diff --git a/.github/workflows/container-cve-scan-development.yml b/.github/workflows/container-cve-scan-development.yml
index 1874fb4..bf6bdff 100644
--- a/.github/workflows/container-cve-scan-development.yml
+++ b/.github/workflows/container-cve-scan-development.yml
@@ -24,20 +24,12 @@ jobs:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      - name: Docker Scout login bootstrap
-        continue-on-error: true
+      - name: Prepare Docker auth config for Scout container
+        if: ${{ secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }}
         run: |
-          if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then
-            echo "Docker Scout login skipped: DOCKERHUB_USERNAME/DOCKERHUB_TOKEN not set."
-            exit 0
-          fi
           mkdir -p "$RUNNER_TEMP/scout-docker-config"
-          printf '%s' "${{ secrets.DOCKERHUB_TOKEN }}" | docker run --rm -i \
-            -e DOCKER_CONFIG=/home/scout/.docker \
-            -v "$RUNNER_TEMP/scout-docker-config:/home/scout/.docker" \
-            docker/scout-cli:latest login \
-              --username "${{ secrets.DOCKERHUB_USERNAME }}" \
-              --password-stdin || true
+          cp "$HOME/.docker/config.json" "$RUNNER_TEMP/scout-docker-config/config.json"
+          chmod 600 "$RUNNER_TEMP/scout-docker-config/config.json"
 
       - name: Build backend image (local)
         uses: docker/build-push-action@v6
@@ -114,13 +106,12 @@ jobs:
             echo "Docker Hub Scout scan skipped: DOCKERHUB_USERNAME/DOCKERHUB_TOKEN not set." > scout-backend.txt
             exit 0
           fi
-          if [ ! -f "$HOME/.docker/config.json" ]; then
-            echo "Runner Docker config not found; continuing with Scout login cache if present." > scout-backend.txt
-          fi
           docker run --rm \
             -v /var/run/docker.sock:/var/run/docker.sock \
-            -v "$RUNNER_TEMP/scout-docker-config:/home/scout/.docker" \
-            -e DOCKER_CONFIG=/home/scout/.docker \
+            -v "$RUNNER_TEMP/scout-docker-config:/root/.docker:ro" \
+            -e DOCKER_CONFIG=/root/.docker \
+            -e DOCKER_SCOUT_HUB_USER="${{ secrets.DOCKERHUB_USERNAME }}" \
+            -e DOCKER_SCOUT_HUB_PASSWORD="${{ secrets.DOCKERHUB_TOKEN }}" \
             docker/scout-cli:latest cves nexapg-backend:dev-scan \
             --only-severity critical,high,medium,low > scout-backend.txt 2>&1 || {
               echo "" >> scout-backend.txt
@@ -134,13 +125,12 @@ jobs:
             echo "Docker Hub Scout scan skipped: DOCKERHUB_USERNAME/DOCKERHUB_TOKEN not set." > scout-frontend.txt
             exit 0
           fi
-          if [ ! -f "$HOME/.docker/config.json" ]; then
-            echo "Runner Docker config not found; continuing with Scout login cache if present." > scout-frontend.txt
-          fi
           docker run --rm \
             -v /var/run/docker.sock:/var/run/docker.sock \
-            -v "$RUNNER_TEMP/scout-docker-config:/home/scout/.docker" \
-            -e DOCKER_CONFIG=/home/scout/.docker \
+            -v "$RUNNER_TEMP/scout-docker-config:/root/.docker:ro" \
+            -e DOCKER_CONFIG=/root/.docker \
+            -e DOCKER_SCOUT_HUB_USER="${{ secrets.DOCKERHUB_USERNAME }}" \
+            -e DOCKER_SCOUT_HUB_PASSWORD="${{ secrets.DOCKERHUB_TOKEN }}" \
             docker/scout-cli:latest cves nexapg-frontend:dev-scan \
             --only-severity critical,high,medium,low > scout-frontend.txt 2>&1 || {
               echo "" >> scout-frontend.txt