diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml
index bc97301..1368045 100644
--- a/.gitea/workflows/deploy.yaml
+++ b/.gitea/workflows/deploy.yaml
@@ -59,9 +59,10 @@ jobs:
           # Aguardar 5 segundos para o servidor Nginx iniciar
           sleep 5
 
-  # ==========================================
+      # ==========================================
       # ETAPA 3: DAST - TESTE DINÂMICO (OWASP ZAP)
       # ==========================================
+
       - name: OWASP ZAP Baseline Scan
         run: |
           mkdir -p qatests
@@ -89,6 +90,12 @@ jobs:
           docker rm -f zap-scanner || true
           docker volume rm zap-reports || true
 
+      # Garante que a Sandbox é desmantelada mesmo que o passo do ZAP falhe
+      - name: Destruir Sandbox
+        if: always()
+        run: |
+          docker rm -f website-test-sandbox || true
+
       # ==========================================
       # ETAPA 4: DEPLOY EM PRODUÇÃO (SÓ SE TUDO PASSAR)
       # ==========================================
@@ -112,14 +119,18 @@ jobs:
       # ==========================================
       # ETAPA 5: ARTEFACTOS E NOTIFICAÇÕES
       # ==========================================
+      
+      - name: Compactar Relatório
+        if: always()
+        run: |
+          tar -czf qatests/owasp-zap-report.tar.gz -C qatests report.html
 
-      # Guarda o relatório interativo gerado pelo OWASP ZAP para poderes descarregar no Gitea
       - name: Guardar Relatorio ZAP
         if: always()
         uses: actions/upload-artifact@v3
         with:
           name: owasp-zap-report
-          path: qatests/report.html
+          path: qatests/owasp-zap-report.tar.gz
 
       - name: Slack/Discord Notification
         if: always()