From 869d2641b846a83b0f85ab3741ce3e91ea3953ce Mon Sep 17 00:00:00 2001
From: Jafrullah Mohammad <jafrullah.mohammad1@nhs.net>
Date: Thu, 20 Nov 2025 15:20:08 +0000
Subject: [PATCH] NHSO-59706: Adding gitleaks workflow for defenderforcloud

---
 .../workflows/gitleaks_defenderforcloud.yml   | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 .github/workflows/gitleaks_defenderforcloud.yml

diff --git a/.github/workflows/gitleaks_defenderforcloud.yml b/.github/workflows/gitleaks_defenderforcloud.yml
new file mode 100644
index 0000000..d5badf0
--- /dev/null
+++ b/.github/workflows/gitleaks_defenderforcloud.yml
@@ -0,0 +1,30 @@
+---
+name: Gitleaks_DefenderforCloud
+on:   # yamllint disable-line rule:truthy
+
+  workflow_dispatch:
+  schedule:
+    - cron: "0 22 * * *"    # every day 22:00 UTC
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+  pull-requests: read
+
+concurrency:
+  group: gitleaks-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  scan:
+    uses: NHSDigital/nhsapp-github-migration-tools/.github/workflows/gitleaks_secret_scan.yml@main
+    secrets:
+      NHSAPP_GITLEAKS_LICENSE: ${{ secrets.NHSAPP_GITLEAKS_LICENSE }}
+  scan2:
+    needs: scan
+    if: always()
+    uses: NHSDigital/nhsapp-github-migration-tools/.github/workflows/gitleaks_defenderforcloud.yml@main
+    with:
+      artifact_name: gitleaks-results.sarif
+      # yamllint disable-line rule:new-line-at-end-of-file
+      sarif_path: results.sarif
\ No newline at end of file