From 98bf40ebaee3c18cb8303990d3d3691556b4a8fc Mon Sep 17 00:00:00 2001
From: Niklas Burchhardt <niklas.burchhardt@digits.schwarz>
Date: Tue, 2 Jun 2026 10:05:43 +0200
Subject: [PATCH 1/3] add gitleaks action to pipeline

---
 .github/workflows/main.yml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 1d9a5cef..bf970ad2 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -14,6 +14,20 @@ on:
   workflow_dispatch:
 
 jobs:
+  gitleaks:
+    name: Secret Scanner
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0 # Gitleaks needs the full history to scan properly
+
+      - name: Run Gitleaks
+        uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
   test:
     strategy:
       matrix:

From 0c16554de35c000ababba65a434a1d3477bd546e Mon Sep 17 00:00:00 2001
From: Niklas Burchhardt <niklas.burchhardt@digits.schwarz>
Date: Tue, 2 Jun 2026 10:09:35 +0200
Subject: [PATCH 2/3] add gitleaks license to pipeline

---
 .github/workflows/main.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index bf970ad2..f7c5996b 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -27,6 +27,7 @@ jobs:
         uses: gitleaks/gitleaks-action@v2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}
 
   test:
     strategy:

From b1e257437dd29c74d1d0448168f2efd1de42e006 Mon Sep 17 00:00:00 2001
From: Niklas Burchhardt <niklas.burchhardt@digits.schwarz>
Date: Tue, 2 Jun 2026 10:13:08 +0200
Subject: [PATCH 3/3] update gitleaks action version to v3

---
 .github/workflows/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index f7c5996b..92b1cf0f 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -24,7 +24,7 @@ jobs:
           fetch-depth: 0 # Gitleaks needs the full history to scan properly
 
       - name: Run Gitleaks
-        uses: gitleaks/gitleaks-action@v2
+        uses: gitleaks/gitleaks-action@v3
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}