From bdc9d7da166d3385b391b9971e43aac22a5cdbe8 Mon Sep 17 00:00:00 2001
From: nikhil2611 <ngupta@progress.com>
Date: Tue, 19 May 2026 13:48:33 +0530
Subject: [PATCH] CHEF-31159: Setup common config to block PR merges if
 trufflehog fails

Signed-off-by: nikhil2611 <ngupta@progress.com>
---
 .github/workflows/ci-main-pull-request-stub-1.0.8.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/ci-main-pull-request-stub-1.0.8.yml b/.github/workflows/ci-main-pull-request-stub-1.0.8.yml
index 2c80041d..fe42847f 100644
--- a/.github/workflows/ci-main-pull-request-stub-1.0.8.yml
+++ b/.github/workflows/ci-main-pull-request-stub-1.0.8.yml
@@ -104,6 +104,7 @@ jobs:
       # scc-output-filename: 'scc-output.txt'
       perform-language-linting: false    # Perform language-specific linting and pre-compilation checks
       perform-trufflehog-scan: true
+      fail-trufflehog-on-secrets-found: true
       perform-trivy-scan: true
 
       # grype vulnerability scanning