Update the secret scanning workflow to replace gitleaks by trufflehog. This is mostly because the gitleaks action is facing some technical challenges that aren't being addressed (build problems leading to use of deprecated functionality).
The primary drawback I see for using trufflehog over gitleaks is that the action isn't really pinnable (it's a composable action that runs a Docker image). The VERSION input could be used to pin the container, but that wouldn't be supported by automation to auto-update. For this use case and this purpose I'd prefer staying up-to-date with latest automatically (and I'd just like to try trufflehog for an extended period of time).
Relates to #21
Summary
Update the secret scanning workflow to replace
gitleaksbytrufflehog. This is mostly because thegitleaksaction is facing some technical challenges that aren't being addressed (build problems leading to use of deprecated functionality).The primary drawback I see for using
trufflehogovergitleaksis that the action isn't really pinnable (it's a composable action that runs a Docker image). The VERSION input could be used to pin the container, but that wouldn't be supported by automation to auto-update. For this use case and this purpose I'd prefer staying up-to-date with latest automatically (and I'd just like to trytrufflehogfor an extended period of time).