diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 17ea063ff0..8b7148227e 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -65,3 +65,16 @@ See [Debugging](docs/contributing/debugging.md)
 ### Understanding Muzzle
 
 See [Understanding Muzzle](docs/contributing/muzzle.md)
+
+### Troubleshooting PR build failures
+
+The build logs are very long and there is a lot of parallelization, so the logs can be hard to
+decipher, but if you scroll to the bottom you should see something like:
+
+```
+Publishing build scan...
+https://gradle.com/s/ila4qwp5lcf5s
+```
+
+Opening the build scan link can sometimes take several seconds (it's a large build), but it
+typically makes it a lot clearer what's failing.
diff --git a/settings.gradle.kts b/settings.gradle.kts
index b4d1b4ed5a..4f3deaebea 100644
--- a/settings.gradle.kts
+++ b/settings.gradle.kts
@@ -28,9 +28,18 @@ dependencyResolutionManagement {
 
 val gradleEnterpriseServer = "https://ge.opentelemetry.io"
 val isCI = System.getenv("CI") != null
+val geAccessKey = System.getenv("GRADLE_ENTERPRISE_ACCESS_KEY") ?: ""
+
+// if GE access key is not given and we are in CI, then we publish to scans.gradle.com
 gradleEnterprise {
-  server = gradleEnterpriseServer
+  if (geAccessKey.isNotEmpty()) {
+    server = gradleEnterpriseServer
+  }
   buildScan {
+    if (isCI && geAccessKey.isEmpty()) {
+      termsOfServiceUrl = "https://gradle.com/terms-of-service"
+      termsOfServiceAgree = "yes"
+    }
     publishAlways()
     this as com.gradle.enterprise.gradleplugin.internal.extension.BuildScanExtensionWithHiddenFeatures
     publishIfAuthenticated()