From 2e6710efada675b033c9eef4f966a423510dcbfc Mon Sep 17 00:00:00 2001
From: nikhil2611 <ngupta@progress.com>
Date: Mon, 18 May 2026 13:42:50 +0530
Subject: [PATCH 1/2] CHEF-31159: Setup common config to block PR merges if
 trufflehog fails

Signed-off-by: nikhil2611 <ngupta@progress.com>
---
 .github/workflows/ci-main-pull-request-stub-1.0.8.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci-main-pull-request-stub-1.0.8.yml b/.github/workflows/ci-main-pull-request-stub-1.0.8.yml
index 78defb8b..5b3c1741 100644
--- a/.github/workflows/ci-main-pull-request-stub-1.0.8.yml
+++ b/.github/workflows/ci-main-pull-request-stub-1.0.8.yml
@@ -104,6 +104,7 @@ jobs:
       # scc-output-filename: 'scc-output.txt'
       perform-language-linting: false    # Perform language-specific linting and pre-compilation checks
       perform-trufflehog-scan: true
+      fail-trufflehog-on-secrets-found: true
       perform-trivy-scan: true
 
       # grype vulnerability scanning
@@ -180,4 +181,4 @@ jobs:
   
       # udf1: 'default' # user defined flag 1
       # udf2: 'default' # user defined flag 2 
-      # udf3: 'default' # user defined flag 3  
\ No newline at end of file
+      # udf3: 'default' # user defined flag 3  

From 70634f0cb211f2127119529f947372c581a77292 Mon Sep 17 00:00:00 2001
From: nikhil2611 <ngupta@progress.com>
Date: Tue, 19 May 2026 12:04:29 +0530
Subject: [PATCH 2/2] empty commit to run scans

Signed-off-by: nikhil2611 <ngupta@progress.com>