Yelp · ReGenDevOps · Mar 5, 2026
diff --git a/detect_secrets/core/scan.py b/detect_secrets/core/scan.py
@@ -226,7 +226,13 @@ def _scan_for_allowlisted_secrets_in_lines(
     get_settings().disable_filters('detect_secrets.filters.allowlist.is_line_allowlisted')
     get_filters.cache_clear()
 
-    line_numbers, lines = zip(*lines)
+    # Guard against empty files / empty diffs which yield no lines.
+    # zip(*[]) raises ValueError: not enough values to unpack.
+    lines_list = list(lines)
+    if not lines_list:
+        return
+
+    line_numbers, lines = zip(*lines_list)
     line_content = [line.rstrip() for line in lines]
     for line_number, line in zip(line_numbers, line_content):
         context = get_code_snippet(line_content, line_number)

diff --git a/tests/core/scan_test.py b/tests/core/scan_test.py
@@ -96,6 +96,13 @@ def test_handles_binary_files_gracefully():
 
             assert not list(scan.scan_file(f.name))
 
+    @staticmethod
+    def test_handles_empty_file_for_allowlisted_scan():
+        """Empty files should not raise ValueError in scan_for_allowlisted_secrets_in_file."""
+        with mock_named_temporary_file(suffix='.py') as f:
+            # File is empty (0 bytes) — no lines to unpack.
+            assert not list(scan.scan_for_allowlisted_secrets_in_file(f.name))
+
 
 @pytest.fixture(autouse=True)
 def configure_plugins():