From dd3f18bb066ff3b9dfe97535ade45024aa4e36d1 Mon Sep 17 00:00:00 2001
From: nessi <sascha@nesterovic.cc>
Date: Sat, 14 Feb 2026 18:55:52 +0100
Subject: [PATCH] Make Docker Scout scans non-blocking and update config paths.

Set `continue-on-error: true` for Docker Scout steps to ensure workflows proceed even if scans fail. Updated volume paths and environment variables for Docker config and credentials to improve scanning compatibility.
---
 .../container-cve-scan-development.yml        | 22 +++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/container-cve-scan-development.yml b/.github/workflows/container-cve-scan-development.yml
index 073bc2d..3c5767b 100644
--- a/.github/workflows/container-cve-scan-development.yml
+++ b/.github/workflows/container-cve-scan-development.yml
@@ -93,6 +93,7 @@ jobs:
           PY
 
       - name: Docker Scout scan (backend)
+        continue-on-error: true
         run: |
           if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then
             echo "Docker Hub Scout scan skipped: DOCKERHUB_USERNAME/DOCKERHUB_TOKEN not set." > scout-backend.txt
@@ -104,11 +105,18 @@ jobs:
           fi
           docker run --rm \
             -v /var/run/docker.sock:/var/run/docker.sock \
-            -v "$HOME/.docker:/root/.docker:ro" \
+            -v "$HOME/.docker:/home/scout/.docker:ro" \
+            -e DOCKER_CONFIG=/home/scout/.docker \
+            -e DOCKER_SCOUT_HUB_USER="${{ secrets.DOCKERHUB_USERNAME }}" \
+            -e DOCKER_SCOUT_HUB_PAT="${{ secrets.DOCKERHUB_TOKEN }}" \
             docker/scout-cli:latest cves nexapg-backend:dev-scan \
-            --only-severity critical,high,medium,low > scout-backend.txt
+            --only-severity critical,high,medium,low > scout-backend.txt 2>&1 || {
+              echo "" >> scout-backend.txt
+              echo "Docker Scout backend scan failed (non-blocking)." >> scout-backend.txt
+            }
 
       - name: Docker Scout scan (frontend)
+        continue-on-error: true
         run: |
           if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then
             echo "Docker Hub Scout scan skipped: DOCKERHUB_USERNAME/DOCKERHUB_TOKEN not set." > scout-frontend.txt
@@ -120,9 +128,15 @@ jobs:
           fi
           docker run --rm \
             -v /var/run/docker.sock:/var/run/docker.sock \
-            -v "$HOME/.docker:/root/.docker:ro" \
+            -v "$HOME/.docker:/home/scout/.docker:ro" \
+            -e DOCKER_CONFIG=/home/scout/.docker \
+            -e DOCKER_SCOUT_HUB_USER="${{ secrets.DOCKERHUB_USERNAME }}" \
+            -e DOCKER_SCOUT_HUB_PAT="${{ secrets.DOCKERHUB_TOKEN }}" \
             docker/scout-cli:latest cves nexapg-frontend:dev-scan \
-            --only-severity critical,high,medium,low > scout-frontend.txt
+            --only-severity critical,high,medium,low > scout-frontend.txt 2>&1 || {
+              echo "" >> scout-frontend.txt
+              echo "Docker Scout frontend scan failed (non-blocking)." >> scout-frontend.txt
+            }
 
       - name: Print scan summary
         run: |