From aca0e1b079829f6126683ee7cf4de1596afce373 Mon Sep 17 00:00:00 2001
From: geoffg-sentry <165922362+geoffg-sentry@users.noreply.github.com>
Date: Tue, 16 Dec 2025 11:41:07 -0500
Subject: [PATCH 1/2] Update secret-scan

Pull the release and tag dynamically, n-1 from the latest release
---
 .github/workflows/secret-scan.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/secret-scan.yml b/.github/workflows/secret-scan.yml
index 48ff811..e11e163 100644
--- a/.github/workflows/secret-scan.yml
+++ b/.github/workflows/secret-scan.yml
@@ -23,8 +23,8 @@ jobs:
         #   echo "latest_tag_name=$LATEST_TAG_NAME" >> "$GITHUB_OUTPUT"
         #   echo "latest_release=$LATEST_RELEASE" >> "$GITHUB_OUTPUT"
         run: |
-          echo "latest_tag_name=v3.89.2" >> "$GITHUB_OUTPUT"
-          echo "latest_release=3.89.2" >> "$GITHUB_OUTPUT"
+          LATEST_TAG_NAME=$(curl -s https://api.github.com/repos/trufflesecurity/trufflehog/releases | jq -r '.[1].tag_name')
+          LATEST_RELEASE=${LATEST_TAG_NAME#v}
       - name: Download and verify TruffleHog release
         run: |
           curl -sLO https://github.com/trufflesecurity/trufflehog/releases/download/${{ steps.trufflehog_release.outputs.latest_tag_name }}/trufflehog_${{ steps.trufflehog_release.outputs.latest_release }}_checksums.txt

From 66e7a71e76a6bdb4007b61b9847fd32ab4d87325 Mon Sep 17 00:00:00 2001
From: geoffg-sentry <165922362+geoffg-sentry@users.noreply.github.com>
Date: Tue, 16 Dec 2025 11:45:36 -0500
Subject: [PATCH 2/2] fix github output

---
 .github/workflows/secret-scan.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/secret-scan.yml b/.github/workflows/secret-scan.yml
index e11e163..f2e9e9e 100644
--- a/.github/workflows/secret-scan.yml
+++ b/.github/workflows/secret-scan.yml
@@ -23,8 +23,8 @@ jobs:
         #   echo "latest_tag_name=$LATEST_TAG_NAME" >> "$GITHUB_OUTPUT"
         #   echo "latest_release=$LATEST_RELEASE" >> "$GITHUB_OUTPUT"
         run: |
-          LATEST_TAG_NAME=$(curl -s https://api.github.com/repos/trufflesecurity/trufflehog/releases | jq -r '.[1].tag_name')
-          LATEST_RELEASE=${LATEST_TAG_NAME#v}
+          echo "latest_tag_name=$(curl -s https://api.github.com/repos/trufflesecurity/trufflehog/releases | jq -r '.[1].tag_name')" >> "$GITHUB_OUTPUT"
+          echo "latest_release=$(curl -s https://api.github.com/repos/trufflesecurity/trufflehog/releases | jq -r '.[1].tag_name | ltrimstr("v")')" >> "$GITHUB_OUTPUT"
       - name: Download and verify TruffleHog release
         run: |
           curl -sLO https://github.com/trufflesecurity/trufflehog/releases/download/${{ steps.trufflehog_release.outputs.latest_tag_name }}/trufflehog_${{ steps.trufflehog_release.outputs.latest_release }}_checksums.txt