From f4b18b6cf1e94af2b39e49e07e613dc44c3068f2 Mon Sep 17 00:00:00 2001
From: nessi <sascha@nesterovic.cc>
Date: Sat, 14 Feb 2026 18:50:46 +0100
Subject: [PATCH] Update Docker Hub Scout config to use local login credentials

Replaced the use of Docker Hub secrets with a mounted local docker configuration file for authentication. Added a check to ensure the login config exists before running scans, preventing unnecessary failures. This change enhances flexibility and aligns with local environment setups.
---
 .../workflows/container-cve-scan-development.yml   | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/container-cve-scan-development.yml b/.github/workflows/container-cve-scan-development.yml
index 0ad28f1..073bc2d 100644
--- a/.github/workflows/container-cve-scan-development.yml
+++ b/.github/workflows/container-cve-scan-development.yml
@@ -98,10 +98,13 @@ jobs:
             echo "Docker Hub Scout scan skipped: DOCKERHUB_USERNAME/DOCKERHUB_TOKEN not set." > scout-backend.txt
             exit 0
           fi
+          if [ ! -f "$HOME/.docker/config.json" ]; then
+            echo "Docker Hub Scout scan skipped: docker login config not found in runner." > scout-backend.txt
+            exit 0
+          fi
           docker run --rm \
             -v /var/run/docker.sock:/var/run/docker.sock \
-            -e DOCKER_SCOUT_HUB_USER="${{ secrets.DOCKERHUB_USERNAME }}" \
-            -e DOCKER_SCOUT_HUB_PAT="${{ secrets.DOCKERHUB_TOKEN }}" \
+            -v "$HOME/.docker:/root/.docker:ro" \
             docker/scout-cli:latest cves nexapg-backend:dev-scan \
             --only-severity critical,high,medium,low > scout-backend.txt
 
@@ -111,10 +114,13 @@ jobs:
             echo "Docker Hub Scout scan skipped: DOCKERHUB_USERNAME/DOCKERHUB_TOKEN not set." > scout-frontend.txt
             exit 0
           fi
+          if [ ! -f "$HOME/.docker/config.json" ]; then
+            echo "Docker Hub Scout scan skipped: docker login config not found in runner." > scout-frontend.txt
+            exit 0
+          fi
           docker run --rm \
             -v /var/run/docker.sock:/var/run/docker.sock \
-            -e DOCKER_SCOUT_HUB_USER="${{ secrets.DOCKERHUB_USERNAME }}" \
-            -e DOCKER_SCOUT_HUB_PAT="${{ secrets.DOCKERHUB_TOKEN }}" \
+            -v "$HOME/.docker:/root/.docker:ro" \
             docker/scout-cli:latest cves nexapg-frontend:dev-scan \
             --only-severity critical,high,medium,low > scout-frontend.txt