From 1d46e46c8dfa481752d5f07c0900245f49659cb8 Mon Sep 17 00:00:00 2001
From: yotamelo <88616986+yotamleo@users.noreply.github.com>
Date: Wed, 11 Mar 2026 00:32:39 +0100
Subject: [PATCH] fix(ci): [OPS-715] add gitleaks secret scanning with
 diff-scan optimization

---
 .github/workflows/gitleaks.yaml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 .github/workflows/gitleaks.yaml

diff --git a/.github/workflows/gitleaks.yaml b/.github/workflows/gitleaks.yaml
new file mode 100644
index 0000000..06716b4
--- /dev/null
+++ b/.github/workflows/gitleaks.yaml
@@ -0,0 +1,14 @@
+name: gitleaks
+on:
+  push:
+    branches: [main]
+  pull_request:
+jobs:
+  scan:
+    uses: knostic/.github/.github/workflows/gitleaks.yaml@fix/gitleaks-scan-range
+    with:
+      event_name: ${{ github.event_name }}
+      base_sha: ${{ github.event.pull_request.base.sha || '' }}
+      before_sha: ${{ github.event.before || '' }}
+      forced: ${{ github.event.forced == true }}
+    secrets: inherit