no diretório correto
-              if [ ! -f /tmp/2ms/dist/2ms ]; then
-                echo "2ms binary not found!"
-                exit 1
-              fi
-          
-              # Iterar sobre cada repositório
-              for repo_url in "${REPOS_ARRAY[@]}"; do
-                repo_name=$(basename "$repo_url" .git)
-                echo "Cloning repository: $repo_url"
-          
-                # Criar pasta para o repositório e clonar o repositório
-                git clone "$repo_url" "$GITHUB_WORKSPACE/$repo_name"
-          
-                # Verificar se o repositório foi clonado corretamente
-                ls -la "$GITHUB_WORKSPACE/$repo_name"
-          
-                # Verificar se o binário 2ms existe no diretório onde foi compilado
-                ls -la /tmp/2ms/dist/
-          
-                echo "Running 2ms scan on $repo_name"
+          mkdir -p $GITHUB_WORKSPACE/results
+
+          # Obter a lista de repositórios do GITHUB_ENV
+          IFS=' ' read -r -a REPOS_ARRAY <<< "$repos"
           
-                # Executar o scan 2ms no repositório clonado, passando o path correto
-                /tmp/2ms/dist/2ms filesystem --path "$GITHUB_WORKSPACE/$repo_name" --ignore-on-exit results --report-path "$GITHUB_WORKSPACE/results/$repo_name.sarif"
+          # Verificar se o binário 2ms existe no diretório correto
+          if [ ! -f /tmp/2ms/dist/2ms ]; then
+            echo "2ms binary not found!"
+            exit 1
+          fi
           
-                # Verificar se o comando 2ms foi executado corretamente
-                if [ $? -ne 0 ]; then
-                  echo "2ms scan failed for $repo_name, continuing with the next repo."
-                  continue
-                fi
-              done
+          # Iterar sobre cada repositório
+          for repo_url in "${REPOS_ARRAY[@]}"; do
+            repo_name=$(basename "$repo_url" .git)
+            echo "Running 2ms scan on $repo_name"
+            
+            # Executar o scan 2ms no repositório clonado, passando o path correto
+            $GITHUB_WORKSPACE/2ms/dist/2ms filesystem --path "$GITHUB_WORKSPACE/$repo_name" --ignore-on-exit results --report-path "$GITHUB_WORKSPACE/results/$repo_name.sarif"
+            
+            # Verificar se o comando 2ms foi executado corretamente
+            if [ $? -ne 0 ]; then
+              echo "2ms scan failed for $repo_name, continuing with the next repo."
+              continue
+            fi
+          done
 
       - name: Get Results Directory
         id: get_results_dir

From a7801b076c9cde5af4abee353cf582d9f3fb52ae Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 12:37:57 +0000
Subject: [PATCH 59/79] remove 2ms in json

---
 .github/workflows/bucket-upload.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 85280510..7ead8a8c 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -80,7 +80,6 @@ jobs:
             exit 1
           fi
           
-          # Iterar sobre cada repositório
           for repo_url in "${REPOS_ARRAY[@]}"; do
             repo_name=$(basename "$repo_url" .git)
             echo "Running 2ms scan on $repo_name"

From 20996b474818d06d7d4b9c6a6ad92244be80f1b6 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 12:41:00 +0000
Subject: [PATCH 60/79] add dir repos

---
 .github/workflows/bucket-upload.yaml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 7ead8a8c..1f396f33 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -58,13 +58,13 @@ jobs:
             echo "Cloning repository: $repo_url"
             
             # Criar uma pasta para o repositório
-            mkdir -p "$GITHUB_WORKSPACE/$repo_name"
+            mkdir -p "$GITHUB_WORKSPACE/repos/$repo_name"
             
             # Clonar o repositório na pasta criada
-            git clone "$repo_url" "$GITHUB_WORKSPACE/$repo_name"
+            git clone "$repo_url" "$GITHUB_WORKSPACE/repos/$repo_name"
             
             # Verificar se o repositório foi clonado corretamente
-            ls -la "$GITHUB_WORKSPACE/$repo_name"
+            ls -la "$GITHUB_WORKSPACE/repos/$repo_name"
           done
 
       - name: Run 2ms Scan for each repo
@@ -85,7 +85,7 @@ jobs:
             echo "Running 2ms scan on $repo_name"
             
             # Executar o scan 2ms no repositório clonado, passando o path correto
-            $GITHUB_WORKSPACE/2ms/dist/2ms filesystem --path "$GITHUB_WORKSPACE/$repo_name" --ignore-on-exit results --report-path "$GITHUB_WORKSPACE/results/$repo_name.sarif"
+            $GITHUB_WORKSPACE/2ms/dist/2ms filesystem --path "$GITHUB_WORKSPACE/repos/$repo_name" --ignore-on-exit results --report-path "$GITHUB_WORKSPACE/results/$repo_name.sarif"
             
             # Verificar se o comando 2ms foi executado corretamente
             if [ $? -ne 0 ]; then

From 4c3d20b7ca6c4dec3c9b50ef7fe4f9aacccde08b Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 12:44:38 +0000
Subject: [PATCH 61/79] Verify

---
 .github/workflows/bucket-upload.yaml | 51 ++++++++++++++--------------
 1 file changed, 26 insertions(+), 25 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 1f396f33..becf21c3 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -40,33 +40,34 @@ jobs:
 
       - name: Load Repos from JSON and Clone Each Repo
         run: |
-          # Baixar o arquivo repos.json diretamente
-          curl -o /tmp/repos.json https://raw.githubusercontent.com/cx-miguel-neiva/2ms-github-action/main/repos.json
+              # Baixar o arquivo repos.json diretamente
+              curl -o /tmp/repos.json https://raw.githubusercontent.com/cx-miguel-neiva/2ms-github-action/main/repos.json
+              
+              # Extrair os repositórios e criar uma string separada por espaços (ou nova linha, conforme necessário)
+              REPOS_LIST=$(jq -r '.projects[]' /tmp/repos.json)
+              
+              # Exibir o conteúdo de REPOS_LIST para depuração
+              echo "Repos List: $REPOS_LIST"
+              
+              # Corrigir separação da variável para garantir que a leitura esteja correta
+              echo "repos=$(echo "$REPOS_LIST" | tr '\n' ' ')" >> $GITHUB_ENV
           
-          # Extrair os repositórios e criar uma string separada por vírgulas
-          REPOS_LIST=$(jq -r '.projects[]' /tmp/repos.json)
+              # Iterar sobre cada repositório e cloná-los
+              IFS=' '   # Ajusta o delimitador para garantir que o loop leia as URLs separadas por espaço
+              for repo_url in $REPOS_LIST; do
+                repo_name=$(basename "$repo_url" .git)
+                echo "Cloning repository: $repo_url"
+                
+                # Criar uma pasta para o repositório dentro de workspace/repos
+                mkdir -p "$GITHUB_WORKSPACE/workspace/repos/$repo_name"
+                
+                # Clonar o repositório na pasta criada
+                git clone "$repo_url" "$GITHUB_WORKSPACE/workspace/repos/$repo_name"
+                
+                # Verificar se o repositório foi clonado corretamente
+                ls -la "$GITHUB_WORKSPACE/workspace/repos/$repo_name"
+              done
           
-          # Exibir o conteúdo de REPOS_LIST para depuração
-          echo "Repos List: $REPOS_LIST"
-          
-          # Salvar a lista de repositórios em uma variável de ambiente
-          echo "repos=$REPOS_LIST" >> $GITHUB_ENV
-
-          # Iterar sobre cada repositório e cloná-los
-          for repo_url in $REPOS_LIST; do
-            repo_name=$(basename "$repo_url" .git)
-            echo "Cloning repository: $repo_url"
-            
-            # Criar uma pasta para o repositório
-            mkdir -p "$GITHUB_WORKSPACE/repos/$repo_name"
-            
-            # Clonar o repositório na pasta criada
-            git clone "$repo_url" "$GITHUB_WORKSPACE/repos/$repo_name"
-            
-            # Verificar se o repositório foi clonado corretamente
-            ls -la "$GITHUB_WORKSPACE/repos/$repo_name"
-          done
-
       - name: Run 2ms Scan for each repo
         run: |
           mkdir -p $GITHUB_WORKSPACE/results

From 1a2830308cb5a96e0d25d535c7bbd09ba0a2b2de Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 13:08:30 +0000
Subject: [PATCH 62/79] Try again

---
 .github/workflows/bucket-upload.yaml | 94 +++++-----------------------
 1 file changed, 17 insertions(+), 77 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index becf21c3..342dd125 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -1,10 +1,5 @@
 on:
-  push:
-    branches:
-      - add-bucket-upload-workflow
-  pull_request:
-    branches:
-      - add-bucket-upload-workflow
+  pull request:
 
 jobs:
   bucket-upload-S3:
@@ -21,78 +16,31 @@ jobs:
 
       - name: Clone 2ms Repository and Checkout Commit SHA
         run: |
-            # Clonar o repositório 2ms no diretório do workspace
-            git clone https://github.com/checkmarx/2ms.git $GITHUB_WORKSPACE/2ms
-            cd $GITHUB_WORKSPACE/2ms
-            
-            # Buscar todos os commits e fazer checkout no commit correto
-            git fetch --all
-            git checkout ${{ github.sha }}
-            
-            # Compilar o 2ms
-            go build -o $GITHUB_WORKSPACE/2ms/dist/2ms main.go
-            
-            # Verificar se o binário foi criado corretamente
-            ls -la $GITHUB_WORKSPACE/2ms/dist/2ms
-            
-            # Garantir permissões de execução
-            chmod +x $GITHUB_WORKSPACE/2ms/dist/2ms
+          git clone https://github.com/checkmarx/2ms.git $GITHUB_WORKSPACE/2ms
+          cd $GITHUB_WORKSPACE/2ms
+          git fetch --all
+          git checkout ${{ github.sha }} 
+          go build -o $GITHUB_WORKSPACE/2ms/dist/2ms main.go
+          chmod +x $GITHUB_WORKSPACE/2ms/dist/2ms
 
       - name: Load Repos from JSON and Clone Each Repo
         run: |
-              # Baixar o arquivo repos.json diretamente
-              curl -o /tmp/repos.json https://raw.githubusercontent.com/cx-miguel-neiva/2ms-github-action/main/repos.json
-              
-              # Extrair os repositórios e criar uma string separada por espaços (ou nova linha, conforme necessário)
-              REPOS_LIST=$(jq -r '.projects[]' /tmp/repos.json)
-              
-              # Exibir o conteúdo de REPOS_LIST para depuração
-              echo "Repos List: $REPOS_LIST"
-              
-              # Corrigir separação da variável para garantir que a leitura esteja correta
-              echo "repos=$(echo "$REPOS_LIST" | tr '\n' ' ')" >> $GITHUB_ENV
-          
-              # Iterar sobre cada repositório e cloná-los
-              IFS=' '   # Ajusta o delimitador para garantir que o loop leia as URLs separadas por espaço
-              for repo_url in $REPOS_LIST; do
-                repo_name=$(basename "$repo_url" .git)
-                echo "Cloning repository: $repo_url"
-                
-                # Criar uma pasta para o repositório dentro de workspace/repos
-                mkdir -p "$GITHUB_WORKSPACE/workspace/repos/$repo_name"
-                
-                # Clonar o repositório na pasta criada
-                git clone "$repo_url" "$GITHUB_WORKSPACE/workspace/repos/$repo_name"
-                
-                # Verificar se o repositório foi clonado corretamente
-                ls -la "$GITHUB_WORKSPACE/workspace/repos/$repo_name"
-              done
-          
+          curl -o /tmp/repos.json https://raw.githubusercontent.com/cx-miguel-neiva/2ms-github-action/main/repos.json
+          REPOS_LIST=$(jq -r '.projects[]' /tmp/repos.json | tr '\n' ' ')
+          echo "repos=$REPOS_LIST" >> $GITHUB_ENV
+          for repo_url in $REPOS_LIST; do
+            repo_name=$(basename "$repo_url" .git)
+            mkdir -p "$GITHUB_WORKSPACE/repos/$repo_name"
+            git clone "$repo_url" "$GITHUB_WORKSPACE/repos/$repo_name"
+          done
+
       - name: Run 2ms Scan for each repo
         run: |
           mkdir -p $GITHUB_WORKSPACE/results
-
-          # Obter a lista de repositórios do GITHUB_ENV
           IFS=' ' read -r -a REPOS_ARRAY <<< "$repos"
-          
-          # Verificar se o binário 2ms existe no diretório correto
-          if [ ! -f /tmp/2ms/dist/2ms ]; then
-            echo "2ms binary not found!"
-            exit 1
-          fi
-          
           for repo_url in "${REPOS_ARRAY[@]}"; do
             repo_name=$(basename "$repo_url" .git)
-            echo "Running 2ms scan on $repo_name"
-            
-            # Executar o scan 2ms no repositório clonado, passando o path correto
             $GITHUB_WORKSPACE/2ms/dist/2ms filesystem --path "$GITHUB_WORKSPACE/repos/$repo_name" --ignore-on-exit results --report-path "$GITHUB_WORKSPACE/results/$repo_name.sarif"
-            
-            # Verificar se o comando 2ms foi executado corretamente
-            if [ $? -ne 0 ]; then
-              echo "2ms scan failed for $repo_name, continuing with the next repo."
-              continue
-            fi
           done
 
       - name: Get Results Directory
@@ -114,34 +62,25 @@ jobs:
           COMMIT_HASH="${{ github.sha }}"
           PR_OWNER="${{ github.actor }}"
           TARGET_BRANCH="master"
-
           DEST_DIR="${ENGINE}/${TARGET_BRANCH}/${BRANCH_NAME}/${{ env.twoms_version }}/pr-${PR_NUMBER}"
-          
           echo "destination_dir=$DEST_DIR" >> $GITHUB_ENV
           echo "results_dir=${{ env.results_dir }}" >> $GITHUB_ENV
 
       - name: Organize SARIF files
         run: |
           mkdir -p "${{ env.results_dir }}/pr-${{ github.event.number }}"
-          
-          echo "Listing SARIF files before processing..."
-          ls -la $GITHUB_WORKSPACE/results/
-      
           for sarif_file in $GITHUB_WORKSPACE/results/*.sarif; do
             if [[ -f "$sarif_file" ]]; then
               project_name=$(basename "$sarif_file" .sarif)
               mkdir -p "${{ env.results_dir }}/pr-${{ github.event.number }}/$project_name"
               mv "$sarif_file" "${{ env.results_dir }}/pr-${{ github.event.number }}/$project_name/results.sarif"
-              echo "Moved $sarif_file to pr-${{ github.event.number }}/$project_name/results.sarif"
             fi
           done
 
       - name: Create Metadata File
         run: |
           COMMIT_TIMESTAMP=$(git log -1 --format=%ct)
-  
           METADATA_PATH="${{ env.results_dir }}/pr-${{ github.event.number }}/metadata.json"
-  
           echo '{
             "seq": "'"${COMMIT_TIMESTAMP}"'",
             "tag": "'"${{ github.event.number }}"'",
@@ -153,6 +92,7 @@ jobs:
             "version": "'"${{ env.twoms_version }}"'"
           }' > "$METADATA_PATH"
 
+
       - name: Upload results to S3
         run: |
           aws s3 cp --recursive "${{ env.results_dir }}/pr-${{ github.event.number }}" "s3://${{ secrets.CES_AWS_BUCKET }}/${{ env.destination_dir }}" \

From a4af693e66bf48428332d066b0976cb0348dc921 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 13:09:46 +0000
Subject: [PATCH 63/79] On pull request

---
 .github/workflows/bucket-upload.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 342dd125..c014de63 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -1,5 +1,5 @@
 on:
-  pull request:
+  pull_request:
 
 jobs:
   bucket-upload-S3:

From 5ff120d31d27b2671167116760be62de2d19a6e8 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 13:13:08 +0000
Subject: [PATCH 64/79] try

---
 .github/workflows/bucket-upload.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index c014de63..272025ad 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -1,6 +1,10 @@
 on:
+  push:
+    branches:
+      - add-bucket-upload-workflow
   pull_request:
-
+    branches:
+      - add-bucket-upload-workflow
 jobs:
   bucket-upload-S3:
     runs-on: ubuntu-latest  

From 2caa4edff1b79fb7cabbefc0f1f7efd6eac644d3 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 14:06:25 +0000
Subject: [PATCH 65/79] Add branches

---
 .github/workflows/bucket-upload.yaml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 272025ad..a4d79051 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -1,7 +1,4 @@
 on:
-  push:
-    branches:
-      - add-bucket-upload-workflow
   pull_request:
     branches:
       - add-bucket-upload-workflow

From cae845b24996c8eb37b66f15b3f1c6493aaf1447 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 14:12:15 +0000
Subject: [PATCH 66/79] Add branches

---
 .github/workflows/bucket-upload.yaml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index a4d79051..2fe98151 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -1,7 +1,6 @@
 on:
   pull_request:
-    branches:
-      - add-bucket-upload-workflow
+
 jobs:
   bucket-upload-S3:
     runs-on: ubuntu-latest  
@@ -11,6 +10,10 @@ jobs:
         with:
           ref: ${{ github.sha }} 
       
+      - name: Echo GitHub SHA
+        run: |
+             echo "GitHub SHA: ${{ github.sha }}"
+      
       - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
           go-version: "^1.22"

From 6fb7087f5125187f4b668a37572a75f7826fcee7 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 14:14:17 +0000
Subject: [PATCH 67/79] Add branches event

---
 .github/workflows/bucket-upload.yaml | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 2fe98151..6b08ce7d 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -8,11 +8,7 @@ jobs:
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
-          ref: ${{ github.sha }} 
-      
-      - name: Echo GitHub SHA
-        run: |
-             echo "GitHub SHA: ${{ github.sha }}"
+          ref: ${{ github.event.pull_request.head.sha }}
       
       - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
@@ -23,7 +19,7 @@ jobs:
           git clone https://github.com/checkmarx/2ms.git $GITHUB_WORKSPACE/2ms
           cd $GITHUB_WORKSPACE/2ms
           git fetch --all
-          git checkout ${{ github.sha }} 
+          git checkout ${{ github.event.pull_request.head.sha }}
           go build -o $GITHUB_WORKSPACE/2ms/dist/2ms main.go
           chmod +x $GITHUB_WORKSPACE/2ms/dist/2ms
 

From 81dbac2dbdc07f3e2e58ca9bf39773daa5f1ae46 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 16:08:07 +0000
Subject: [PATCH 68/79] add artifact

---
 .github/workflows/bucket-upload.yaml | 40 +++++++++++++++++++++++-----
 1 file changed, 33 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 6b08ce7d..476abd35 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -36,12 +36,31 @@ jobs:
 
       - name: Run 2ms Scan for each repo
         run: |
-          mkdir -p $GITHUB_WORKSPACE/results
-          IFS=' ' read -r -a REPOS_ARRAY <<< "$repos"
-          for repo_url in "${REPOS_ARRAY[@]}"; do
-            repo_name=$(basename "$repo_url" .git)
-            $GITHUB_WORKSPACE/2ms/dist/2ms filesystem --path "$GITHUB_WORKSPACE/repos/$repo_name" --ignore-on-exit results --report-path "$GITHUB_WORKSPACE/results/$repo_name.sarif"
-          done
+            mkdir -p $GITHUB_WORKSPACE/results
+            IFS=' ' read -r -a REPOS_ARRAY <<< "$repos"
+            
+            # Criando um arquivo para armazenar os resultados (status e tempo)
+            touch $GITHUB_WORKSPACE/scan_results.json
+            echo "[" > $GITHUB_WORKSPACE/scan_results.json
+            for repo_url in "${REPOS_ARRAY[@]}"; do
+              repo_name=$(basename "$repo_url" .git)
+              result_sarif="$GITHUB_WORKSPACE/results/$repo_name.sarif"
+              start_time=$(date +%s)  # Marca o início do tempo
+              if $GITHUB_WORKSPACE/2ms/dist/2ms filesystem --path "$GITHUB_WORKSPACE/repos/$repo_name" --ignore-on-exit results --report-path "$result_sarif"; then
+                scan_status="success"
+              else
+                scan_status="failure"
+              fi
+              end_time=$(date +%s)  # Marca o tempo de término
+              execution_time=$((end_time - start_time))  # Calculando o tempo de execução
+              echo "{
+                \"repo_name\": \"$repo_name\",
+                \"scan_status\": \"$scan_status\",
+                \"execution_time\": \"$execution_time\"
+              }," >> $GITHUB_WORKSPACE/scan_results.json
+            done
+            sed -i '$ s/,$//' $GITHUB_WORKSPACE/scan_results.json
+            echo "]" >> $GITHUB_WORKSPACE/scan_results.json
 
       - name: Get Results Directory
         id: get_results_dir
@@ -92,7 +111,6 @@ jobs:
             "version": "'"${{ env.twoms_version }}"'"
           }' > "$METADATA_PATH"
 
-
       - name: Upload results to S3
         run: |
           aws s3 cp --recursive "${{ env.results_dir }}/pr-${{ github.event.number }}" "s3://${{ secrets.CES_AWS_BUCKET }}/${{ env.destination_dir }}" \
@@ -100,3 +118,11 @@ jobs:
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.CES_BUCKET_AWS_ACCESS_KEY }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.CES_BUCKET_AWS_SECRET_ACCESS_KEY }}
+
+      - name: Upload results as artifact
+        uses: actions/upload-artifact@v4
+        with:
+         name: results
+         path: results/
+
+  
\ No newline at end of file

From e6a377fb4b85edee8ab0c11ce24fb3119c937958 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 16:50:55 +0000
Subject: [PATCH 69/79] add backup

---
 .github/workflows/bucket-upload.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 476abd35..e09ec0a6 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -62,6 +62,8 @@ jobs:
             sed -i '$ s/,$//' $GITHUB_WORKSPACE/scan_results.json
             echo "]" >> $GITHUB_WORKSPACE/scan_results.json
 
+            cp -r $GITHUB_WORKSPACE/results $GITHUB_WORKSPACE/results_backup
+
       - name: Get Results Directory
         id: get_results_dir
         run: |
@@ -123,6 +125,6 @@ jobs:
         uses: actions/upload-artifact@v4
         with:
          name: results
-         path: results/
+         path: results_backup/
 
   
\ No newline at end of file

From 9c0c5cdc73cece0bd24f21339abfb5c531cad6f4 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 16:57:04 +0000
Subject: [PATCH 70/79] add backup to results

---
 .github/workflows/bucket-upload.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index e09ec0a6..b2dd1d58 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -59,8 +59,8 @@ jobs:
                 \"execution_time\": \"$execution_time\"
               }," >> $GITHUB_WORKSPACE/scan_results.json
             done
-            sed -i '$ s/,$//' $GITHUB_WORKSPACE/scan_results.json
-            echo "]" >> $GITHUB_WORKSPACE/scan_results.json
+            sed -i '$ s/,$//' $GITHUB_WORKSPACE/results/scan_results.json
+            echo "]" >> $GITHUB_WORKSPACE/results/scan_results.json
 
             cp -r $GITHUB_WORKSPACE/results $GITHUB_WORKSPACE/results_backup
 

From 6888dae9c341459690e2019f47750cf2f9ce520a Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 16:59:18 +0000
Subject: [PATCH 71/79] add backup to results

---
 .github/workflows/bucket-upload.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index b2dd1d58..52583e25 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -57,7 +57,7 @@ jobs:
                 \"repo_name\": \"$repo_name\",
                 \"scan_status\": \"$scan_status\",
                 \"execution_time\": \"$execution_time\"
-              }," >> $GITHUB_WORKSPACE/scan_results.json
+              }," >> $GITHUB_WORKSPACE/results/scan_results.json
             done
             sed -i '$ s/,$//' $GITHUB_WORKSPACE/results/scan_results.json
             echo "]" >> $GITHUB_WORKSPACE/results/scan_results.json

From d742a701bffd02456d22d5ce53aeac8616abcaef Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 17:24:59 +0000
Subject: [PATCH 72/79] add backup to results

---
 .github/workflows/bucket-upload.yaml | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 52583e25..4387852e 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -45,14 +45,15 @@ jobs:
             for repo_url in "${REPOS_ARRAY[@]}"; do
               repo_name=$(basename "$repo_url" .git)
               result_sarif="$GITHUB_WORKSPACE/results/$repo_name.sarif"
-              start_time=$(date +%s)  # Marca o início do tempo
+              start_time=$(date +%s.%N)   # Marca o início do tempo
               if $GITHUB_WORKSPACE/2ms/dist/2ms filesystem --path "$GITHUB_WORKSPACE/repos/$repo_name" --ignore-on-exit results --report-path "$result_sarif"; then
                 scan_status="success"
               else
                 scan_status="failure"
               fi
-              end_time=$(date +%s)  # Marca o tempo de término
-              execution_time=$((end_time - start_time))  # Calculando o tempo de execução
+              end_time=$(date +%s.%N)  # Marca o tempo de término
+              execution_time=$(echo "$end_time - $start_time" | bc)  
+              execution_time_formatted=$(printf "%.2f" "$execution_time")
               echo "{
                 \"repo_name\": \"$repo_name\",
                 \"scan_status\": \"$scan_status\",
@@ -121,10 +122,15 @@ jobs:
           AWS_ACCESS_KEY_ID: ${{ secrets.CES_BUCKET_AWS_ACCESS_KEY }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.CES_BUCKET_AWS_SECRET_ACCESS_KEY }}
 
-      - name: Upload results as artifact
-        uses: actions/upload-artifact@v4
+      - name: Create Comment on Pr
+        uses: peter-evans/create-or-update-comment@v2
         with:
-         name: results
-         path: results_backup/
+          issue-number: ${{ github.event.pull_request.number }}
+          body: |
+            ## Resumo do Scan
 
-  
\ No newline at end of file
+            ### Resultados do Scan
+
+            | Repositório  | Status  | Tempo de Execução (segundos) |
+            |--------------|---------|------------------------------|
+            $(jq -r '.[] | "| \(.repo_name) | \(.scan_status) | \(.execution_time) |"' $GITHUB_WORKSPACE/results_backup/scan_results.json)

From 98cfee177b307a27ce461d720c18b8de6888430f Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 17:31:34 +0000
Subject: [PATCH 73/79] add comment to pr

---
 .github/workflows/bucket-upload.yaml | 34 ++++++++++++++++++++++------
 1 file changed, 27 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 4387852e..466997c2 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -6,14 +6,17 @@ jobs:
     runs-on: ubuntu-latest  
 
     steps:
+      # Checkout do repositório com a versão correta do commit
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           ref: ${{ github.event.pull_request.head.sha }}
       
+      # Configuração do Go
       - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
           go-version: "^1.22"
 
+      # Clonar o repositório 2ms e compilar
       - name: Clone 2ms Repository and Checkout Commit SHA
         run: |
           git clone https://github.com/checkmarx/2ms.git $GITHUB_WORKSPACE/2ms
@@ -23,6 +26,7 @@ jobs:
           go build -o $GITHUB_WORKSPACE/2ms/dist/2ms main.go
           chmod +x $GITHUB_WORKSPACE/2ms/dist/2ms
 
+      # Carregar os repositórios a partir do arquivo JSON e cloná-los
       - name: Load Repos from JSON and Clone Each Repo
         run: |
           curl -o /tmp/repos.json https://raw.githubusercontent.com/cx-miguel-neiva/2ms-github-action/main/repos.json
@@ -34,6 +38,7 @@ jobs:
             git clone "$repo_url" "$GITHUB_WORKSPACE/repos/$repo_name"
           done
 
+      # Rodar o scan para cada repositório e registrar resultados
       - name: Run 2ms Scan for each repo
         run: |
             mkdir -p $GITHUB_WORKSPACE/results
@@ -57,24 +62,27 @@ jobs:
               echo "{
                 \"repo_name\": \"$repo_name\",
                 \"scan_status\": \"$scan_status\",
-                \"execution_time\": \"$execution_time\"
-              }," >> $GITHUB_WORKSPACE/results/scan_results.json
+                \"execution_time\": \"$execution_time_formatted\"
+              }," >> $GITHUB_WORKSPACE/scan_results.json
             done
-            sed -i '$ s/,$//' $GITHUB_WORKSPACE/results/scan_results.json
-            echo "]" >> $GITHUB_WORKSPACE/results/scan_results.json
+            sed -i '$ s/,$//' $GITHUB_WORKSPACE/scan_results.json
+            echo "]" >> $GITHUB_WORKSPACE/scan_results.json
 
             cp -r $GITHUB_WORKSPACE/results $GITHUB_WORKSPACE/results_backup
 
+      # Definir variável com diretório de resultados
       - name: Get Results Directory
         id: get_results_dir
         run: |
           echo "results_dir=results" >> $GITHUB_ENV
 
+      # Obter versão do 2ms
       - name: Get 2ms Version
         id: get_twoms_version
         run: |
           echo "twoms_version=$(curl -s https://api.github.com/repos/checkmarx/2ms/releases/latest | jq -r '.tag_name')" >> $GITHUB_ENV
 
+      # Definir o caminho do destino do S3
       - name: Set S3 Destination Path
         id: set_s3_path
         run: |
@@ -88,6 +96,7 @@ jobs:
           echo "destination_dir=$DEST_DIR" >> $GITHUB_ENV
           echo "results_dir=${{ env.results_dir }}" >> $GITHUB_ENV
 
+      # Organizar os arquivos SARIF
       - name: Organize SARIF files
         run: |
           mkdir -p "${{ env.results_dir }}/pr-${{ github.event.number }}"
@@ -99,6 +108,7 @@ jobs:
             fi
           done
 
+      # Criar o arquivo de metadata
       - name: Create Metadata File
         run: |
           COMMIT_TIMESTAMP=$(git log -1 --format=%ct)
@@ -106,7 +116,7 @@ jobs:
           echo '{
             "seq": "'"${COMMIT_TIMESTAMP}"'",
             "tag": "'"${{ github.event.number }}"'",
-            "comment":"'"${{ github.event.pull_request.title }}"'",
+            "comment": "'"${{ github.event.pull_request.title }}"'",
             "commit": "'"${{ github.sha }}"'",
             "owner": "'"${{ github.actor }}"'",
             "branch": "'"${{ github.head_ref || github.ref_name }}"'",
@@ -114,6 +124,7 @@ jobs:
             "version": "'"${{ env.twoms_version }}"'"
           }' > "$METADATA_PATH"
 
+      # Subir os resultados para o S3
       - name: Upload results to S3
         run: |
           aws s3 cp --recursive "${{ env.results_dir }}/pr-${{ github.event.number }}" "s3://${{ secrets.CES_AWS_BUCKET }}/${{ env.destination_dir }}" \
@@ -122,7 +133,16 @@ jobs:
           AWS_ACCESS_KEY_ID: ${{ secrets.CES_BUCKET_AWS_ACCESS_KEY }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.CES_BUCKET_AWS_SECRET_ACCESS_KEY }}
 
-      - name: Create Comment on Pr
+      # Obter os resultados do scan para o comentário
+      - name: Get Scan Results for Comment
+        id: scan_results
+        run: |
+          # Formatar os resultados em uma tabela
+          result_table=$(jq -r '.[] | "| \(.repo_name) | \(.scan_status) | \(.execution_time) |"' $GITHUB_WORKSPACE/scan_results.json)
+          echo "result_table=$result_table" >> $GITHUB_ENV
+
+      # Criar o comentário no PR com o resumo dos resultados
+      - name: Criar Comentário no PR com Job Summary em Tabela
         uses: peter-evans/create-or-update-comment@v2
         with:
           issue-number: ${{ github.event.pull_request.number }}
@@ -133,4 +153,4 @@ jobs:
 
             | Repositório  | Status  | Tempo de Execução (segundos) |
             |--------------|---------|------------------------------|
-            $(jq -r '.[] | "| \(.repo_name) | \(.scan_status) | \(.execution_time) |"' $GITHUB_WORKSPACE/results_backup/scan_results.json)
+            ${{ env.result_table }}

From 905e2a25a926856ccdcfe3938fa1c98aafac96e3 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 17:35:44 +0000
Subject: [PATCH 74/79] add comment to pr

---
 .github/workflows/bucket-upload.yaml | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 466997c2..e34a41a5 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -133,15 +133,18 @@ jobs:
           AWS_ACCESS_KEY_ID: ${{ secrets.CES_BUCKET_AWS_ACCESS_KEY }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.CES_BUCKET_AWS_SECRET_ACCESS_KEY }}
 
-      # Obter os resultados do scan para o comentário
       - name: Get Scan Results for Comment
         id: scan_results
         run: |
-          # Formatar os resultados em uma tabela
-          result_table=$(jq -r '.[] | "| \(.repo_name) | \(.scan_status) | \(.execution_time) |"' $GITHUB_WORKSPACE/scan_results.json)
-          echo "result_table=$result_table" >> $GITHUB_ENV
+            # Formatar os resultados em uma tabela
+            result_table=$(jq -r '.[] | "| \(.repo_name) | \(.scan_status) | \(.execution_time) |"' $GITHUB_WORKSPACE/scan_results.json)
+        
+            # Adicionar a linha do cabeçalho da tabela
+            result_table="| Repositório  | Status  | Tempo de Execução (segundos) |\n|--------------|---------|------------------------------|\n$result_table"
+        
+            # Salvar a variável formatada na variável de ambiente
+            echo "result_table=$result_table" >> $GITHUB_ENV
 
-      # Criar o comentário no PR com o resumo dos resultados
       - name: Criar Comentário no PR com Job Summary em Tabela
         uses: peter-evans/create-or-update-comment@v2
         with:

From 4df60485fd09a430d94f07ecb0f6a0fe8032758b Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 17:43:24 +0000
Subject: [PATCH 75/79] Error fix

---
 .github/workflows/bucket-upload.yaml | 51 +++++++++-------------------
 1 file changed, 16 insertions(+), 35 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index e34a41a5..5ee777c7 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -6,17 +6,14 @@ jobs:
     runs-on: ubuntu-latest  
 
     steps:
-      # Checkout do repositório com a versão correta do commit
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           ref: ${{ github.event.pull_request.head.sha }}
-      
-      # Configuração do Go
+
       - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
           go-version: "^1.22"
 
-      # Clonar o repositório 2ms e compilar
       - name: Clone 2ms Repository and Checkout Commit SHA
         run: |
           git clone https://github.com/checkmarx/2ms.git $GITHUB_WORKSPACE/2ms
@@ -26,7 +23,6 @@ jobs:
           go build -o $GITHUB_WORKSPACE/2ms/dist/2ms main.go
           chmod +x $GITHUB_WORKSPACE/2ms/dist/2ms
 
-      # Carregar os repositórios a partir do arquivo JSON e cloná-los
       - name: Load Repos from JSON and Clone Each Repo
         run: |
           curl -o /tmp/repos.json https://raw.githubusercontent.com/cx-miguel-neiva/2ms-github-action/main/repos.json
@@ -38,26 +34,23 @@ jobs:
             git clone "$repo_url" "$GITHUB_WORKSPACE/repos/$repo_name"
           done
 
-      # Rodar o scan para cada repositório e registrar resultados
       - name: Run 2ms Scan for each repo
         run: |
             mkdir -p $GITHUB_WORKSPACE/results
             IFS=' ' read -r -a REPOS_ARRAY <<< "$repos"
-            
-            # Criando um arquivo para armazenar os resultados (status e tempo)
             touch $GITHUB_WORKSPACE/scan_results.json
             echo "[" > $GITHUB_WORKSPACE/scan_results.json
             for repo_url in "${REPOS_ARRAY[@]}"; do
               repo_name=$(basename "$repo_url" .git)
               result_sarif="$GITHUB_WORKSPACE/results/$repo_name.sarif"
-              start_time=$(date +%s.%N)   # Marca o início do tempo
+              start_time=$(date +%s.%N)
               if $GITHUB_WORKSPACE/2ms/dist/2ms filesystem --path "$GITHUB_WORKSPACE/repos/$repo_name" --ignore-on-exit results --report-path "$result_sarif"; then
                 scan_status="success"
               else
                 scan_status="failure"
               fi
-              end_time=$(date +%s.%N)  # Marca o tempo de término
-              execution_time=$(echo "$end_time - $start_time" | bc)  
+              end_time=$(date +%s.%N)
+              execution_time=$(echo "$end_time - $start_time" | bc)
               execution_time_formatted=$(printf "%.2f" "$execution_time")
               echo "{
                 \"repo_name\": \"$repo_name\",
@@ -67,22 +60,18 @@ jobs:
             done
             sed -i '$ s/,$//' $GITHUB_WORKSPACE/scan_results.json
             echo "]" >> $GITHUB_WORKSPACE/scan_results.json
-
             cp -r $GITHUB_WORKSPACE/results $GITHUB_WORKSPACE/results_backup
 
-      # Definir variável com diretório de resultados
       - name: Get Results Directory
         id: get_results_dir
         run: |
           echo "results_dir=results" >> $GITHUB_ENV
 
-      # Obter versão do 2ms
       - name: Get 2ms Version
         id: get_twoms_version
         run: |
           echo "twoms_version=$(curl -s https://api.github.com/repos/checkmarx/2ms/releases/latest | jq -r '.tag_name')" >> $GITHUB_ENV
 
-      # Definir o caminho do destino do S3
       - name: Set S3 Destination Path
         id: set_s3_path
         run: |
@@ -96,7 +85,6 @@ jobs:
           echo "destination_dir=$DEST_DIR" >> $GITHUB_ENV
           echo "results_dir=${{ env.results_dir }}" >> $GITHUB_ENV
 
-      # Organizar os arquivos SARIF
       - name: Organize SARIF files
         run: |
           mkdir -p "${{ env.results_dir }}/pr-${{ github.event.number }}"
@@ -108,7 +96,6 @@ jobs:
             fi
           done
 
-      # Criar o arquivo de metadata
       - name: Create Metadata File
         run: |
           COMMIT_TIMESTAMP=$(git log -1 --format=%ct)
@@ -124,7 +111,6 @@ jobs:
             "version": "'"${{ env.twoms_version }}"'"
           }' > "$METADATA_PATH"
 
-      # Subir os resultados para o S3
       - name: Upload results to S3
         run: |
           aws s3 cp --recursive "${{ env.results_dir }}/pr-${{ github.event.number }}" "s3://${{ secrets.CES_AWS_BUCKET }}/${{ env.destination_dir }}" \
@@ -133,27 +119,22 @@ jobs:
           AWS_ACCESS_KEY_ID: ${{ secrets.CES_BUCKET_AWS_ACCESS_KEY }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.CES_BUCKET_AWS_SECRET_ACCESS_KEY }}
 
+
       - name: Get Scan Results for Comment
         id: scan_results
         run: |
-            # Formatar os resultados em uma tabela
             result_table=$(jq -r '.[] | "| \(.repo_name) | \(.scan_status) | \(.execution_time) |"' $GITHUB_WORKSPACE/scan_results.json)
+            result_table="| Repository  | Status  | Execution Time (seconds) |\n|--------------|---------|----------------------------|\n$result_table"
+            echo "$result_table" > $GITHUB_WORKSPACE/scan_results_table.md
         
-            # Adicionar a linha do cabeçalho da tabela
-            result_table="| Repositório  | Status  | Tempo de Execução (segundos) |\n|--------------|---------|------------------------------|\n$result_table"
-        
-            # Salvar a variável formatada na variável de ambiente
-            echo "result_table=$result_table" >> $GITHUB_ENV
-
-      - name: Criar Comentário no PR com Job Summary em Tabela
+      - name: Create PR Comment with Job Summary 
         uses: peter-evans/create-or-update-comment@v2
         with:
-          issue-number: ${{ github.event.pull_request.number }}
-          body: |
-            ## Resumo do Scan
-
-            ### Resultados do Scan
-
-            | Repositório  | Status  | Tempo de Execução (segundos) |
-            |--------------|---------|------------------------------|
-            ${{ env.result_table }}
+            issue-number: ${{ github.event.pull_request.number }}
+            body: |
+              ## Scan Summary
+        
+              ### Scan Results
+        
+              $(cat $GITHUB_WORKSPACE/scan_results_table.md)
+        
\ No newline at end of file

From e408994880655dce4dde73e50154c3b052469e00 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Wed, 19 Mar 2025 17:47:42 +0000
Subject: [PATCH 76/79] Error fix

---
 .github/workflows/bucket-upload.yaml | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 5ee777c7..2f809b8a 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -126,6 +126,7 @@ jobs:
             result_table=$(jq -r '.[] | "| \(.repo_name) | \(.scan_status) | \(.execution_time) |"' $GITHUB_WORKSPACE/scan_results.json)
             result_table="| Repository  | Status  | Execution Time (seconds) |\n|--------------|---------|----------------------------|\n$result_table"
             echo "$result_table" > $GITHUB_WORKSPACE/scan_results_table.md
+            echo "scan_results_table_content=$(cat $GITHUB_WORKSPACE/scan_results_table.md)" >> $GITHUB_ENV
         
       - name: Create PR Comment with Job Summary 
         uses: peter-evans/create-or-update-comment@v2
@@ -133,8 +134,6 @@ jobs:
             issue-number: ${{ github.event.pull_request.number }}
             body: |
               ## Scan Summary
-        
-              ### Scan Results
-        
-              $(cat $GITHUB_WORKSPACE/scan_results_table.md)
+  
+              ${{ env.scan_results_table_content }}
         
\ No newline at end of file

From 61558475b2b22181d61bc6c2790c5576833b33f6 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Thu, 20 Mar 2025 10:23:47 +0000
Subject: [PATCH 77/79] Errror fix

---
 .github/workflows/bucket-upload.yaml | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 2f809b8a..3d7ecd97 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -126,14 +126,17 @@ jobs:
             result_table=$(jq -r '.[] | "| \(.repo_name) | \(.scan_status) | \(.execution_time) |"' $GITHUB_WORKSPACE/scan_results.json)
             result_table="| Repository  | Status  | Execution Time (seconds) |\n|--------------|---------|----------------------------|\n$result_table"
             echo "$result_table" > $GITHUB_WORKSPACE/scan_results_table.md
-            echo "scan_results_table_content=$(cat $GITHUB_WORKSPACE/scan_results_table.md)" >> $GITHUB_ENV
+            echo "SCAN_RESULTS<<EOF" >> $GITHUB_ENV
+            cat $GITHUB_WORKSPACE/scan_results_table.md >> $GITHUB_ENV
+            echo "EOF" >> $GITHUB_ENV
         
-      - name: Create PR Comment with Job Summary 
+      - name: Create PR Comment with Job Summary in Table
         uses: peter-evans/create-or-update-comment@v2
         with:
             issue-number: ${{ github.event.pull_request.number }}
             body: |
               ## Scan Summary
-  
-              ${{ env.scan_results_table_content }}
-        
\ No newline at end of file
+        
+              ### Scan Results
+        
+              ${{ env.SCAN_RESULTS }} 
\ No newline at end of file

From d676ac0ff1cc0775f6690d7430e6cb7962b454e0 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Thu, 20 Mar 2025 10:29:29 +0000
Subject: [PATCH 78/79] Errror fix table

---
 .github/workflows/bucket-upload.yaml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 3d7ecd97..02d0a36f 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -119,13 +119,12 @@ jobs:
           AWS_ACCESS_KEY_ID: ${{ secrets.CES_BUCKET_AWS_ACCESS_KEY }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.CES_BUCKET_AWS_SECRET_ACCESS_KEY }}
 
-
       - name: Get Scan Results for Comment
         id: scan_results
         run: |
-            result_table=$(jq -r '.[] | "| \(.repo_name) | \(.scan_status) | \(.execution_time) |"' $GITHUB_WORKSPACE/scan_results.json)
-            result_table="| Repository  | Status  | Execution Time (seconds) |\n|--------------|---------|----------------------------|\n$result_table"
-            echo "$result_table" > $GITHUB_WORKSPACE/scan_results_table.md
+            echo "| Repository | Status | Execution Time (seconds) |" > $GITHUB_WORKSPACE/scan_results_table.md
+            echo "|------------|--------|--------------------------|" >> $GITHUB_WORKSPACE/scan_results_table.md
+            jq -r '.[] | "| \(.repo_name) | \(.scan_status) | \(.execution_time) |"' $GITHUB_WORKSPACE/scan_results.json >> $GITHUB_WORKSPACE/scan_results_table.md
             echo "SCAN_RESULTS<<EOF" >> $GITHUB_ENV
             cat $GITHUB_WORKSPACE/scan_results_table.md >> $GITHUB_ENV
             echo "EOF" >> $GITHUB_ENV
@@ -135,8 +134,9 @@ jobs:
         with:
             issue-number: ${{ github.event.pull_request.number }}
             body: |
-              ## Scan Summary
+              ## 🛠 Scan Summary
         
-              ### Scan Results
+              ### 📋 Scan Results
         
-              ${{ env.SCAN_RESULTS }} 
\ No newline at end of file
+              ${{ env.SCAN_RESULTS }}
+        
\ No newline at end of file

From bdbe575644caa86148de34bdbc7125be0587eaf0 Mon Sep 17 00:00:00 2001
From: Miguel Neiva <miguel.neiva@checkmarx.com>
Date: Thu, 20 Mar 2025 10:34:37 +0000
Subject: [PATCH 79/79] Add green and red image for Table

---
 .github/workflows/bucket-upload.yaml | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/bucket-upload.yaml b/.github/workflows/bucket-upload.yaml
index 02d0a36f..0c3693c2 100644
--- a/.github/workflows/bucket-upload.yaml
+++ b/.github/workflows/bucket-upload.yaml
@@ -122,13 +122,17 @@ jobs:
       - name: Get Scan Results for Comment
         id: scan_results
         run: |
-            echo "| Repository | Status | Execution Time (seconds) |" > $GITHUB_WORKSPACE/scan_results_table.md
-            echo "|------------|--------|--------------------------|" >> $GITHUB_WORKSPACE/scan_results_table.md
-            jq -r '.[] | "| \(.repo_name) | \(.scan_status) | \(.execution_time) |"' $GITHUB_WORKSPACE/scan_results.json >> $GITHUB_WORKSPACE/scan_results_table.md
-            echo "SCAN_RESULTS<<EOF" >> $GITHUB_ENV
-            cat $GITHUB_WORKSPACE/scan_results_table.md >> $GITHUB_ENV
-            echo "EOF" >> $GITHUB_ENV
-        
+              echo "| Repository | Status | Execution Time (seconds) |" > $GITHUB_WORKSPACE/scan_results_table.md
+              echo "|------------|--------|--------------------------|" >> $GITHUB_WORKSPACE/scan_results_table.md
+              jq -r '
+              .[] | 
+              "| \(.repo_name) | " + 
+              (if .scan_status == "success" then "✅" else "❌" end) + 
+              " | \(.execution_time) |"' $GITHUB_WORKSPACE/scan_results.json >> $GITHUB_WORKSPACE/scan_results_table.md
+              echo "SCAN_RESULTS<<EOF" >> $GITHUB_ENV
+              cat $GITHUB_WORKSPACE/scan_results_table.md >> $GITHUB_ENV
+              echo "EOF" >> $GITHUB_ENV
+
       - name: Create PR Comment with Job Summary in Table
         uses: peter-evans/create-or-update-comment@v2
         with:
@@ -136,7 +140,6 @@ jobs:
             body: |
               ## 🛠 Scan Summary
         
-              ### 📋 Scan Results
         
               ${{ env.SCAN_RESULTS }}
         
\ No newline at end of file