Merge pull request #8 from vectorize-io/addTruffleHog

Try CLI mode

Author: DK09876

.github/workflows/secret-scan.yml

@@ -1,22 +1,24 @@
-name: TruffleHog Secret Scan
+name: GitLeaks Security Scan
 
 on:
   push:
-    branches: [ main, '**' ]
+    branches: [ '*' ]
   pull_request:
-    branches: [ main, '**' ]
+    branches: [ '*' ]
 
 jobs:
-  trufflehog:
+  gitleaks:
+    name: Secret Detection
     runs-on: ubuntu-latest
-
+    
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
-
-      - name: Run TruffleHog on PR diff
-        uses: trufflesecurity/trufflehog@v3.76.0
         with:
-          path: .
-          base: ${{ github.event.pull_request.base.sha || github.event.before }}
-          head: ${{ github.sha }}
+          fetch-depth: 0
+
+      - name: Run GitLeaks
+        uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}

.gitleaksignore

@@ -0,0 +1 @@
+eef9e35c47b95f2024383738859791d3d33d57bd:.github/workflows/secret-scan.yml:generic-api-key:26