diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 6d232ab..483adb2 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -23,7 +23,7 @@ jobs:
       - name: Use Node.js
         uses: actions/setup-node@v2
         with:
-          node-version: '14'
+          node-version: "14"
 
       - name: Install modules
         run: npm install --no-audit
@@ -35,4 +35,6 @@ jobs:
         run: npm run build-package
 
       - name: Run unit tests
-        run: CHROME_BIN=`which chrome || which chromium-browser` ENV_BROWSER=Chrome_headless npm run test
+        run: |
+          export NO_SANDBOX=true
+          CHROME_BIN=`which chrome || which chromium-browser` ENV_BROWSER=Chrome_headless npm run test
diff --git a/.github/workflows/trufflehog.yml b/.github/workflows/trufflehog.yml
new file mode 100644
index 0000000..290896d
--- /dev/null
+++ b/.github/workflows/trufflehog.yml
@@ -0,0 +1,28 @@
+name: TruffleHog
+
+on:
+    workflow_dispatch:
+    pull_request:
+        types: [opened, synchronize, reopened]
+    schedule:
+        - cron: '0 2 * * 1-5'
+
+jobs:
+    scan:
+        runs-on: ubuntu-24.04
+
+        concurrency:
+            group: ${{ github.ref }}-trufflehog
+            cancel-in-progress: false
+
+        steps:
+            - name: Clone Repository
+              uses: actions/checkout@v4
+              with:
+                  fetch-depth: 0
+
+            - name: TruffleHog scan
+              uses: trufflesecurity/trufflehog@main
+              with:
+                  path: ./
+                  extra_args: --results=verified,unknown