diff --git a/.github/workflows/infisical-secrets-check.yml b/.github/workflows/infisical-secrets-check.yml
index 2a6c2da..fcb196d 100644
--- a/.github/workflows/infisical-secrets-check.yml
+++ b/.github/workflows/infisical-secrets-check.yml
@@ -12,6 +12,9 @@ jobs:
   
   secrets-scan:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
     steps:
 
       - name: Checkout repo
@@ -23,28 +26,60 @@ jobs:
         shell: bash
         run: curl -1sLf 'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.deb.sh' | sudo -E bash
       
-      - name: Install Infisical
+      - name: Install tools
         shell: bash
         run: | 
           sudo apt-get update && sudo apt-get install -y infisical
+          pip install csvkit
+          npm install -g csv-to-markdown-table
       
       - name: Run scan
         shell: bash
-        run: infisical scan --redact -f csv -r secrets-result.csv 2>&1 | tee >(sed -r 's/\x1b\[[0-9;]*m//g' > secrets-result.log)
+        run: infisical scan --redact -f csv -r secrets-result-raw.csv 2>&1 | tee >(sed -r 's/\x1b\[[0-9;]*m//g' >secrets-result.log)
+
+      - name: Generate report
+        shell: bash
+        if: failure()
+        run: |
+          if [[ -s secrets-result-raw.csv ]]; then
+            csvformat -M $'\r' secrets-result-raw.csv | sed -e ':a' -e 'N;$!ba' -e 's/\n/\\n/g' | tr '\r' '\n' | head -n 11 >secrets-result.csv
+            csv-to-markdown-table --delim , --headers <secrets-result.csv >secrets-result.md
+          fi
+
+      - name: Upload artifacts secrets-result.log
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: report-log
+          path: secrets-result.log
+
+      - name: Upload artifacts secrets-result.csv
+        uses: actions/upload-artifact@v4
+        if: failure()
+        with:
+          name: report-csv
+          path: secrets-result.csv
+
+      - name: Upload artifacts secrets-result.md
+        uses: actions/upload-artifact@v4
+        if: failure()
+        with:
+          name: report-md
+          path: secrets-result.md
 
       - name: Read secrets-result.log
-        uses: guibranco/github-file-reader-action-v2@v2.1.535
+        uses: guibranco/github-file-reader-action-v2@v2.2.612
         if: always()
         id: log
         with:
          path: secrets-result.log
 
-      - name: Read secrets-result.log
-        uses: guibranco/github-file-reader-action-v2@v2.1.535
+      - name: Read secrets-result.md
+        uses: guibranco/github-file-reader-action-v2@v2.2.612
         if: failure()
         id: report
         with:
-         path: secrets-result.csv
+         path: secrets-result.md
 
       - name: Update PR with comment
         uses: mshick/add-pr-comment@v2
@@ -59,7 +94,6 @@ jobs:
             ```
             ${{ steps.log.outputs.contents }}
             ```
-
           message-failure: |
             **Infisical secrets check:** :rotating_light: Secrets leaked!     
             
@@ -67,9 +101,12 @@ jobs:
             ```
             ${{ steps.log.outputs.contents }}
             ```
-            **Scan report:**
-            ```
-            ${{ steps.report.outputs.contents }}
-            ```
+
+            <details>
+              <summary>🔎 Detected secrets in your GIT history</summary>
+            
+              ${{ steps.report.outputs.contents }}
+            
+            </details>
           message-cancelled: |
             **Infisical secrets check:** :o: Secrets check cancelled!