eclipse
diff --git a/‎server/src/dev/resources/application.yml‎
Lines changed: 3 additions & 0 deletions b/‎server/src/dev/resources/application.yml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎server/src/main/java/org/eclipse/openvsx/admin/ScanAPI.java‎
Lines changed: 5 additions & 0 deletions b/‎server/src/main/java/org/eclipse/openvsx/admin/ScanAPI.java‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎server/src/main/java/org/eclipse/openvsx/entities/ScanCheckResult.java‎
Lines changed: 15 additions & 0 deletions b/‎server/src/main/java/org/eclipse/openvsx/entities/ScanCheckResult.java‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎server/src/main/java/org/eclipse/openvsx/json/CheckResultJson.java‎
Lines changed: 11 additions & 0 deletions b/‎server/src/main/java/org/eclipse/openvsx/json/CheckResultJson.java‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎server/src/main/java/org/eclipse/openvsx/publish/PublishExtensionVersionHandler.java‎
Lines changed: 2 additions & 1 deletion b/‎server/src/main/java/org/eclipse/openvsx/publish/PublishExtensionVersionHandler.java‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎server/src/main/java/org/eclipse/openvsx/repositories/ExtensionScanRepository.java‎
Lines changed: 10 additions & 4 deletions b/‎server/src/main/java/org/eclipse/openvsx/repositories/ExtensionScanRepository.java‎
Lines changed: 10 additions & 4 deletions
diff --git a/‎server/src/main/java/org/eclipse/openvsx/repositories/RepositoryService.java‎
Lines changed: 6 additions & 3 deletions b/‎server/src/main/java/org/eclipse/openvsx/repositories/RepositoryService.java‎
Lines changed: 6 additions & 3 deletions
diff --git a/‎server/src/main/java/org/eclipse/openvsx/scanning/BlocklistCheckConfig.java‎
Lines changed: 16 additions & 0 deletions b/‎server/src/main/java/org/eclipse/openvsx/scanning/BlocklistCheckConfig.java‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎server/src/main/java/org/eclipse/openvsx/scanning/BlocklistCheckService.java‎
Lines changed: 5 additions & 0 deletions b/‎server/src/main/java/org/eclipse/openvsx/scanning/BlocklistCheckService.java‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎server/src/main/java/org/eclipse/openvsx/scanning/ExtensionScanPersistenceService.java‎
Lines changed: 15 additions & 5 deletions b/‎server/src/main/java/org/eclipse/openvsx/scanning/ExtensionScanPersistenceService.java‎
Lines changed: 15 additions & 5 deletions
@@ -179,9 +179,11 @@ ovsx:
     blocklist-check:
       enabled: true
       enforced: false
+      required: false
     similarity:
       enabled: true
       enforced: false
+      required: false
       similarity-threshold: 0.2
       skip-if-publisher-verified: false
       only-protect-verified-names: false
@@ -190,6 +192,7 @@ ovsx:
     secret-detection:
       enabled: true
       enforced: false
+      required: false
       rules-path: 'classpath:scanning/secret-detection-custom-rules.yaml'
       suppression-markers: 'secret-detector:ignore,gitleaks:allow,nosecret,@suppress-secret'
       gitleaks:
 
@@ -348,6 +348,9 @@ public ResponseEntity<ScanResultListJson> getAllScans(
             var pageNumber = offset / Math.max(size, 1);
             var pageable = PageRequest.of(pageNumber, size, sort);
 
+            // Automatically include scans with errored check results when filtering by ERRORED status
+            var includeCheckErrors = statusFilter.contains(ScanStatus.ERRORED);
+            
             var page = repositories.findScansFullyFiltered(
                 statusFilter.isEmpty() ? null : statusFilter,
                 normalizedNamespace.isEmpty() ? null : normalizedNamespace,
@@ -359,6 +362,7 @@ public ResponseEntity<ScanResultListJson> getAllScans(
                 scannerNames,
                 enforcedOnly,
                 adminDecisionFilter,
+                includeCheckErrors,
                 pageable
             );
 
@@ -869,6 +873,7 @@ private CheckResultJson toCheckResultJson(ScanCheckResult checkResult) {
         json.setFindingsCount(checkResult.getFindingsCount());
         json.setSummary(checkResult.getSummary());
         json.setErrorMessage(checkResult.getErrorMessage());
+        json.setRequired(checkResult.getRequired());
         return json;
     }
 
 
@@ -125,6 +125,13 @@ public enum CheckResult {
     @Column(name = "scanner_job_id")
     private Long scannerJobId;
 
+    /**
+     * Whether this check was required (errors block publishing).
+     * When false, errors are logged but don't block publishing.
+     */
+    @Column(name = "required")
+    private Boolean required;
+
     // Getters and setters
 
     public long getId() {
@@ -231,6 +238,14 @@ public void setScannerJobId(Long scannerJobId) {
         this.scannerJobId = scannerJobId;
     }
 
+    public Boolean getRequired() {
+        return required;
+    }
+
+    public void setRequired(Boolean required) {
+        this.required = required;
+    }
+
     /**
      * Factory method for creating a passed check result.
      */
 
@@ -57,6 +57,9 @@ public class CheckResultJson {
     @Schema(description = "Error message if check failed with error")
     private String errorMessage;
 
+    @Schema(description = "Whether this check was required (errors block publishing). Null for scanner jobs.")
+    private Boolean required;
+
     // Getters and setters
 
     public String getCheckType() {
@@ -138,4 +141,12 @@ public String getErrorMessage() {
     public void setErrorMessage(String errorMessage) {
         this.errorMessage = errorMessage;
     }
+
+    public Boolean getRequired() {
+        return required;
+    }
+
+    public void setRequired(Boolean required) {
+        this.required = required;
+    }
 }
@@ -272,7 +272,8 @@ private void doPublish(TempFile extensionFile, ExtensionService extensionService
                             1,                       // findingsCount
                             reason,
                             null,                    // errorMessage
-                            null                     // scannerJobId - not a scanner job
+                            null,                    // scannerJobId - not a scanner job
+                            true
                     );
 
                     // Also record as validation failure for the failures list
 
@@ -224,7 +224,7 @@ long countForStatistics(
     );
 
     /**
-     * Full paginated query with ALL filters including validationType, scannerNames, enforcement, and adminDecision.
+     * Full paginated query with ALL filters including validationType, scannerNames, enforcement, adminDecision, and check errors.
      * 
      * Enforcement behavior:
      * - When validationType is specified: enforcement modifies that filter (AND logic)
@@ -233,7 +233,9 @@ long countForStatistics(
      */
     @Query(value = """
         SELECT s.* FROM extension_scan s
-        WHERE (CAST(:statuses AS TEXT) IS NULL OR s.status IN (:statuses))
+        WHERE (CAST(:statuses AS TEXT) IS NULL OR s.status IN (:statuses)
+               OR (:includeCheckErrors = true AND EXISTS (
+                   SELECT 1 FROM scan_check_result r WHERE r.scan_id = s.id AND r.result = 'ERROR')))
           AND (CAST(:namespace AS TEXT) IS NULL OR LOWER(s.namespace_name) LIKE LOWER('%' || :namespace || '%'))
           AND (CAST(:publisher AS TEXT) IS NULL OR LOWER(s.publisher) LIKE LOWER('%' || :publisher || '%'))
           AND (CAST(:name AS TEXT) IS NULL OR LOWER(s.extension_name) LIKE LOWER('%' || :name || '%')
@@ -276,6 +278,7 @@ Page<ExtensionScan> findScansFullyFiltered(
         @Param("filterAllowed") boolean filterAllowed,
         @Param("filterBlocked") boolean filterBlocked,
         @Param("filterNeedsReview") boolean filterNeedsReview,
+        @Param("includeCheckErrors") boolean includeCheckErrors,
         Pageable pageable
     );
 
@@ -284,7 +287,9 @@ Page<ExtensionScan> findScansFullyFiltered(
      */
     @Query(value = """
         SELECT COUNT(*) FROM extension_scan s
-        WHERE (CAST(:statuses AS TEXT) IS NULL OR s.status IN (:statuses))
+        WHERE (CAST(:statuses AS TEXT) IS NULL OR s.status IN (:statuses)
+               OR (:includeCheckErrors = true AND EXISTS (
+                   SELECT 1 FROM scan_check_result r WHERE r.scan_id = s.id AND r.result = 'ERROR')))
           AND (CAST(:namespace AS TEXT) IS NULL OR LOWER(s.namespace_name) LIKE LOWER('%' || :namespace || '%'))
           AND (CAST(:publisher AS TEXT) IS NULL OR LOWER(s.publisher) LIKE LOWER('%' || :publisher || '%'))
           AND (CAST(:name AS TEXT) IS NULL OR LOWER(s.extension_name) LIKE LOWER('%' || :name || '%')
@@ -326,7 +331,8 @@ long countScansFullyFiltered(
         @Param("applyAdminDecisionFilter") boolean applyAdminDecisionFilter,
         @Param("filterAllowed") boolean filterAllowed,
         @Param("filterBlocked") boolean filterBlocked,
-        @Param("filterNeedsReview") boolean filterNeedsReview
+        @Param("filterNeedsReview") boolean filterNeedsReview,
+        @Param("includeCheckErrors") boolean includeCheckErrors
     );
 }
 
@@ -850,6 +850,7 @@ public org.springframework.data.domain.Page<ExtensionScan> findScansFullyFiltere
             @Nullable Collection<String> scannerNames,
             @Nullable Boolean enforcedOnly,
             @Nullable org.eclipse.openvsx.admin.ScanAPI.AdminDecisionFilterValues adminDecisionFilter,
+            boolean includeCheckErrors,
             org.springframework.data.domain.Pageable pageable
     ) {
         // Convert enums to strings for native query
@@ -877,7 +878,7 @@ public org.springframework.data.domain.Page<ExtensionScan> findScansFullyFiltere
             startedFrom, startedTo, checkTypesParam, applyCheckTypesFilter,
             scannerNamesParam, applyScannerNamesFilter, enforcedOnly,
             applyAdminDecisionFilter, filterAllowed, filterBlocked, filterNeedsReview,
-            pageable
+            includeCheckErrors, pageable
         );
     }
 
@@ -891,7 +892,8 @@ public long countScansFullyFiltered(
             @Nullable Collection<String> checkTypes,
             @Nullable Collection<String> scannerNames,
             @Nullable Boolean enforcedOnly,
-            @Nullable org.eclipse.openvsx.admin.ScanAPI.AdminDecisionFilterValues adminDecisionFilter
+            @Nullable org.eclipse.openvsx.admin.ScanAPI.AdminDecisionFilterValues adminDecisionFilter,
+            boolean includeCheckErrors
     ) {
         // Convert enums to strings for native query
         var statusesParam = (statuses == null || statuses.isEmpty()) 
@@ -917,7 +919,8 @@ public long countScansFullyFiltered(
             statusesParam, namespaceParam, publisherParam, nameParam, 
             startedFrom, startedTo, checkTypesParam, applyCheckTypesFilter,
             scannerNamesParam, applyScannerNamesFilter, enforcedOnly,
-            applyAdminDecisionFilter, filterAllowed, filterBlocked, filterNeedsReview
+            applyAdminDecisionFilter, filterAllowed, filterBlocked, filterNeedsReview,
+            includeCheckErrors
         );
     }
 
 
@@ -54,6 +54,18 @@ public class BlocklistCheckConfig {
     @Value("${ovsx.scanning.blocklist-check.enforced:true}")
     private boolean enforced;
 
+    /**
+     * Whether errors during blocklist checking should block publication.
+     * <p>
+     * When true (default), exceptions during the check will block publishing.
+     * When false, exceptions are logged but publishing continues.
+     * <p>
+     * Property: {@code ovsx.scanning.blocklist-check.required}
+     * Default: {@code true}
+     */
+    @Value("${ovsx.scanning.blocklist-check.required:true}")
+    private boolean required;
+
     /**
      * Message shown to users when their extension is blocked.
      * <p>
@@ -71,6 +83,10 @@ public boolean isEnforced() {
         return enforced;
     }
 
+    public boolean isRequired() {
+        return required;
+    }
+
     public String getUserMessage() {
         return userMessage;
     }
 
@@ -85,6 +85,11 @@ public boolean isEnforced() {
         return config.isEnforced();
     }
 
+    @Override
+    public boolean isRequired() {
+        return config.isRequired();
+    }
+
     @Override
     public String getUserFacingMessage(List<Failure> failures) {
         return config.getUserMessage();
 
@@ -55,17 +55,20 @@ public class ExtensionScanPersistenceService {
     private final ObjectMapper objectMapper;
     private final FileDecisionRepository fileDecisionRepository;
     private final ScannerJobRepository scannerJobRepository;
+    private final ScannerRegistry scannerRegistry;
 
     public ExtensionScanPersistenceService(
             RepositoryService repositories,
             ObjectMapper objectMapper,
             FileDecisionRepository fileDecisionRepository,
-            ScannerJobRepository scannerJobRepository
+            ScannerJobRepository scannerJobRepository,
+            ScannerRegistry scannerRegistry
     ) {
         this.repositories = repositories;
         this.objectMapper = objectMapper;
         this.fileDecisionRepository = fileDecisionRepository;
         this.scannerJobRepository = scannerJobRepository;
+        this.scannerRegistry = scannerRegistry;
     }
 
     /**
@@ -207,7 +210,8 @@ public void recordCheckResult(
             int findingsCount,
             @Nullable String summary,
             @Nullable String errorMessage,
-            @Nullable Long scannerJobId
+            @Nullable Long scannerJobId,
+            @Nullable Boolean required
     ) {
         var checkResult = new ScanCheckResult();
         checkResult.setScan(scan);
@@ -222,12 +226,13 @@ public void recordCheckResult(
         checkResult.setSummary(summary);
         checkResult.setErrorMessage(errorMessage);
         checkResult.setScannerJobId(scannerJobId);
+        checkResult.setRequired(required);
 
         repositories.saveScanCheckResult(checkResult);
 
-        logger.debug("Recorded check result: {}.{} {} (scan={}) type={}, result={}, duration={}ms",
+        logger.debug("Recorded check result: {}.{} {} (scan={}) type={}, result={}, duration={}ms, required={}",
             scan.getNamespaceName(), scan.getExtensionName(), scan.getExtensionVersion(),
-            scan.getId(), checkType, result, checkResult.getDurationMs());
+            scan.getId(), checkType, result, checkResult.getDurationMs(), required);
     }
 
     /**
@@ -251,6 +256,10 @@ public void recordScannerJobResult(
             return;
         }
 
+        // Look up the scanner to get its "required" configuration
+        Scanner scanner = scannerRegistry.getScanner(job.getScannerType());
+        Boolean required = scanner != null ? scanner.isRequired() : true;  // Default to required if scanner not found
+        
         recordCheckResult(
             scan,
             job.getScannerType(),
@@ -262,7 +271,8 @@ public void recordScannerJobResult(
             findingsCount,
             summary,
             errorMessage,
-            job.getId()
+            job.getId(),
+            required
         );
     }