From 70dbf0adb291ed82e5d0e189738a3fe47b15d4e3 Mon Sep 17 00:00:00 2001
From: Asutosh <asutosh@tyk.io>
Date: Fri, 5 Dec 2025 20:53:26 +0530
Subject: [PATCH 1/4] Add debug for debugging cli issues

Signed-off-by: Asutosh <asutosh@tyk.io>
---
 .github/workflows/s1-cns-scan.yml | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/s1-cns-scan.yml b/.github/workflows/s1-cns-scan.yml
index d7dec10..2c677b9 100644
--- a/.github/workflows/s1-cns-scan.yml
+++ b/.github/workflows/s1-cns-scan.yml
@@ -60,7 +60,7 @@ jobs:
           fetch-depth: 0
 
       - name: Configure SentinelOne Shift Left CLI
-        run: s1-cns-cli config --service-user-api-token "$S1_TOKEN" --management-console-url "$CONSOLE_URL" --scope-type "$SCOPE_TYPE" --scope-id "$SCOPE_ID" --tag "$TAG"
+        run: s1-cns-cli config --debug --service-user-api-token "$S1_TOKEN" --management-console-url "$CONSOLE_URL" --scope-type "$SCOPE_TYPE" --scope-id "$SCOPE_ID" --tag "$TAG"
         env:
           S1_TOKEN: ${{ secrets.S1_API_TOKEN  }}
           CONSOLE_URL: ${{ secrets.CONSOLE_URL }}
@@ -77,21 +77,24 @@ jobs:
         # only available on pull requests.
         if: github.event_name  == 'pull_request' && inputs.secrets_enabled
         id: secret-detector
-        run: s1-cns-cli scan secret -d "$PWD" --pull-request "$SRC" "$DEST" --repo-full-name "$REPO_FULL_NAME"  --repo-url "$REPO_URL/$REPO_FULL_NAME" --provider GITHUB --publish-result
+        run: s1-cns-cli scan --debug secret -d "$PWD" --pull-request "$SRC" "$DEST" --repo-full-name "$REPO_FULL_NAME"  --repo-url "$REPO_URL/$REPO_FULL_NAME" --provider GITHUB --publish-result
         env:
+          GODEBUG: http2debug=1
           DEST: ${{ github.event.pull_request.base.sha }}
           SRC: ${{ github.event.pull_request.head.sha }}
 
       - name: Run IaC Scanner
         if: inputs.iac_enabled
-        run: s1-cns-cli scan iac -d "$PWD" --repo-full-name "$REPO_FULL_NAME"  --repo-url "$REPO_URL/$REPO_FULL_NAME" --branch "$BRANCH" --provider GITHUB --publish-result
+        run: s1-cns-cli scan iac --debug -d "$PWD" --repo-full-name "$REPO_FULL_NAME"  --repo-url "$REPO_URL/$REPO_FULL_NAME" --branch "$BRANCH" --provider GITHUB --publish-result
         id: iac-scanner
         env:
+          GODEBUG: http2debug=1
           BRANCH: ${{ github.head_ref || github.ref_name }}
 
       - name: Run Vulnerability Scanner
         if: inputs.vuln_enabled
         id: vuln-scanner
-        run: s1-cns-cli scan vuln --repo-full-name "$REPO_FULL_NAME" ${{ inputs.skip_paths != '' && '--skip-paths "$SKIP_PATHS"' || '' }} -d "$PWD"
+        run: s1-cns-cli scan vuln --debug --repo-full-name "$REPO_FULL_NAME" ${{ inputs.skip_paths != '' && '--skip-paths "$SKIP_PATHS"' || '' }} -d "$PWD"
         env:
+          GODEBUG: http2debug=1
           SKIP_PATHS: ${{ inputs.skip_paths }}

From 359898f97c381cf688fbcdcbfdac8d46942b5a24 Mon Sep 17 00:00:00 2001
From: Asutosh <1187055+asutosh@users.noreply.github.com>
Date: Mon, 8 Dec 2025 12:54:29 +0530
Subject: [PATCH 2/4] Fix debug flag position

---
 .github/workflows/s1-cns-scan.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/s1-cns-scan.yml b/.github/workflows/s1-cns-scan.yml
index 2c677b9..994454c 100644
--- a/.github/workflows/s1-cns-scan.yml
+++ b/.github/workflows/s1-cns-scan.yml
@@ -77,7 +77,7 @@ jobs:
         # only available on pull requests.
         if: github.event_name  == 'pull_request' && inputs.secrets_enabled
         id: secret-detector
-        run: s1-cns-cli scan --debug secret -d "$PWD" --pull-request "$SRC" "$DEST" --repo-full-name "$REPO_FULL_NAME"  --repo-url "$REPO_URL/$REPO_FULL_NAME" --provider GITHUB --publish-result
+        run: s1-cns-cli scan secret --debug -d "$PWD" --pull-request "$SRC" "$DEST" --repo-full-name "$REPO_FULL_NAME"  --repo-url "$REPO_URL/$REPO_FULL_NAME" --provider GITHUB --publish-result
         env:
           GODEBUG: http2debug=1
           DEST: ${{ github.event.pull_request.base.sha }}

From c9fa5e5934dbcb364a202e67099bd22224889c0e Mon Sep 17 00:00:00 2001
From: Asutosh <1187055+asutosh@users.noreply.github.com>
Date: Mon, 8 Dec 2025 12:59:59 +0530
Subject: [PATCH 3/4] Remove debug for vuln scans

---
 .github/workflows/s1-cns-scan.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/s1-cns-scan.yml b/.github/workflows/s1-cns-scan.yml
index 994454c..d4686ce 100644
--- a/.github/workflows/s1-cns-scan.yml
+++ b/.github/workflows/s1-cns-scan.yml
@@ -94,7 +94,7 @@ jobs:
       - name: Run Vulnerability Scanner
         if: inputs.vuln_enabled
         id: vuln-scanner
-        run: s1-cns-cli scan vuln --debug --repo-full-name "$REPO_FULL_NAME" ${{ inputs.skip_paths != '' && '--skip-paths "$SKIP_PATHS"' || '' }} -d "$PWD"
+        run: s1-cns-cli scan vuln --repo-full-name "$REPO_FULL_NAME" ${{ inputs.skip_paths != '' && '--skip-paths "$SKIP_PATHS"' || '' }} -d "$PWD"
         env:
           GODEBUG: http2debug=1
           SKIP_PATHS: ${{ inputs.skip_paths }}

From b96f1fe9ebabf7a555a66913c3a5e2d46892f87d Mon Sep 17 00:00:00 2001
From: Asutosh <1187055+asutosh@users.noreply.github.com>
Date: Mon, 8 Dec 2025 13:05:08 +0530
Subject: [PATCH 4/4] Remove godebug, revert debug cli flags for vuln scans

---
 .github/workflows/s1-cns-scan.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/s1-cns-scan.yml b/.github/workflows/s1-cns-scan.yml
index d4686ce..716b1fc 100644
--- a/.github/workflows/s1-cns-scan.yml
+++ b/.github/workflows/s1-cns-scan.yml
@@ -94,7 +94,6 @@ jobs:
       - name: Run Vulnerability Scanner
         if: inputs.vuln_enabled
         id: vuln-scanner
-        run: s1-cns-cli scan vuln --repo-full-name "$REPO_FULL_NAME" ${{ inputs.skip_paths != '' && '--skip-paths "$SKIP_PATHS"' || '' }} -d "$PWD"
+        run: s1-cns-cli scan vuln --debug --repo-full-name "$REPO_FULL_NAME" ${{ inputs.skip_paths != '' && '--skip-paths "$SKIP_PATHS"' || '' }} -d "$PWD"
         env:
-          GODEBUG: http2debug=1
           SKIP_PATHS: ${{ inputs.skip_paths }}