From 51fff22d42dc84f4ecbea3bf806c5dd5d15d05d4 Mon Sep 17 00:00:00 2001
From: Brijesh Kumar Patel <BrijeshKumar.Patel@progress.com>
Date: Wed, 17 Dec 2025 10:53:53 +0530
Subject: [PATCH] PDP-684: Adding workflow for scanning the pull requests

---
 .github/workflows/trufflehog-scan.yml | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 .github/workflows/trufflehog-scan.yml

diff --git a/.github/workflows/trufflehog-scan.yml b/.github/workflows/trufflehog-scan.yml
new file mode 100644
index 0000000..48b1057
--- /dev/null
+++ b/.github/workflows/trufflehog-scan.yml
@@ -0,0 +1,21 @@
+# Copyright (c) 2003-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
+name: Trufflehogscan
+on:
+  pull_request:  # Changed from pull_request_target to read workflow from PR branch
+    types: [opened, edited, reopened, synchronize]
+
+jobs:
+  trufflehog-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          fetch-depth: 0
+      - name: Secret Scanning
+        uses: trufflesecurity/trufflehog@main
+        with:
+          base: ${{ github.event.pull_request.base.sha }}
+          head: ${{ github.event.pull_request.head.sha }}
+          extra_args: --results=verified,unknown --exclude-paths=.trufflehog-exclude
\ No newline at end of file