Merge pull request #186 from awslabs/fix/trufflehog-agpl-license-exemption

fix(ci): exempt trufflehog from AGPL-3.0 license check

Author: fgogolli

.github/dependabot.yml

@@ -77,7 +77,7 @@ updates:
       - "dependencies"
       - "github-actions"
     commit-message:
-      prefix: "chore(ci)"
+      prefix: "ci"
       include: "scope"
     open-pull-requests-limit: 2
     groups:

.github/workflows/security-code.yml

@@ -115,7 +115,7 @@ jobs:
         allow-licenses: MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, Unlicense
         # werkzeug 3.1.6 reports compound SPDX 'BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference'
         # due to upstream metadata issue — it is BSD-3-Clause, exempt it from license check
-        allow-dependencies-licenses: 'pkg:pypi/werkzeug'
+        allow-dependencies-licenses: 'pkg:pypi/werkzeug, pkg:githubactions/trufflesecurity/trufflehog'
 
   codeql-analysis:
     name: CodeQL Analysis