diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 7354507e..74c433ee 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -13,9 +13,9 @@ gosec_scan:
   stage: scan
   image: golang:1.24
   script:
+    - apt-get update && apt-get install -y jq
     - go install github.com/securego/gosec/v2/cmd/gosec@latest
     - echo "🔍 Menjalankan scan keamanan Go..."
-    # Jalankan gosec, tapi jangan hentikan pipeline walau ada temuan
     - gosec -fmt=json -out=gosec-report.json ./... || true
     - echo "📄 Jumlah issue terdeteksi:" && cat gosec-report.json | jq '.Issues | length'
   artifacts:
@@ -34,22 +34,17 @@ sonarqube_analysis:
   stage: scan
   image: sonarsource/sonar-scanner-cli:latest
   script:
+    - apk add --no-cache jq
     - echo "🚀 Menjalankan analisis SonarQube..."
     - if [ -f "go.mod" ]; then go test ./... -coverprofile=coverage.out || true; fi
 
-    # (Opsional) ubah report JSON gosec jadi format kompatibel SonarQube Generic Issue
+    # Konversi hasil gosec ke format SonarQube Generic Issue
     - echo "🧩 Mengonversi hasil gosec untuk SonarQube..."
-    - |
-      cat > gosec-generic-report.json <<'EOF'
-      {
-        "issues": []
-      }
-      EOF
     - |
       jq -r '.Issues[] | {engineId: "gosec", ruleId: .rule_id, primaryLocation: {message: .details, filePath: .file, textRange: {startLine: .line}}, type: "VULNERABILITY", severity: .severity}' gosec-report.json |
       jq -s '{issues: .}' > gosec-generic-report.json
 
-    # Jalankan analisis SonarQube dan sertakan laporan gosec
+    # Kirim analisis ke SonarQube
     - sonar-scanner \
         -Dsonar.projectKey="mbu-lti-backend" \
         -Dsonar.projectName="MBU LTI Backend" \