diff --git a/.github/actions/extract-branch/action.yml b/.github/actions/extract-branch/action.yml
new file mode 100644
index 00000000000..4c9aea311f5
--- /dev/null
+++ b/.github/actions/extract-branch/action.yml
@@ -0,0 +1,26 @@
+---
+name: "Extract branch name"
+description: "Extract branch name based on pr or push"
+outputs:
+  branch-name:
+    description: "Branch name"
+    value: ${{ steps.branch-name.outputs.branch-name }}
+runs:
+  using: "composite"
+  steps:
+    - name: ⏬ Get branch name
+      uses: actions/github-script@v6
+      id: get-branch-name
+      with:
+        result-encoding: string
+        script: |
+          return (
+          context?.payload?.pull_request?.head?.ref ||
+          context?.payload?.ref
+          ).replace("refs/heads/","");
+    - name: 🪑 Set output
+      id: branch-name
+      run: echo "::set-output name=branch-name::$(echo $BRANCH_NAME)"
+      shell: bash
+      env:
+        BRANCH_NAME: ${{steps.get-branch-name.outputs.result}}
diff --git a/.github/workflows/00-scan-secrets.yml b/.github/workflows/00-scan-secrets.yml
index 725e6a1dfe5..d3e6674c617 100644
--- a/.github/workflows/00-scan-secrets.yml
+++ b/.github/workflows/00-scan-secrets.yml
@@ -13,15 +13,14 @@ jobs:
           fetch-depth: 0
 
       - name: ↔ Extract branch name
-        shell: bash
-        run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
+        uses: ./.github/actions/extract-branch
         id: extract_branch
 
       - name: 🐷 TruffleHog OSS
-        uses: trufflesecurity/trufflehog@v3.15.0
+        uses: trufflesecurity/trufflehog@v3.15.1
         with:
           path: ./
-          base: ${{ steps.extract_branch.outputs.branch }}
+          base: ${{ steps.extract_branch.outputs.branch-name }}
           head: HEAD
 
       - name: 💀 Killing me softly