devpro · devpro · Feb 22, 2026 · Feb 7, 2026 · Feb 11, 2026 · Feb 13, 2026
diff --git a/.github/workflows/reusable-container-scan.yml b/.github/workflows/reusable-container-scan.yml
@@ -68,14 +68,16 @@ jobs:
       - name: Build container image
         run: docker build . --file ${{ inputs.image-definition }} --tag ${{ env.IMAGE_REF }}
         shell: bash
-      - name: Scan container image with NeuVector
-        if: ${{ inputs.neuvector-enabled }}
-        uses: neuvector/scan-action@main
-        with:
-          image-repository: ${{ inputs.image-path }}/${{ inputs.image-name }}
-          image-tag: ${{ inputs.image-tag }}
-          min-high-cves-to-fail: '${{ inputs.max-high-cves }}'
-          min-medium-cves-to-fail: '${{ inputs.max-medium-cves }}'
+      # deactivated 2026-02-22: "Build container for action use... process "/bin/sh -c zypper in -y jq docker && zypper clean" did not complete successfully: exit code: 8"
+      # - name: Scan container image with NeuVector
+      #   if: ${{ inputs.neuvector-enabled }}
+      #   uses: neuvector/scan-action@main
+      #   with:
+      #     image-repository: ${{ inputs.image-path }}/${{ inputs.image-name }}
+      #     image-tag: ${{ inputs.image-tag }}
+      #     min-high-cves-to-fail: '${{ inputs.max-high-cves }}'
+      #     min-medium-cves-to-fail: '${{ inputs.max-medium-cves }}'
+      #     nv-scanner-image: neuvector/scanner:5
       - name: Scan container image with Trivy
         if: ${{ inputs.trivy-enabled }}
         uses: aquasecurity/trivy-action@master

diff --git a/.github/workflows/reusable-dotnet-quality.yml b/.github/workflows/reusable-dotnet-quality.yml
@@ -22,6 +22,11 @@ on:
         type: boolean
         required: false
         default: false
+      fossa-test:
+        description: Run FOSSA test on PR
+        type: boolean
+        required: false
+        default: false
       job-name:
         description: Job name
         type: string
@@ -130,10 +135,16 @@ jobs:
           sonar-token: ${{ secrets.sonar-token }}
       - name: Check license compliance with FOSSA
         if: ${{ inputs.fossa-enabled }}
-        uses: fossas/fossa-action@v1
+        uses: fossas/fossa-action@v1.8.0
+        id: fossa
         with:
           api-key: "${{ secrets.fossa-api-key }}"
-          run-tests: false
+          run-tests: ${{ inputs.fossa-test && github.event_name == 'pull_request' }}
+          test-diff-revision: ${{ github.event.pull_request.base.sha }}
+          generate-report: html
+      - name: Create FOSSA report file
+        run: echo '${{ steps.fossa.outputs.report }}' > report/fossa.html
+        if: ${{ inputs.fossa-enabled }}
       - name: Generate SBOM with Syft
         uses: anchore/sbom-action@v0
         # with:
@@ -148,8 +159,10 @@ jobs:
           path: |
             ./**/*test-result.xml
             ./test/*/TestResults/*/coverage.cobertura.xml
+            ./**/failure_*.png*
             ./**/SonarQube.xml
             ./**/Summary.txt
+            ./**/fossa.html
     env:
       # https://docs.github.com/en/actions/reference/workflows-and-actions/contexts
       GITHUB_TOKEN: ${{ github.token }}
diff --git a/actions/dotnet/build-test-sonar/action.yml b/actions/dotnet/build-test-sonar/action.yml
@@ -66,7 +66,7 @@ runs:
           /d:sonar.coverageReportPaths="${{ inputs.report-folder }}/SonarQube.xml"
       shell: bash
     - name: Build .NET solution
-      run: dotnet build --no-restore
+      run: dotnet build --no-restore --configuration Debug
       shell: bash
     - name: Run tests
       run: |

diff --git a/actions/dotnet/build-test/action.yml b/actions/dotnet/build-test/action.yml
@@ -11,7 +11,7 @@ runs:
   using: "composite"
   steps:
     - name: Build .NET code
-      run: dotnet build --no-restore
+      run: dotnet build --no-restore --configuration Debug
       shell: bash
     - name: Run .NET tests
       run: |