diff --git a/.github/workflows/container-cve-scan-development.yml b/.github/workflows/container-cve-scan-development.yml
index 3c5767b..1874fb4 100644
--- a/.github/workflows/container-cve-scan-development.yml
+++ b/.github/workflows/container-cve-scan-development.yml
@@ -24,6 +24,21 @@ jobs:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
+      - name: Docker Scout login bootstrap
+        continue-on-error: true
+        run: |
+          if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then
+            echo "Docker Scout login skipped: DOCKERHUB_USERNAME/DOCKERHUB_TOKEN not set."
+            exit 0
+          fi
+          mkdir -p "$RUNNER_TEMP/scout-docker-config"
+          printf '%s' "${{ secrets.DOCKERHUB_TOKEN }}" | docker run --rm -i \
+            -e DOCKER_CONFIG=/home/scout/.docker \
+            -v "$RUNNER_TEMP/scout-docker-config:/home/scout/.docker" \
+            docker/scout-cli:latest login \
+              --username "${{ secrets.DOCKERHUB_USERNAME }}" \
+              --password-stdin || true
+
       - name: Build backend image (local)
         uses: docker/build-push-action@v6
         with:
@@ -100,15 +115,12 @@ jobs:
             exit 0
           fi
           if [ ! -f "$HOME/.docker/config.json" ]; then
-            echo "Docker Hub Scout scan skipped: docker login config not found in runner." > scout-backend.txt
-            exit 0
+            echo "Runner Docker config not found; continuing with Scout login cache if present." > scout-backend.txt
           fi
           docker run --rm \
             -v /var/run/docker.sock:/var/run/docker.sock \
-            -v "$HOME/.docker:/home/scout/.docker:ro" \
+            -v "$RUNNER_TEMP/scout-docker-config:/home/scout/.docker" \
             -e DOCKER_CONFIG=/home/scout/.docker \
-            -e DOCKER_SCOUT_HUB_USER="${{ secrets.DOCKERHUB_USERNAME }}" \
-            -e DOCKER_SCOUT_HUB_PAT="${{ secrets.DOCKERHUB_TOKEN }}" \
             docker/scout-cli:latest cves nexapg-backend:dev-scan \
             --only-severity critical,high,medium,low > scout-backend.txt 2>&1 || {
               echo "" >> scout-backend.txt
@@ -123,15 +135,12 @@ jobs:
             exit 0
           fi
           if [ ! -f "$HOME/.docker/config.json" ]; then
-            echo "Docker Hub Scout scan skipped: docker login config not found in runner." > scout-frontend.txt
-            exit 0
+            echo "Runner Docker config not found; continuing with Scout login cache if present." > scout-frontend.txt
           fi
           docker run --rm \
             -v /var/run/docker.sock:/var/run/docker.sock \
-            -v "$HOME/.docker:/home/scout/.docker:ro" \
+            -v "$RUNNER_TEMP/scout-docker-config:/home/scout/.docker" \
             -e DOCKER_CONFIG=/home/scout/.docker \
-            -e DOCKER_SCOUT_HUB_USER="${{ secrets.DOCKERHUB_USERNAME }}" \
-            -e DOCKER_SCOUT_HUB_PAT="${{ secrets.DOCKERHUB_TOKEN }}" \
             docker/scout-cli:latest cves nexapg-frontend:dev-scan \
             --only-severity critical,high,medium,low > scout-frontend.txt 2>&1 || {
               echo "" >> scout-frontend.txt