From 4bdf24318fc334a3efa7d253c646cf0d9c7bf350 Mon Sep 17 00:00:00 2001
From: Maksym <maksym.kryva@gmail.com>
Date: Mon, 20 Feb 2023 18:40:25 +0200
Subject: [PATCH] chore(security): add workflow for leaked secrets monitoring

---
 .github/workflows/secrets_scanner.yaml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 .github/workflows/secrets_scanner.yaml

diff --git a/.github/workflows/secrets_scanner.yaml b/.github/workflows/secrets_scanner.yaml
new file mode 100644
index 00000000000..54054cf7cc1
--- /dev/null
+++ b/.github/workflows/secrets_scanner.yaml
@@ -0,0 +1,17 @@
+name: Leaked Secrets Scan
+on: [pull_request]
+jobs:
+  TruffleHog:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3
+        with:
+          fetch-depth: 0
+      - name: TruffleHog OSS
+        uses: trufflesecurity/trufflehog@0c66d30c1f4075cee1aada2e1ab46dabb1b0071a
+        with:
+          path: ./
+          base: ${{ github.event.repository.default_branch }}
+          head: HEAD
+          extra_args: --debug --only-verified