From a9be38a738b348d7ba6df598dfea5cd667c32ef3 Mon Sep 17 00:00:00 2001
From: Niklas Burchhardt <niklas.burchhardt@digits.schwarz>
Date: Tue, 2 Jun 2026 10:30:23 +0200
Subject: [PATCH] add gitleaks as credential scanner to actions

---
 .github/workflows/main.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 0b99158..ae8adf4 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -15,6 +15,21 @@ on:
   workflow_dispatch:
 
 jobs:
+  gitleaks:
+    name: Secret Scanner
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0 # Gitleaks needs the full history to scan properly
+
+      - name: Run Gitleaks
+        uses: gitleaks/gitleaks-action@v3
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}
+
   test:
     runs-on: ubuntu-latest