From d914587e97ccfb396bb5597382f12da036029a16 Mon Sep 17 00:00:00 2001
From: Aleksandr Myrnyi <oleksandr.myrnyi@spryker.com>
Date: Fri, 6 Feb 2026 15:11:19 +0100
Subject: [PATCH 1/3] The default to Alpine 3.20

Updated Docker tags for PHP images in CI workflow.
---
 .github/workflows/ci.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 790bd257..e4c3eaad 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -20,13 +20,13 @@ jobs:
             tags: [ "spryker/php:8.1", "spryker/php:8.1-alpine3.20" ]
             platforms: [ "linux/amd64", "linux/arm64" ]
           - image: "alpine/3.20/8.2/Dockerfile"
-            tags: [ "spryker/php:8.2-alpine3.20" ]
+            tags: [ "spryker/php:latest", "spryker/php:8.2", "spryker/php:8.2-alpine3.20" ]
             platforms: [ "linux/amd64", "linux/arm64" ]
           - image: "alpine/3.20/8.3/Dockerfile"
-            tags: [ "spryker/php:8.3-alpine3.20" ]
+            tags: [ "spryker/php:8.3", "spryker/php:8.3-alpine3.20" ]
             platforms: [ "linux/amd64", "linux/arm64" ]
           - image: "alpine/3.20/8.4/Dockerfile"
-            tags: [ "spryker/php:8.4-alpine3.20" ]
+            tags: ["spryker/php:8.4", "spryker/php:8.4-alpine3.20" ]
             platforms: [ "linux/amd64", "linux/arm64" ]
 
           ### Alpine 3.21
@@ -42,13 +42,13 @@ jobs:
 
           ### Alpine 3.22
           - image: "alpine/3.22/8.2/Dockerfile"
-            tags: [ "spryker/php:latest", "spryker/php:8.2", "spryker/php:8.2-alpine3.22" ]
+            tags: [ "spryker/php:8.2-alpine3.22" ]
             platforms: [ "linux/amd64", "linux/arm64" ]
           - image: "alpine/3.22/8.3/Dockerfile"
-            tags: [ "spryker/php:8.3", "spryker/php:8.3-alpine3.22" ]
+            tags: [ "spryker/php:8.3-alpine3.22" ]
             platforms: [ "linux/amd64", "linux/arm64" ]
           - image: "alpine/3.22/8.4/Dockerfile"
-            tags: ["spryker/php:8.4", "spryker/php:8.4-alpine3.22" ]
+            tags: ["spryker/php:8.4-alpine3.22" ]
             platforms: [ "linux/amd64", "linux/arm64" ]
 
           ### Alpine 3.23

From 92514e14e1099478553abc4a347b46a8603191a1 Mon Sep 17 00:00:00 2001
From: Aleksandr Myrnyi <oleksandr.myrnyi@spryker.com>
Date: Fri, 6 Feb 2026 15:22:09 +0100
Subject: [PATCH 2/3] Update tags for PHP 8.4 images in CI workflow

---
 .github/workflows/ci.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e4c3eaad..da786855 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -26,7 +26,7 @@ jobs:
             tags: [ "spryker/php:8.3", "spryker/php:8.3-alpine3.20" ]
             platforms: [ "linux/amd64", "linux/arm64" ]
           - image: "alpine/3.20/8.4/Dockerfile"
-            tags: ["spryker/php:8.4", "spryker/php:8.4-alpine3.20" ]
+            tags: ["spryker/php:8.4-alpine3.20" ]
             platforms: [ "linux/amd64", "linux/arm64" ]
 
           ### Alpine 3.21
@@ -37,7 +37,7 @@ jobs:
             tags: [ "spryker/php:8.3-alpine3.21" ]
             platforms: [ "linux/amd64", "linux/arm64" ]
           - image: "alpine/3.21/8.4/Dockerfile"
-            tags: [ "spryker/php:8.4-alpine3.21" ]
+            tags: [ "spryker/php:8.4", "spryker/php:8.4-alpine3.21" ]
             platforms: [ "linux/amd64", "linux/arm64" ]
 
           ### Alpine 3.22

From 0ad4b8f3a68a057c02f826283ed0eeeb3569ff50 Mon Sep 17 00:00:00 2001
From: alexanderM91 <oleksandr.myrnyi@spryker.com>
Date: Fri, 6 Feb 2026 15:31:50 +0100
Subject: [PATCH 3/3] Fix the security scan report

---
 .../workflows/ecr-scheduled-security-scan.yml | 21 +++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ecr-scheduled-security-scan.yml b/.github/workflows/ecr-scheduled-security-scan.yml
index c317593d..f43a3671 100644
--- a/.github/workflows/ecr-scheduled-security-scan.yml
+++ b/.github/workflows/ecr-scheduled-security-scan.yml
@@ -111,14 +111,27 @@ jobs:
       - name: Fix vulnerability counts
         id: fixed-counts
         run: |
+          CRITICAL=${{ steps.docker-scan.outputs.critical }}
+          HIGH=${{ steps.docker-scan.outputs.high }}
+          MEDIUM=${{ steps.docker-scan.outputs.medium }}
+          LOW=${{ steps.docker-scan.outputs.low }}
+          INFO=${{ steps.docker-scan.outputs.informational }}
+
           FINDINGS=$(aws ecr describe-image-scan-findings \
             --repository-name "${{ secrets.AWS_ECR_REPO }}" \
             --image-id imageTag="${{ matrix.image_tag }}" \
             --query 'imageScanFindings.findings' \
-            --output json)
-          
-          echo "total=$(echo "$FINDINGS" | jq 'length')" >> $GITHUB_OUTPUT
-          echo "undefined=$(echo "$FINDINGS" | jq '[.[] | select(.severity == "UNDEFINED" or .severity == null or .severity == "")] | length')" >> $GITHUB_OUTPUT
+            --output json 2>/dev/null) || FINDINGS="[]"
+
+          if ! echo "$FINDINGS" | jq empty 2>/dev/null; then
+            FINDINGS="[]"
+          fi
+
+          UNDEFINED=$(echo "$FINDINGS" | jq '[.[] | select(.severity == "UNDEFINED" or .severity == null or .severity == "")] | length')
+          TOTAL=$(( ${CRITICAL:-0} + ${HIGH:-0} + ${MEDIUM:-0} + ${LOW:-0} + ${INFO:-0} + ${UNDEFINED:-0} ))
+
+          echo "total=$TOTAL" >> $GITHUB_OUTPUT
+          echo "undefined=$UNDEFINED" >> $GITHUB_OUTPUT
 
       - name: Report
         if: always()