From 34848a09327b60f5e0b1f447969111d2329dc639 Mon Sep 17 00:00:00 2001
From: brijeshp56 <brpatel@progress.com>
Date: Fri, 16 Jan 2026 11:44:14 +0530
Subject: [PATCH] PDP-684 : Update trufflehog-scan.yml for detecting the
 renamed files

PDP-684 : Update trufflehog-scan.yml for detecting the renamed files
---
 .github/workflows/trufflehog-scan.yml | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/trufflehog-scan.yml b/.github/workflows/trufflehog-scan.yml
index d914908..7e774a8 100644
--- a/.github/workflows/trufflehog-scan.yml
+++ b/.github/workflows/trufflehog-scan.yml
@@ -41,6 +41,12 @@ jobs:
         with:
           fetch-depth: 0
 
+      - name: Configure Git for rename detection
+        run: |
+          git config --global diff.renames false
+          git config --global diff.renameLimit 0
+          echo "Git configured to treat renames as delete+add"
+
       - name: Fetch PR head commits
         if: github.event_name != 'workflow_dispatch'
         run: |
@@ -88,6 +94,11 @@ jobs:
           UNVERIFIED_COUNT=0
           
           SCAN_OUTPUT=$(docker run --rm -v "$(pwd)":/tmp -w /tmp \
+            -e GIT_CONFIG_COUNT=2 \
+            -e GIT_CONFIG_KEY_0=diff.renames \
+            -e GIT_CONFIG_VALUE_0=false \
+            -e GIT_CONFIG_KEY_1=diff.renameLimit \
+            -e GIT_CONFIG_VALUE_1=0 \
             ghcr.io/trufflesecurity/trufflehog:latest \
             git file:///tmp/ \
             --since-commit ${{ github.event.pull_request.base.sha }} \
@@ -261,4 +272,4 @@ jobs:
         if: steps.process.outputs.has_verified == 'true'
         run: |
           echo "::error::VERIFIED SECRETS DETECTED - These are confirmed active credentials that must be removed and rotated immediately."
-          exit 1
\ No newline at end of file
+          exit 1