diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
index 4c66a52a53..8cb2ce9f52 100644
--- a/.github/workflows/sonarcloud.yml
+++ b/.github/workflows/sonarcloud.yml
@@ -21,12 +21,24 @@ jobs:
   analyze:
     runs-on: ubuntu-latest
     steps:
+      - name: Check for SONAR_TOKEN
+        id: check-secret
+        run: |
+          if [ -n "${{ secrets.SONAR_TOKEN }}" ]; then
+            echo "available=true" >> $GITHUB_OUTPUT
+          else
+            echo "available=false" >> $GITHUB_OUTPUT
+            echo "::warning::SONAR_TOKEN not configured - skipping SonarCloud scan"
+          fi
+
       - name: Checkout
+        if: steps.check-secret.outputs.available == 'true'
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: SonarCloud Scan
+        if: steps.check-secret.outputs.available == 'true'
         uses: SonarSource/sonarcloud-github-action@v2
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index c2bf576694..9f0dcdc71e 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -24,7 +24,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Build Docker image
-        run: docker build -t ghcr.io/cheir-mneme/aletheia:${{ github.sha }} .
+        run: docker build -t ghcr.io/cheir-mneme/aletheia:${{ github.sha }} -f docker/Dockerfile .
 
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master