From 0472df9eb7f592a90efa2e07a2d272c0a8d9e7cb Mon Sep 17 00:00:00 2001
From: kobenguyent <7845001+kobenguyent@users.noreply.github.com>
Date: Fri, 3 Apr 2026 14:15:52 +0200
Subject: [PATCH 1/2] Create gitleaks.yml

---
 .github/workflows/gitleaks.yml | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 .github/workflows/gitleaks.yml

diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml
new file mode 100644
index 000000000..0311fa9a0
--- /dev/null
+++ b/.github/workflows/gitleaks.yml
@@ -0,0 +1,28 @@
+name: Gitleaks Secret Scan
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  gitleaks:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Scan git commit history
+        uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Scan codebase (working tree)
+        uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITLEAKS_SCAN_MODE: detect
+          GITLEAKS_ENABLE_UPLOAD_ARTIFACT: "false"
\ No newline at end of file

From 0092e04b8fb089d93e93f22f460375c981a084ab Mon Sep 17 00:00:00 2001
From: kobenguyent <7845001+kobenguyent@users.noreply.github.com>
Date: Fri, 3 Apr 2026 14:22:39 +0200
Subject: [PATCH 2/2] Update gitleaks.yml

---
 .github/workflows/gitleaks.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml
index 0311fa9a0..ac771c8b7 100644
--- a/.github/workflows/gitleaks.yml
+++ b/.github/workflows/gitleaks.yml
@@ -19,10 +19,12 @@ jobs:
         uses: gitleaks/gitleaks-action@v2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }} # Only required for Organizations, not personal accounts.
 
       - name: Scan codebase (working tree)
         uses: gitleaks/gitleaks-action@v2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GITLEAKS_SCAN_MODE: detect
+          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }} # Only required for Organizations, not personal accounts.
           GITLEAKS_ENABLE_UPLOAD_ARTIFACT: "false"
\ No newline at end of file