name: Secrets Detection on: pull_request: types: [opened, synchronize, reopened] branches: - master - next permissions: contents: read jobs: secrets: # The called reusable workflow declares these scopes; a narrower caller # grant clamps its token and the secret-scanning check 403s into a warning. permissions: contents: read pull-requests: write issues: write security-events: write uses: ComposioHQ/.github/.github/workflows/secrets-detection.yml@a6c053d4cb1820a7a85bc7837efe47cc0a559e26 # master (#12: SHA-pinned actions) secrets: inherit with: slack_channel: "buzz-security"