fix: trufflehog (#660)

Author: mfranzke

.github/workflows/00-scan-secrets.yml

@@ -13,10 +13,13 @@ jobs:
         with:
           fetch-depth: 0
 
+      # https://github.com/marketplace/actions/trufflehog-oss#advanced-usage-scan-entire-branch
       - name: 🐷 TruffleHog OSS
         uses: trufflesecurity/[email protected]
         if: ${{ github.event.pull_request != null }} # only scan on pull-requests
         with:
-          path: ./
-          base: ${{ github.event.repository.default_branch }}
-          head: HEAD
+          # Setting base to an empty string scans the entire branch, per TruffleHog OSS advanced usage:
+          # https://github.com/marketplace/actions/trufflehog-oss#advanced-usage-scan-entire-branch
+          base: ""
+          head: ${{ github.ref_name }}
+          extra_args: --results=verified,unknown