fix: trufflehog (#4674)

* fix: trufflehog

* Update 00-scan-secrets.yml

* Update README.md

* Update .github/workflows/00-scan-secrets.yml

Co-authored-by: Copilot <[email protected]>

---------

Co-authored-by: Copilot <[email protected]>

Author: mfranzke

.github/workflows/00-scan-secrets.yml

@@ -12,17 +12,16 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: ↔ Extract branch name
-        uses: ./.github/actions/extract-branch
-        id: extract_branch
-
+      # https://github.com/marketplace/actions/trufflehog-oss#advanced-usage-scan-entire-branch
       - name: 🐷 TruffleHog OSS
         if: ${{ github.event.pull_request != null }} # only scan on pull-requests
         uses: trufflesecurity/trufflehog@main
         with:
-          path: ./
-          base: ${{ steps.extract_branch.outputs.branch-name }}
-          head: HEAD
+          # Setting base to an empty string scans the entire branch, per TruffleHog OSS advanced usage:
+          # https://github.com/marketplace/actions/trufflehog-oss#advanced-usage-scan-entire-branch
+          base: ""
+          head: ${{ github.ref_name }}
+          extra_args: --results=verified,unknown
 
       - name: 💀 Killing me softly
         uses: ./.github/actions/cancel-workflow