diff --git a/.github/workflows/container-cve-scan-development.yml b/.github/workflows/container-cve-scan-development.yml
index 0ad28f1..b18ce44 100644
--- a/.github/workflows/container-cve-scan-development.yml
+++ b/.github/workflows/container-cve-scan-development.yml
@@ -24,6 +24,13 @@ jobs:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
+      - name: Prepare Docker auth config for Scout container
+        if: ${{ secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }}
+        run: |
+          mkdir -p "$RUNNER_TEMP/scout-docker-config"
+          cp "$HOME/.docker/config.json" "$RUNNER_TEMP/scout-docker-config/config.json"
+          chmod 600 "$RUNNER_TEMP/scout-docker-config/config.json"
+
       - name: Build backend image (local)
         uses: docker/build-push-action@v6
         with:
@@ -93,30 +100,44 @@ jobs:
           PY
 
       - name: Docker Scout scan (backend)
+        continue-on-error: true
         run: |
           if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then
             echo "Docker Hub Scout scan skipped: DOCKERHUB_USERNAME/DOCKERHUB_TOKEN not set." > scout-backend.txt
             exit 0
           fi
           docker run --rm \
+            -u root \
             -v /var/run/docker.sock:/var/run/docker.sock \
+            -v "$RUNNER_TEMP/scout-docker-config:/root/.docker" \
+            -e DOCKER_CONFIG=/root/.docker \
             -e DOCKER_SCOUT_HUB_USER="${{ secrets.DOCKERHUB_USERNAME }}" \
-            -e DOCKER_SCOUT_HUB_PAT="${{ secrets.DOCKERHUB_TOKEN }}" \
+            -e DOCKER_SCOUT_HUB_PASSWORD="${{ secrets.DOCKERHUB_TOKEN }}" \
             docker/scout-cli:latest cves nexapg-backend:dev-scan \
-            --only-severity critical,high,medium,low > scout-backend.txt
+            --only-severity critical,high,medium,low > scout-backend.txt 2>&1 || {
+              echo "" >> scout-backend.txt
+              echo "Docker Scout backend scan failed (non-blocking)." >> scout-backend.txt
+            }
 
       - name: Docker Scout scan (frontend)
+        continue-on-error: true
         run: |
           if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then
             echo "Docker Hub Scout scan skipped: DOCKERHUB_USERNAME/DOCKERHUB_TOKEN not set." > scout-frontend.txt
             exit 0
           fi
           docker run --rm \
+            -u root \
             -v /var/run/docker.sock:/var/run/docker.sock \
+            -v "$RUNNER_TEMP/scout-docker-config:/root/.docker" \
+            -e DOCKER_CONFIG=/root/.docker \
             -e DOCKER_SCOUT_HUB_USER="${{ secrets.DOCKERHUB_USERNAME }}" \
-            -e DOCKER_SCOUT_HUB_PAT="${{ secrets.DOCKERHUB_TOKEN }}" \
+            -e DOCKER_SCOUT_HUB_PASSWORD="${{ secrets.DOCKERHUB_TOKEN }}" \
             docker/scout-cli:latest cves nexapg-frontend:dev-scan \
-            --only-severity critical,high,medium,low > scout-frontend.txt
+            --only-severity critical,high,medium,low > scout-frontend.txt 2>&1 || {
+              echo "" >> scout-frontend.txt
+              echo "Docker Scout frontend scan failed (non-blocking)." >> scout-frontend.txt
+            }
 
       - name: Print scan summary
         run: |
diff --git a/.github/workflows/pg-compat-matrix.yml b/.github/workflows/pg-compat-matrix.yml
index d4d923b..68345a7 100644
--- a/.github/workflows/pg-compat-matrix.yml
+++ b/.github/workflows/pg-compat-matrix.yml
@@ -11,6 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
+      max-parallel: 3
       matrix:
         pg_version: ["14", "15", "16", "17", "18"]
 
@@ -32,6 +33,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
 
       - name: Set up Python
         uses: actions/setup-python@v5