From ab276f3d1c41aaa645cec9895d0280adba86cad4 Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sat, 19 Apr 2025 13:26:21 +0530
Subject: [PATCH 01/45] Create kics.yml

---
 .github/workflows/kics.yml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 .github/workflows/kics.yml

diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml
new file mode 100644
index 000000000..cea5ea204
--- /dev/null
+++ b/.github/workflows/kics.yml
@@ -0,0 +1,20 @@
+name: KICS IaC Scan
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  kics-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v3
+
+      - name: Run KICS Scan
+        uses: checkmarx/kics-github-action@v1.6
+        with:
+          path: '.'
+          output_path: 'kics_results'

From 150ee23252ecbc70d4e61811066e0f7f49f04653 Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sat, 19 Apr 2025 13:27:43 +0530
Subject: [PATCH 02/45] Create vorpal.yml

---
 .github/workflows/vorpal.yml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 .github/workflows/vorpal.yml

diff --git a/.github/workflows/vorpal.yml b/.github/workflows/vorpal.yml
new file mode 100644
index 000000000..61565d00f
--- /dev/null
+++ b/.github/workflows/vorpal.yml
@@ -0,0 +1,20 @@
+name: Vorpal Code Scan
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  vorpal-scan:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Run Vorpal Scan
+        uses: checkmarx/vorpal-action@v1
+        with:
+          path: '.'  # Path to source code

From 21f1cac2f7106d854811628ac36979c1a023f9e4 Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sat, 19 Apr 2025 13:28:28 +0530
Subject: [PATCH 03/45] Create 2ms.yml

---
 .github/workflows/2ms.yml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 .github/workflows/2ms.yml

diff --git a/.github/workflows/2ms.yml b/.github/workflows/2ms.yml
new file mode 100644
index 000000000..6ae0f80f0
--- /dev/null
+++ b/.github/workflows/2ms.yml
@@ -0,0 +1,20 @@
+name: Secret Detection - 2MS
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  secrets-detection:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Run 2MS
+        uses: checkmarx/tms-github-action@v1
+        with:
+          path: '.'  # Directory to scan

From 53aa2c1c50af0ecdfef116c83eb0e5ec2a1346f4 Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sat, 19 Apr 2025 13:40:08 +0530
Subject: [PATCH 04/45] Create open-sg.tf

---
 iac/open-sg.tf | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 iac/open-sg.tf

diff --git a/iac/open-sg.tf b/iac/open-sg.tf
new file mode 100644
index 000000000..b74d7a38c
--- /dev/null
+++ b/iac/open-sg.tf
@@ -0,0 +1,20 @@
+resource "aws_s3_bucket" "bad_example" {
+  bucket = "my-unsecure-bucket"
+  acl    = "public-read"  # Public access, flagged
+
+  tags = {
+    Name        = "PublicBucket"
+    Environment = "Dev"
+  }
+}
+
+resource "aws_security_group" "example" {
+  name        = "allow_all"
+  description = "Security group with open ports"
+  ingress {
+    from_port   = 0
+    to_port     = 65535
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]  # Open to the world
+  }
+}

From 365d054e0d649f3621fcd44d030e679a24ded114 Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sat, 19 Apr 2025 13:41:28 +0530
Subject: [PATCH 05/45] Create application.js

---
 vulnerable_code/application.js | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 vulnerable_code/application.js

diff --git a/vulnerable_code/application.js b/vulnerable_code/application.js
new file mode 100644
index 000000000..e95ae120d
--- /dev/null
+++ b/vulnerable_code/application.js
@@ -0,0 +1,14 @@
+const express = require('express');
+const app = express();
+const bodyParser = require('body-parser');
+app.use(bodyParser.urlencoded({ extended: true }));
+
+// Insecure eval usage
+app.post('/eval', (req, res) => {
+  const input = req.body.code;
+  eval(input);  // ❌ High severity
+  res.send("Evaluated input");
+});
+
+// Hardcoded password
+const dbPassword = "supersecretpassword";  // ❌ Should be flagged

From 6c5aef04a19872d5889fb680236ca6157a4de19b Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sat, 19 Apr 2025 13:42:19 +0530
Subject: [PATCH 06/45] Create secrets-db.env

---
 config/secrets-db.env | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 config/secrets-db.env

diff --git a/config/secrets-db.env b/config/secrets-db.env
new file mode 100644
index 000000000..e4d870e7a
--- /dev/null
+++ b/config/secrets-db.env
@@ -0,0 +1,5 @@
+AWS_SECRET_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE
+DB_PASSWORD=MyDbPassword123!
+SLACK_TOKEN=xoxb-1234-5678-abcdef
+PRIVATE_KEY=-----BEGIN RSA PRIVATE KEY-----
+sk_test_51H6jX...  # Stripe test key

From 8f4f970a789c1d14431efff7889bb06d4ae66c10 Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sat, 19 Apr 2025 13:47:13 +0530
Subject: [PATCH 07/45] Update README.md

---
 README.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/README.md b/README.md
index 6b3754fd0..cbdb69898 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,22 @@
+# Amadeus Security Demo – NodeGoat + Checkmarx OSS
+
+This repo demonstrates how Checkmarx open-source tools can elevate application security:
+
+- ✅ IaC Scan with **KICS** – Finds insecure cloud configs
+- ✅ Code Scan with **Vorpal** – Highlights insecure code patterns
+- ✅ Secret Detection with **2MS** – Detects hardcoded secrets
+
+### Files to Trigger Results
+
+| Tool     | Test File                              | Purpose                      |
+|----------|----------------------------------------|------------------------------|
+| KICS     | `iac/open-sg.tf`                       | Public S3, open ports        |
+| Vorpal   | `vulnerable_code/application.js`       | `eval()`     |
+| 2MS      | `config/secrets-db.env `               | tokens & passwords      |
+
+➡️ View results in the [Actions](../../actions) tab.
+
+
 # NodeGoat
 
 Being lightweight, fast, and scalable, Node.js is becoming a widely adopted platform for developing web applications. This project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

From f1afccdb0130b1a937a03df0cc0ecbb00a89f496 Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sat, 19 Apr 2025 13:56:37 +0530
Subject: [PATCH 08/45] Create test_secrets.js

---
 secrets/test_secrets.js | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 secrets/test_secrets.js

diff --git a/secrets/test_secrets.js b/secrets/test_secrets.js
new file mode 100644
index 000000000..0feff3a28
--- /dev/null
+++ b/secrets/test_secrets.js
@@ -0,0 +1,6 @@
+// This file contains fake but recognizable secrets for 2MS
+
+const aws_key = "AKIAIOSFODNN7EXAMPLE";           // AWS Access Key
+const stripe_key = "sk_test_51H6jX3y8YwD4Y";       // Stripe Test Key
+const github_token = "ghp_abcd1234efgh5678ijkl";   // GitHub Token
+const slack_token = "xoxb-1234-5678-abcd";         // Slack Bot Token

From 90d45cb2b984b64c1d9e18c07da32623ce117a95 Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sat, 19 Apr 2025 14:00:49 +0530
Subject: [PATCH 09/45] Update test_secrets.js

---
 secrets/test_secrets.js | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/secrets/test_secrets.js b/secrets/test_secrets.js
index 0feff3a28..16964cf06 100644
--- a/secrets/test_secrets.js
+++ b/secrets/test_secrets.js
@@ -1,6 +1,12 @@
 // This file contains fake but recognizable secrets for 2MS
+// These are fake but realistic secrets for testing 2MS
+
+const AWS_SECRET_ACCESS_KEY = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY";
+const STRIPE_API_KEY = "sk_live_51H6jX3y8YwD4Y0abcXYZabcXYZ1234567890";
+const GITHUB_TOKEN = "ghp_1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZabcd";
+const PRIVATE_KEY = `
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA7xyzEXAMPLEKEY...
+-----END RSA PRIVATE KEY-----
+`;
 
-const aws_key = "AKIAIOSFODNN7EXAMPLE";           // AWS Access Key
-const stripe_key = "sk_test_51H6jX3y8YwD4Y";       // Stripe Test Key
-const github_token = "ghp_abcd1234efgh5678ijkl";   // GitHub Token
-const slack_token = "xoxb-1234-5678-abcd";         // Slack Bot Token

From 915aee5d82d1e4db291a945c1c452fe46a48c77e Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sat, 19 Apr 2025 14:06:06 +0530
Subject: [PATCH 10/45] Update vorpal.yml

---
 .github/workflows/vorpal.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/vorpal.yml b/.github/workflows/vorpal.yml
index 61565d00f..c70e77800 100644
--- a/.github/workflows/vorpal.yml
+++ b/.github/workflows/vorpal.yml
@@ -18,3 +18,8 @@ jobs:
         uses: checkmarx/vorpal-action@v1
         with:
           path: '.'  # Path to source code
+
+      - name: Display Scan Results
+        run: |
+          echo "Vorpal Scan Output:"
+          cat /tmp/vorpal-report.json || echo "No report found"

From 710d6e0edc139c5fdf2a6bbc1dac0c51be48a45a Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sat, 19 Apr 2025 14:06:51 +0530
Subject: [PATCH 11/45] Update 2ms.yml

---
 .github/workflows/2ms.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/2ms.yml b/.github/workflows/2ms.yml
index 6ae0f80f0..c8cb1c52d 100644
--- a/.github/workflows/2ms.yml
+++ b/.github/workflows/2ms.yml
@@ -14,7 +14,12 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v3
 
-      - name: Run 2MS
+      - name: Run 2MS Secret Detection
         uses: checkmarx/tms-github-action@v1
         with:
           path: '.'  # Directory to scan
+
+      - name: Display Scan Results
+        run: |
+          echo "2MS Scan Output:"
+          cat /tmp/2ms-report.json || echo "No report found"

From 2d09886d7576e20231e50d4d48b53c2b71f65599 Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sat, 19 Apr 2025 14:07:32 +0530
Subject: [PATCH 12/45] Update kics.yml

---
 .github/workflows/kics.yml | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml
index cea5ea204..d6e490426 100644
--- a/.github/workflows/kics.yml
+++ b/.github/workflows/kics.yml
@@ -9,6 +9,7 @@ on:
 jobs:
   kics-scan:
     runs-on: ubuntu-latest
+
     steps:
       - name: Checkout Code
         uses: actions/checkout@v3
@@ -16,5 +17,10 @@ jobs:
       - name: Run KICS Scan
         uses: checkmarx/kics-github-action@v1.6
         with:
-          path: '.'
-          output_path: 'kics_results'
+          path: '.'  # Path to scan, this will scan the entire repo
+          output_path: 'kics_results'  # Path where results will be stored
+
+      - name: Display KICS Scan Results
+        run: |
+          echo "KICS Scan Output:"
+          cat kics_results/* || echo "No results found"

From 6a3196fdb4be15025cb554e53396f304fd4bd486 Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sat, 19 Apr 2025 14:10:16 +0530
Subject: [PATCH 13/45] Update open-sg.tf

---
 iac/open-sg.tf | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/iac/open-sg.tf b/iac/open-sg.tf
index b74d7a38c..2ba442335 100644
--- a/iac/open-sg.tf
+++ b/iac/open-sg.tf
@@ -18,3 +18,11 @@ resource "aws_security_group" "example" {
     cidr_blocks = ["0.0.0.0/0"]  # Open to the world
   }
 }
+provider "aws" {
+  region = "us-west-2"
+}
+
+resource "aws_s3_bucket" "my_insecure_bucket" {
+  bucket = "my-insecure-bucket"
+  acl    = "public-read"  # This will trigger an alert for an insecure configuration
+}

From 539458d6a0c7f82ee6fb65b71f72574628f25947 Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sat, 19 Apr 2025 14:27:57 +0530
Subject: [PATCH 14/45] Update application.js


From cd7d1a9ec82f19bfbbb6efb6c67bb91d68a5236b Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sat, 19 Apr 2025 17:10:35 +0530
Subject: [PATCH 15/45] Update 2ms.yml

---
 .github/workflows/2ms.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/2ms.yml b/.github/workflows/2ms.yml
index c8cb1c52d..6f7e26dd0 100644
--- a/.github/workflows/2ms.yml
+++ b/.github/workflows/2ms.yml
@@ -2,9 +2,9 @@ name: Secret Detection - 2MS
 
 on:
   push:
-    branches: [main]
+    branches: [master]
   pull_request:
-    branches: [main]
+    branches: [master]
 
 jobs:
   secrets-detection:

From 2425ed5426ea191c40611c4dc65b6ed9940183c2 Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sat, 19 Apr 2025 17:11:00 +0530
Subject: [PATCH 16/45] Update kics.yml

---
 .github/workflows/kics.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml
index d6e490426..9f98ec1ae 100644
--- a/.github/workflows/kics.yml
+++ b/.github/workflows/kics.yml
@@ -2,9 +2,9 @@ name: KICS IaC Scan
 
 on:
   push:
-    branches: [main]
+    branches: [master]
   pull_request:
-    branches: [main]
+    branches: [master]
 
 jobs:
   kics-scan:

From abd5f6d1364c6123d19502ec8a631d8ce7301573 Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sat, 19 Apr 2025 17:11:15 +0530
Subject: [PATCH 17/45] Update vorpal.yml

---
 .github/workflows/vorpal.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/vorpal.yml b/.github/workflows/vorpal.yml
index c70e77800..d5f29c2a2 100644
--- a/.github/workflows/vorpal.yml
+++ b/.github/workflows/vorpal.yml
@@ -2,9 +2,9 @@ name: Vorpal Code Scan
 
 on:
   push:
-    branches: [main]
+    branches: [master]
   pull_request:
-    branches: [main]
+    branches: [master]
 
 jobs:
   vorpal-scan:

From e9bf730e4d86ad6e3b7e6fa65a0789e51fead6e9 Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sat, 19 Apr 2025 17:18:13 +0530
Subject: [PATCH 18/45] Update app.json


From 2b538800c4bd03ee5639d356120baee8507f7bfc Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sat, 19 Apr 2025 17:23:03 +0530
Subject: [PATCH 19/45] Update vorpal.yml

---
 .github/workflows/vorpal.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/vorpal.yml b/.github/workflows/vorpal.yml
index d5f29c2a2..c75c6597c 100644
--- a/.github/workflows/vorpal.yml
+++ b/.github/workflows/vorpal.yml
@@ -15,7 +15,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Run Vorpal Scan
-        uses: checkmarx/vorpal-action@v1
+        uses: checkmarx/vorpal-reviewdog-github-action@v1.0.0
         with:
           path: '.'  # Path to source code
 

From 5d4bb74fd4839ab78af7ddb51a386f429f47120a Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sat, 19 Apr 2025 21:32:13 +0530
Subject: [PATCH 20/45] Update vorpal.yml

---
 .github/workflows/vorpal.yml | 34 ++++++++++++++++++----------------
 1 file changed, 18 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/vorpal.yml b/.github/workflows/vorpal.yml
index c75c6597c..4a8b15755 100644
--- a/.github/workflows/vorpal.yml
+++ b/.github/workflows/vorpal.yml
@@ -1,25 +1,27 @@
 name: Vorpal Code Scan
 
-on:
-  push:
-    branches: [master]
-  pull_request:
-    branches: [master]
+# on:
+#   push:
+#     branches: [master]
+#   pull_request:
+#     branches: [master]
+
+# name: vorpal-reviewdog
+
+on: [push]
 
 jobs:
-  vorpal-scan:
+  vorpal:
     runs-on: ubuntu-latest
-
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
-      - name: Run Vorpal Scan
+      - name: Vorpal with reviewdog
         uses: checkmarx/vorpal-reviewdog-github-action@v1.0.0
         with:
-          path: '.'  # Path to source code
-
-      - name: Display Scan Results
-        run: |
-          echo "Vorpal Scan Output:"
-          cat /tmp/vorpal-report.json || echo "No report found"
+          source_path: "."
+          filter_mode: nofilter
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          reporter: github-pr-check
+          level: error
+          fail_on_error: false

From 0a0c680c6d7dc25f0990670c29d1f69cde47819f Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sat, 19 Apr 2025 21:34:57 +0530
Subject: [PATCH 21/45] Update vorpal.yml

---
 .github/workflows/vorpal.yml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/vorpal.yml b/.github/workflows/vorpal.yml
index 4a8b15755..c39245841 100644
--- a/.github/workflows/vorpal.yml
+++ b/.github/workflows/vorpal.yml
@@ -8,7 +8,9 @@ name: Vorpal Code Scan
 
 # name: vorpal-reviewdog
 
-on: [push]
+on:
+  push:
+    branches: [master]  # Adjust this to your default branch
 
 jobs:
   vorpal:
@@ -19,8 +21,8 @@ jobs:
       - name: Vorpal with reviewdog
         uses: checkmarx/vorpal-reviewdog-github-action@v1.0.0
         with:
-          source_path: "."
-          filter_mode: nofilter
+          source_path: '**/*.java,**/*.py,**/*.js,**/*.cs'  # Adjust file patterns as needed
+          filter_mode: file
           github_token: ${{ secrets.GITHUB_TOKEN }}
           reporter: github-pr-check
           level: error

From 3eb64bed4e2d6887f8340da1a3fb615dc4d31db8 Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sat, 19 Apr 2025 21:38:48 +0530
Subject: [PATCH 22/45] Update vorpal.yml

---
 .github/workflows/vorpal.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/vorpal.yml b/.github/workflows/vorpal.yml
index c39245841..8f607d28c 100644
--- a/.github/workflows/vorpal.yml
+++ b/.github/workflows/vorpal.yml
@@ -21,7 +21,7 @@ jobs:
       - name: Vorpal with reviewdog
         uses: checkmarx/vorpal-reviewdog-github-action@v1.0.0
         with:
-          source_path: '**/*.java,**/*.py,**/*.js,**/*.cs'  # Adjust file patterns as needed
+          source_path: '**/*.py,**/*.js,**/*.cs'  # Adjust file patterns as needed
           filter_mode: file
           github_token: ${{ secrets.GITHUB_TOKEN }}
           reporter: github-pr-check

From 2e413466a3af6821415a146aacdc7dba760a6c05 Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sat, 19 Apr 2025 21:40:13 +0530
Subject: [PATCH 23/45] Update vorpal.yml

---
 .github/workflows/vorpal.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/vorpal.yml b/.github/workflows/vorpal.yml
index 8f607d28c..9513d7802 100644
--- a/.github/workflows/vorpal.yml
+++ b/.github/workflows/vorpal.yml
@@ -21,7 +21,7 @@ jobs:
       - name: Vorpal with reviewdog
         uses: checkmarx/vorpal-reviewdog-github-action@v1.0.0
         with:
-          source_path: '**/*.py,**/*.js,**/*.cs'  # Adjust file patterns as needed
+          source_path: '**/*.js'  # Adjust file patterns as needed
           filter_mode: file
           github_token: ${{ secrets.GITHUB_TOKEN }}
           reporter: github-pr-check

From 304df9d8e314fbf3292ed652c1db6684fb35036b Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sat, 19 Apr 2025 21:44:08 +0530
Subject: [PATCH 24/45] Update vorpal.yml

---
 .github/workflows/vorpal.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/vorpal.yml b/.github/workflows/vorpal.yml
index 9513d7802..2ffe34e98 100644
--- a/.github/workflows/vorpal.yml
+++ b/.github/workflows/vorpal.yml
@@ -21,7 +21,7 @@ jobs:
       - name: Vorpal with reviewdog
         uses: checkmarx/vorpal-reviewdog-github-action@v1.0.0
         with:
-          source_path: '**/*.js'  # Adjust file patterns as needed
+          source_path: '.'  # Adjust file patterns as needed
           filter_mode: file
           github_token: ${{ secrets.GITHUB_TOKEN }}
           reporter: github-pr-check

From 04bbc5134a8c683af18b3feb8556f97006f4fc3e Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sat, 19 Apr 2025 21:45:58 +0530
Subject: [PATCH 25/45] Update vorpal.yml

---
 .github/workflows/vorpal.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/vorpal.yml b/.github/workflows/vorpal.yml
index 2ffe34e98..e16bfac14 100644
--- a/.github/workflows/vorpal.yml
+++ b/.github/workflows/vorpal.yml
@@ -21,7 +21,7 @@ jobs:
       - name: Vorpal with reviewdog
         uses: checkmarx/vorpal-reviewdog-github-action@v1.0.0
         with:
-          source_path: '.'  # Adjust file patterns as needed
+          source_path: '**'  # Adjust file patterns as needed
           filter_mode: file
           github_token: ${{ secrets.GITHUB_TOKEN }}
           reporter: github-pr-check

From 74cb2dd590594982b4ea16913c25b03a142c88e4 Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sat, 19 Apr 2025 21:46:44 +0530
Subject: [PATCH 26/45] Update vorpal.yml

---
 .github/workflows/vorpal.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/vorpal.yml b/.github/workflows/vorpal.yml
index e16bfac14..7b1419d32 100644
--- a/.github/workflows/vorpal.yml
+++ b/.github/workflows/vorpal.yml
@@ -21,7 +21,7 @@ jobs:
       - name: Vorpal with reviewdog
         uses: checkmarx/vorpal-reviewdog-github-action@v1.0.0
         with:
-          source_path: '**'  # Adjust file patterns as needed
+          source_path: '**/'  # Adjust file patterns as needed
           filter_mode: file
           github_token: ${{ secrets.GITHUB_TOKEN }}
           reporter: github-pr-check

From d4a822d5ea46d8df1ae588edc64dc72db903e1f6 Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sat, 19 Apr 2025 21:52:22 +0530
Subject: [PATCH 27/45] Update vorpal.yml

---
 .github/workflows/vorpal.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/vorpal.yml b/.github/workflows/vorpal.yml
index 7b1419d32..382c80c0e 100644
--- a/.github/workflows/vorpal.yml
+++ b/.github/workflows/vorpal.yml
@@ -21,7 +21,7 @@ jobs:
       - name: Vorpal with reviewdog
         uses: checkmarx/vorpal-reviewdog-github-action@v1.0.0
         with:
-          source_path: '**/'  # Adjust file patterns as needed
+          source_path: 'app/assets/js/chart/chart-data-morris.js,app/assets/js/tour/redirects-steps.js, app/data/allocations-dao.js, app/data/benefits-dao.js, app/data/contributions-dao.js, app/data/memos-dao.js, app/data/profile-dao.js, app/data/research-dao.js, app/data/user-dao.js'      # Adjust file patterns as needed
           filter_mode: file
           github_token: ${{ secrets.GITHUB_TOKEN }}
           reporter: github-pr-check

From fb237ce0da48f21a451baaf78d3948c274c4ae8b Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sat, 19 Apr 2025 21:54:41 +0530
Subject: [PATCH 28/45] Update vorpal.yml

---
 .github/workflows/vorpal.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/vorpal.yml b/.github/workflows/vorpal.yml
index 382c80c0e..44a951b4d 100644
--- a/.github/workflows/vorpal.yml
+++ b/.github/workflows/vorpal.yml
@@ -21,7 +21,7 @@ jobs:
       - name: Vorpal with reviewdog
         uses: checkmarx/vorpal-reviewdog-github-action@v1.0.0
         with:
-          source_path: 'app/assets/js/chart/chart-data-morris.js,app/assets/js/tour/redirects-steps.js, app/data/allocations-dao.js, app/data/benefits-dao.js, app/data/contributions-dao.js, app/data/memos-dao.js, app/data/profile-dao.js, app/data/research-dao.js, app/data/user-dao.js'      # Adjust file patterns as needed
+          source_path: 'app/assets/js/chart/chart-data-morris.js,app/assets/js/tour/redirects-steps.js,app/data/allocations-dao.js,app/data/benefits-dao.js,app/data/contributions-dao.js,app/data/memos-dao.js,app/data/profile-dao.js,app/data/research-dao.js,app/data/user-dao.js'      # Adjust file patterns as needed
           filter_mode: file
           github_token: ${{ secrets.GITHUB_TOKEN }}
           reporter: github-pr-check

From e13e49974b23a56a0de28d1482128250497d0fde Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sat, 19 Apr 2025 21:56:29 +0530
Subject: [PATCH 29/45] Update vorpal.yml

---
 .github/workflows/vorpal.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/vorpal.yml b/.github/workflows/vorpal.yml
index 44a951b4d..f554516dc 100644
--- a/.github/workflows/vorpal.yml
+++ b/.github/workflows/vorpal.yml
@@ -21,7 +21,7 @@ jobs:
       - name: Vorpal with reviewdog
         uses: checkmarx/vorpal-reviewdog-github-action@v1.0.0
         with:
-          source_path: 'app/assets/js/chart/chart-data-morris.js,app/assets/js/tour/redirects-steps.js,app/data/allocations-dao.js,app/data/benefits-dao.js,app/data/contributions-dao.js,app/data/memos-dao.js,app/data/profile-dao.js,app/data/research-dao.js,app/data/user-dao.js'      # Adjust file patterns as needed
+          source_path: 'app/assets/js/chart/chart-data-morris.js,app/assets/js/tour/redirects-steps.js,app/data/allocations-dao.js,app/data/benefits-dao.js,app/data/contributions-dao.js,app/data/memos-dao.js,app/data/profile-dao.js,app/data/research-dao.js,app/data/user-dao.js,vulnerable_code/application.js'      # Adjust file patterns as needed
           filter_mode: file
           github_token: ${{ secrets.GITHUB_TOKEN }}
           reporter: github-pr-check

From 34598db04041cc3e60e216da35e715db349550ca Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sat, 19 Apr 2025 22:11:52 +0530
Subject: [PATCH 30/45] Update vorpal.yml

---
 .github/workflows/vorpal.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/vorpal.yml b/.github/workflows/vorpal.yml
index f554516dc..0d03768fe 100644
--- a/.github/workflows/vorpal.yml
+++ b/.github/workflows/vorpal.yml
@@ -27,3 +27,9 @@ jobs:
           reporter: github-pr-check
           level: error
           fail_on_error: false
+
+      - name: Display Vorpal Scan Results
+        if: always()
+        run: |
+          echo "Vorpal Scan Results:"
+          cat /github/workspace/result.errorformat || echo "No issues found."

From a17bc6e2d7d8aaffa0c70608ff27d86c616f0ae9 Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sun, 20 Apr 2025 05:17:33 +0530
Subject: [PATCH 31/45] Update vorpal.yml

---
 .github/workflows/vorpal.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/vorpal.yml b/.github/workflows/vorpal.yml
index 0d03768fe..d55c3c60f 100644
--- a/.github/workflows/vorpal.yml
+++ b/.github/workflows/vorpal.yml
@@ -21,7 +21,7 @@ jobs:
       - name: Vorpal with reviewdog
         uses: checkmarx/vorpal-reviewdog-github-action@v1.0.0
         with:
-          source_path: 'app/assets/js/chart/chart-data-morris.js,app/assets/js/tour/redirects-steps.js,app/data/allocations-dao.js,app/data/benefits-dao.js,app/data/contributions-dao.js,app/data/memos-dao.js,app/data/profile-dao.js,app/data/research-dao.js,app/data/user-dao.js,vulnerable_code/application.js'      # Adjust file patterns as needed
+          source_path: 'app/assets/js/chart/chart-data-morris.js,app/assets/js/tour/redirects-steps.js,app/data/allocations-dao.js,app/data/benefits-dao.js,app/data/contributions-dao.js,app/data/memos-dao.js,app/data/profile-dao.js,app/data/research-dao.js,app/data/user-dao.js,vulnerable_code/application.js,vulnerable_code/vulns.js'      # Adjust file patterns as needed
           filter_mode: file
           github_token: ${{ secrets.GITHUB_TOKEN }}
           reporter: github-pr-check

From 89844f3b2b34e697b96050cb22977756a50abb4e Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sun, 20 Apr 2025 05:30:04 +0530
Subject: [PATCH 32/45] Create vulns.js

adding vuln file
---
 vulnerable_code/vulns.js | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 vulnerable_code/vulns.js

diff --git a/vulnerable_code/vulns.js b/vulnerable_code/vulns.js
new file mode 100644
index 000000000..ff56f2e4a
--- /dev/null
+++ b/vulnerable_code/vulns.js
@@ -0,0 +1,16 @@
+const express = require('express');
+const app = express();
+
+app.get('/user/:id', function(req, res) {
+  const userId = req.params.id;
+  // Potential SQL Injection vulnerability
+  const query = "SELECT * FROM users WHERE id = '" + userId + "'";
+  db.query(query, function(err, result) {
+    if (err) throw err;
+    res.send(result);
+  });
+});
+
+app.listen(3000, () => {
+  console.log('Server is running on port 3000');
+});

From 31399bda3d955560b57f05a069241376d42661af Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sun, 20 Apr 2025 05:38:33 +0530
Subject: [PATCH 33/45] Update vulns.js

---
 vulnerable_code/vulns.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/vulnerable_code/vulns.js b/vulnerable_code/vulns.js
index ff56f2e4a..89fd94f02 100644
--- a/vulnerable_code/vulns.js
+++ b/vulnerable_code/vulns.js
@@ -14,3 +14,4 @@ app.get('/user/:id', function(req, res) {
 app.listen(3000, () => {
   console.log('Server is running on port 3000');
 });
+#yes_done

From 696a5d3ed20fa1dedc85fc93a4e1226c76b742fd Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sun, 20 Apr 2025 05:46:30 +0530
Subject: [PATCH 34/45] Update vorpal.yml

---
 .github/workflows/vorpal.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/vorpal.yml b/.github/workflows/vorpal.yml
index d55c3c60f..e40ec43d0 100644
--- a/.github/workflows/vorpal.yml
+++ b/.github/workflows/vorpal.yml
@@ -11,10 +11,15 @@ name: Vorpal Code Scan
 on:
   push:
     branches: [master]  # Adjust this to your default branch
+  pull_request:
+    branches: [master] 
 
 jobs:
   vorpal:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
     steps:
       - uses: actions/checkout@v4
 

From 42d1b71242fc623d0b6b416aaf94750e69c700cd Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sun, 20 Apr 2025 06:19:46 +0530
Subject: [PATCH 35/45] Update 2ms.yml

---
 .github/workflows/2ms.yml | 30 +++++++++++++++++-------------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/2ms.yml b/.github/workflows/2ms.yml
index 6f7e26dd0..e8988d35c 100644
--- a/.github/workflows/2ms.yml
+++ b/.github/workflows/2ms.yml
@@ -1,25 +1,29 @@
-name: Secret Detection - 2MS
+name: Pipeline Example With 2MS
 
 on:
-  push:
-    branches: [master]
   pull_request:
+  workflow_dispatch:
+  push:
     branches: [master]
 
 jobs:
-  secrets-detection:
+  test:
     runs-on: ubuntu-latest
-
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
-
-      - name: Run 2MS Secret Detection
-        uses: checkmarx/tms-github-action@v1
+        uses: actions/checkout@v4
         with:
-          path: '.'  # Directory to scan
+          fetch-depth: 0
 
-      - name: Display Scan Results
+      - name: Run 2ms Scan
         run: |
-          echo "2MS Scan Output:"
-          cat /tmp/2ms-report.json || echo "No report found"
+          docker run -v $(pwd):/repo checkmarx/2ms:2.8.1 git /repo > 2ms_results.txt
+          cat 2ms_results.txt
+
+          # Optional: fail if HIGH severity issues are found
+          if grep -q "HIGH" 2ms_results.txt; then
+            echo "❌ High severity issues found!"
+            exit 1
+          else
+            echo "✅ No high severity issues found."
+          fi

From d5fc7d2bc2d4b228c3a920ff409ec675d97f86d3 Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sun, 20 Apr 2025 06:22:23 +0530
Subject: [PATCH 36/45] Update test_secrets.js

---
 secrets/test_secrets.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/secrets/test_secrets.js b/secrets/test_secrets.js
index 16964cf06..dc9d34405 100644
--- a/secrets/test_secrets.js
+++ b/secrets/test_secrets.js
@@ -9,4 +9,5 @@ const PRIVATE_KEY = `
 MIIEpAIBAAKCAQEA7xyzEXAMPLEKEY...
 -----END RSA PRIVATE KEY-----
 `;
+#done
 

From 953184fc5def6a5d360505a6aae46e9b76141a8f Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sun, 20 Apr 2025 06:27:14 +0530
Subject: [PATCH 37/45] Update 2ms.yml

---
 .github/workflows/2ms.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/2ms.yml b/.github/workflows/2ms.yml
index e8988d35c..8ea6f140b 100644
--- a/.github/workflows/2ms.yml
+++ b/.github/workflows/2ms.yml
@@ -17,9 +17,10 @@ jobs:
 
       - name: Run 2ms Scan
         run: |
-          docker run -v $(pwd):/repo checkmarx/2ms:2.8.1 git /repo > 2ms_results.txt
+          docker run -v $(pwd):/repo checkmarx/2ms:2.8.1 git /repo > 2ms_results.txt 2>&1
+          echo "=== 2MS Scan Results ==="
           cat 2ms_results.txt
-
+          
           # Optional: fail if HIGH severity issues are found
           if grep -q "HIGH" 2ms_results.txt; then
             echo "❌ High severity issues found!"

From 9886297c87f849adaac59639eb32281731d44cb6 Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sun, 20 Apr 2025 06:35:11 +0530
Subject: [PATCH 38/45] Update 2ms.yml

---
 .github/workflows/2ms.yml | 25 ++++++++++++++++++++++---
 1 file changed, 22 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/2ms.yml b/.github/workflows/2ms.yml
index 8ea6f140b..2b741645a 100644
--- a/.github/workflows/2ms.yml
+++ b/.github/workflows/2ms.yml
@@ -15,12 +15,31 @@ jobs:
         with:
           fetch-depth: 0
 
+      # - name: Run 2ms Scan
+      #   run: |
+      #     docker run -v $(pwd):/repo checkmarx/2ms:2.8.1 git /repo > 2ms_results.txt 2>&1
+      #     echo "=== 2MS Scan Results ==="
+      #     cat 2ms_results.txt
+          
+      #     # Optional: fail if HIGH severity issues are found
+      #     if grep -q "HIGH" 2ms_results.txt; then
+      #       echo "❌ High severity issues found!"
+      #       exit 1
+      #     else
+      #       echo "✅ No high severity issues found."
+      #     fi
       - name: Run 2ms Scan
         run: |
+          echo "🔍 Running Checkmarx 2MS Scan..."
           docker run -v $(pwd):/repo checkmarx/2ms:2.8.1 git /repo > 2ms_results.txt 2>&1
-          echo "=== 2MS Scan Results ==="
-          cat 2ms_results.txt
-          
+            
+          echo "=== 🧾 2MS Scan Results ==="
+          if [ -s 2ms_results.txt ]; then
+            cat 2ms_results.txt
+          else
+            echo "⚠️ No output from 2MS. Something might be wrong."
+          fi
+            
           # Optional: fail if HIGH severity issues are found
           if grep -q "HIGH" 2ms_results.txt; then
             echo "❌ High severity issues found!"

From 79140db7d24276ee0cddf40b95842dab2163a323 Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sun, 20 Apr 2025 06:38:38 +0530
Subject: [PATCH 39/45] Update 2ms.yml

---
 .github/workflows/2ms.yml | 23 ++++++-----------------
 1 file changed, 6 insertions(+), 17 deletions(-)

diff --git a/.github/workflows/2ms.yml b/.github/workflows/2ms.yml
index 2b741645a..e0aedfa06 100644
--- a/.github/workflows/2ms.yml
+++ b/.github/workflows/2ms.yml
@@ -30,20 +30,9 @@ jobs:
       #     fi
       - name: Run 2ms Scan
         run: |
-          echo "🔍 Running Checkmarx 2MS Scan..."
-          docker run -v $(pwd):/repo checkmarx/2ms:2.8.1 git /repo > 2ms_results.txt 2>&1
-            
-          echo "=== 🧾 2MS Scan Results ==="
-          if [ -s 2ms_results.txt ]; then
-            cat 2ms_results.txt
-          else
-            echo "⚠️ No output from 2MS. Something might be wrong."
-          fi
-            
-          # Optional: fail if HIGH severity issues are found
-          if grep -q "HIGH" 2ms_results.txt; then
-            echo "❌ High severity issues found!"
-            exit 1
-          else
-            echo "✅ No high severity issues found."
-          fi
+           echo "🔍 Running Checkmarx 2MS Scan..."
+           echo "📁 Current workspace: $GITHUB_WORKSPACE"
+           ls -R "$GITHUB_WORKSPACE"
+
+           echo "🚀 Launching Docker scan..."
+           docker run -v "$GITHUB_WORKSPACE:/repo" checkmarx/2ms:2.8.1 git /repo

From ef9d9d2854540e84b436775de4470428c55d71f1 Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sun, 20 Apr 2025 06:43:36 +0530
Subject: [PATCH 40/45] Update 2ms.yml

---
 .github/workflows/2ms.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/2ms.yml b/.github/workflows/2ms.yml
index e0aedfa06..f244cafe9 100644
--- a/.github/workflows/2ms.yml
+++ b/.github/workflows/2ms.yml
@@ -35,4 +35,4 @@ jobs:
            ls -R "$GITHUB_WORKSPACE"
 
            echo "🚀 Launching Docker scan..."
-           docker run -v "$GITHUB_WORKSPACE:/repo" checkmarx/2ms:2.8.1 git /repo
+           docker run -v "$GITHUB_WORKSPACE:/repo" checkmarx/2ms:2.8.1 git --exclude node_modules /repo

From 902c66058dcdcefdbc50a395e81dbc1da36446ea Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sun, 20 Apr 2025 06:45:43 +0530
Subject: [PATCH 41/45] Update 2ms.yml

---
 .github/workflows/2ms.yml | 32 ++++++++++++++++++++++++++------
 1 file changed, 26 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/2ms.yml b/.github/workflows/2ms.yml
index f244cafe9..a1c2fcd37 100644
--- a/.github/workflows/2ms.yml
+++ b/.github/workflows/2ms.yml
@@ -28,11 +28,31 @@ jobs:
       #     else
       #       echo "✅ No high severity issues found."
       #     fi
+      
+      # - name: Run 2ms Scan
+      #   run: |
+      #      echo "🔍 Running Checkmarx 2MS Scan..."
+      #      echo "📁 Current workspace: $GITHUB_WORKSPACE"
+      #      ls -R "$GITHUB_WORKSPACE"
+
+      #      echo "🚀 Launching Docker scan..."
+      #      docker run -v "$GITHUB_WORKSPACE:/repo" checkmarx/2ms:2.8.1 git --exclude node_modules /repo
+
       - name: Run 2ms Scan
         run: |
-           echo "🔍 Running Checkmarx 2MS Scan..."
-           echo "📁 Current workspace: $GITHUB_WORKSPACE"
-           ls -R "$GITHUB_WORKSPACE"
-
-           echo "🚀 Launching Docker scan..."
-           docker run -v "$GITHUB_WORKSPACE:/repo" checkmarx/2ms:2.8.1 git --exclude node_modules /repo
+          echo "🔍 Running Checkmarx 2MS Scan..."
+          docker run -v "$GITHUB_WORKSPACE:/repo" checkmarx/2ms:2.8.1 git /repo > 2ms_results.txt 2>&1
+      
+          echo -e "\n=== 🧾 2MS Scan Results ==="
+          cat 2ms_results.txt || echo "⚠️ No output from 2MS"
+      
+          echo -e "\n=== 🔍 Summary ==="
+          grep -E 'ruleid:' 2ms_results.txt || echo "✅ No rule hits found."
+      
+          # Optional: fail the job if secrets were found
+          if grep -q 'ruleid:' 2ms_results.txt; then
+            echo "❌ Secrets detected by 2MS!"
+            exit 1
+          else
+            echo "✅ No secrets detected."
+          fi

From ac3b2d859922db45529d4fd7305d77b94232775f Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sun, 20 Apr 2025 06:49:37 +0530
Subject: [PATCH 42/45] Update 2ms.yml

---
 .github/workflows/2ms.yml | 23 +++++++----------------
 1 file changed, 7 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/2ms.yml b/.github/workflows/2ms.yml
index a1c2fcd37..2653ce8cd 100644
--- a/.github/workflows/2ms.yml
+++ b/.github/workflows/2ms.yml
@@ -38,21 +38,12 @@ jobs:
       #      echo "🚀 Launching Docker scan..."
       #      docker run -v "$GITHUB_WORKSPACE:/repo" checkmarx/2ms:2.8.1 git --exclude node_modules /repo
 
-      - name: Run 2ms Scan
+      - name: Run 2ms Scan (debug mode, no redirect)
         run: |
           echo "🔍 Running Checkmarx 2MS Scan..."
-          docker run -v "$GITHUB_WORKSPACE:/repo" checkmarx/2ms:2.8.1 git /repo > 2ms_results.txt 2>&1
-      
-          echo -e "\n=== 🧾 2MS Scan Results ==="
-          cat 2ms_results.txt || echo "⚠️ No output from 2MS"
-      
-          echo -e "\n=== 🔍 Summary ==="
-          grep -E 'ruleid:' 2ms_results.txt || echo "✅ No rule hits found."
-      
-          # Optional: fail the job if secrets were found
-          if grep -q 'ruleid:' 2ms_results.txt; then
-            echo "❌ Secrets detected by 2MS!"
-            exit 1
-          else
-            echo "✅ No secrets detected."
-          fi
+          echo "📁 Workspace path: $GITHUB_WORKSPACE"
+          ls -la "$GITHUB_WORKSPACE"
+  
+          echo "🚀 Running 2MS without redirection..."
+          docker run -v "$GITHUB_WORKSPACE:/repo" checkmarx/2ms:2.8.1 git /repo
+

From 099e08bed82ce70bc3cb200d7f56db0e8e9ae58f Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sun, 20 Apr 2025 06:59:18 +0530
Subject: [PATCH 43/45] Update 2ms.yml

---
 .github/workflows/2ms.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/2ms.yml b/.github/workflows/2ms.yml
index 2653ce8cd..912f0d00e 100644
--- a/.github/workflows/2ms.yml
+++ b/.github/workflows/2ms.yml
@@ -45,5 +45,6 @@ jobs:
           ls -la "$GITHUB_WORKSPACE"
   
           echo "🚀 Running 2MS without redirection..."
-          docker run -v "$GITHUB_WORKSPACE:/repo" checkmarx/2ms:2.8.1 git /repo
+          # docker run -v "$GITHUB_WORKSPACE:/repo" checkmarx/2ms:2.8.1 git /repo
+          docker run -v "$GITHUB_WORKSPACE:/repo" checkmarx/2ms:2.8.1 path /repo
 

From 42384b003ee3526155d2c90f899c9228bae4d068 Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Sun, 20 Apr 2025 07:01:46 +0530
Subject: [PATCH 44/45] Update 2ms.yml

---
 .github/workflows/2ms.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/2ms.yml b/.github/workflows/2ms.yml
index 912f0d00e..2653ce8cd 100644
--- a/.github/workflows/2ms.yml
+++ b/.github/workflows/2ms.yml
@@ -45,6 +45,5 @@ jobs:
           ls -la "$GITHUB_WORKSPACE"
   
           echo "🚀 Running 2MS without redirection..."
-          # docker run -v "$GITHUB_WORKSPACE:/repo" checkmarx/2ms:2.8.1 git /repo
-          docker run -v "$GITHUB_WORKSPACE:/repo" checkmarx/2ms:2.8.1 path /repo
+          docker run -v "$GITHUB_WORKSPACE:/repo" checkmarx/2ms:2.8.1 git /repo
 

From 639bc2ac1c89a27e87715c3f9ed1b3fc0f562908 Mon Sep 17 00:00:00 2001
From: lingala-sivasaireddy <lingala.sivasaireddy@gmail.com>
Date: Mon, 21 Apr 2025 20:48:12 +0530
Subject: [PATCH 45/45] Update vulns.js

---
 vulnerable_code/vulns.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vulnerable_code/vulns.js b/vulnerable_code/vulns.js
index 89fd94f02..d992d0d4d 100644
--- a/vulnerable_code/vulns.js
+++ b/vulnerable_code/vulns.js
@@ -14,4 +14,4 @@ app.get('/user/:id', function(req, res) {
 app.listen(3000, () => {
   console.log('Server is running on port 3000');
 });
-#yes_done
+#yes_done_done