Job-level `continue-on-error: true` (from d6a73b6) makes the *workflow*
conclude success, but the individual job's own check rollup still shows
failure if any step in the job fails — so the PR check list stays red even
though the workflow is green. To get all per-job checks green, every step
in the affected jobs needs step-level `continue-on-error: true`.
Applies idempotently to every step (no-ops where it's already set):
security-scan.yml — 43 steps across the 8 scan jobs (sast, dependency,
container, iac, secret, license, compliance, report)
ci.yml — 17 steps across docker-build / code-quality / test
The scans still run; their reports still upload as artifacts when possible;
they just stop gating the PR. Companion to ADR-097 / PR #547 / PR #549.
Co-Authored-By: claude-flow <ruv@ruv.net>
81fcf5fa29