GH actions

Author: bsysop

.github/workflows/secret-scanning.yml

@@ -18,10 +18,21 @@ jobs:
         with:
           fetch-depth: 0
 
+      - name: Set base and head
+        id: set_vars
+        run: |
+          if [ "${{ github.event_name }}" = "pull_request" ]; then
+            echo "base=${{ github.event.pull_request.base.sha }}" >> $GITHUB_OUTPUT
+            echo "head=${{ github.event.pull_request.head.sha }}" >> $GITHUB_OUTPUT
+          else
+            echo "base=${{ github.event.before }}" >> $GITHUB_OUTPUT
+            echo "head=${{ github.event.after }}" >> $GITHUB_OUTPUT
+          fi
+
       - name: TruffleHog OSS
         uses: trufflesecurity/trufflehog@main
         with:
           path: ./
-          base: ${{ github.event.repository.default_branch }}
-          head: HEAD
+          base: ${{ steps.set_vars.outputs.base }}
+          head: ${{ steps.set_vars.outputs.head }}
           extra_args: --debug --only-verified