From 6be68dcc4010a3d094d26bac3a8acf609588da7e Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 11 Jan 2026 20:14:29 +0000
Subject: [PATCH 1/2] Initial plan


From ca33ea5d0bfec9ab690b00914e151c85387a762d Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 11 Jan 2026 20:16:39 +0000
Subject: [PATCH 2/2] Fix TruffleHog secrets scan error by handling different
 event types

Co-authored-by: jamespepper81 <84083764+jamespepper81@users.noreply.github.com>
---
 .github/workflows/security.yml | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index 52b7b35..c58911a 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -58,12 +58,29 @@ jobs:
         with:
           fetch-depth: 0
           
-      - name: 🔍 TruffleHog Secret Scan
+      - name: 🔍 TruffleHog Secret Scan (PR)
+        if: github.event_name == 'pull_request'
+        uses: trufflesecurity/trufflehog@main
+        with:
+          path: ./
+          base: ${{ github.event.pull_request.base.sha }}
+          head: ${{ github.event.pull_request.head.sha }}
+          extra_args: --debug --only-verified
+          
+      - name: 🔍 TruffleHog Secret Scan (Push)
+        if: github.event_name == 'push'
+        uses: trufflesecurity/trufflehog@main
+        with:
+          path: ./
+          base: ${{ github.event.before }}
+          head: ${{ github.sha }}
+          extra_args: --debug --only-verified
+          
+      - name: 🔍 TruffleHog Secret Scan (Scheduled/Full Scan)
+        if: github.event_name == 'schedule'
         uses: trufflesecurity/trufflehog@main
         with:
           path: ./
-          base: ${{ github.event.repository.default_branch }}
-          head: HEAD
           extra_args: --debug --only-verified
           
   file-check: