From 104dad22f34203e36b9f2820485f7190cc179c35 Mon Sep 17 00:00:00 2001
From: Mathieu Tarral <mathieu.tarral@intel.com>
Date: Thu, 9 Oct 2025 14:51:28 -0700
Subject: [PATCH 1/2] Dockerfile: fix copying ispm config file to vscode user

---
 Dockerfile | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index a2eba5cd..d1bf857c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -204,8 +204,15 @@ cp /workspace/tsffs/harness/tsffs.h /workspace/projects/example/
 ninja
 EOF
 
+
+RUN <<EOF
+set -e
+# copy ISPM config to vscode user
+cp -r "/root/.config" "/home/${USERNAME}/.config"
+chown -R "${USERNAME}:dev" "/home/${USERNAME}/.config"
+EOF
+
 USER vscode
-RUN echo 'echo "To run the demo, run ./simics -no-gui --no-win fuzz.simics"' >> ~/.bashrc
 
 WORKDIR /workspace/tsffs
 
@@ -214,6 +221,7 @@ FROM create-user AS tsffs-prod
 ARG PUBLIC_SIMICS_PKGS_URL
 ARG PUBLIC_SIMICS_ISPM_URL
 ARG PUBLIC_SIMICS_PACKAGE_VERSION_1000
+ARG USERNAME
 ENV SIMICS_BASE="/workspace/simics/simics-${PUBLIC_SIMICS_PACKAGE_VERSION_1000}/"
 # Add cargo and ispm to the path
 ENV PATH="/home/${USERNAME}/.cargo/bin:/workspace/simics/ispm:${PATH}"
@@ -249,4 +257,5 @@ RUN rm -r /workspace/tsffs
 RUN chmod 775 /workspace
 
 USER vscode
+RUN echo 'echo "To run the demo, run ./simics -no-gui --no-win fuzz.simics"' >> "/home/${USERNAME}/.bashrc"
 WORKDIR /workspace/projects/example

From e7b5ae30003f89b93b6ce38b061a1462f24702ff Mon Sep 17 00:00:00 2001
From: Mathieu Tarral <mathieu.tarral@intel.com>
Date: Wed, 15 Oct 2025 11:57:06 -0700
Subject: [PATCH 2/2] ci: cleanup space before scan_main_container job

---
 .github/workflows/scans.yml | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/.github/workflows/scans.yml b/.github/workflows/scans.yml
index b9805679..460289a5 100644
--- a/.github/workflows/scans.yml
+++ b/.github/workflows/scans.yml
@@ -68,6 +68,38 @@ jobs:
   scan_main_container:
     runs-on: ubuntu-latest
     steps:
+      - name: Aggressive cleanup
+        run: |
+          # Remove Java (JDKs)
+          sudo rm -rf /usr/lib/jvm
+
+          # Remove .NET SDKs
+          sudo rm -rf /usr/share/dotnet
+
+          # Remove Swift toolchain
+          sudo rm -rf /usr/share/swift
+
+          # Remove Haskell (GHC)
+          sudo rm -rf /usr/local/.ghcup
+
+          # Remove Julia
+          sudo rm -rf /usr/local/julia*
+
+          # Remove Android SDKs
+          sudo rm -rf /usr/local/lib/android
+
+          # Remove Chromium (optional if not using for browser tests)
+          sudo rm -rf /usr/local/share/chromium
+
+          # Remove Microsoft/Edge and Google Chrome builds
+          sudo rm -rf /opt/microsoft /opt/google
+
+          # Remove Azure CLI
+          sudo rm -rf /opt/az
+
+          # Remove PowerShell
+          sudo rm -rf /usr/local/share/powershell
+
       - name: Harden Runner
         uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
         with: