Replace gitleaks with trufflehog for secret scanning

Daniel Abeles · Daniel Abeles · commit 7d772268a6ad · 2026-01-12T16:26:00.000+02:00
- Remove gitleaks.yaml workflow
- Add trufflehog.yaml workflow using trufflesecurity/trufflehog@main
- Configure with --only-verified flag for fewer false positives
diff --git a/.github/workflows/trufflehog.yaml b/.github/workflows/trufflehog.yaml
@@ -1,4 +1,4 @@
-name: gitleaks
+name: trufflehog
 
 on:
   pull_request:
@@ -7,12 +7,12 @@ on:
 
 jobs:
   scan:
-    name: gitleaks
+    name: trufflehog
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - uses: gitleaks/gitleaks-action@v2
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - uses: trufflesecurity/trufflehog@main
+        with:
+          extra_args: --only-verified
