diff --git a/.github/workflows/trufflehog-scan.yml b/.github/workflows/trufflehog-scan.yml
new file mode 100644
index 00000000..17d77a71
--- /dev/null
+++ b/.github/workflows/trufflehog-scan.yml
@@ -0,0 +1,43 @@
+###
+# Foundation-security Trufflehog workflow
+# version: 2.0
+###
+name: Foundation-Security/Trufflehog Scan
+
+on:
+  push:
+    tags:
+      - "**"
+    branches:
+      - "**"
+
+jobs:
+  Trufflehog-Scan:
+    runs-on: ubuntu-22.04
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - name: Checkout source repository
+        id: checkout-source
+        uses: actions/checkout@v4
+        with:
+          repository: ${{github.repository}}
+          ref: ${{ github.ref }}
+          path: source
+          token: ${{secrets.GH_SLONIK}}
+
+      - name: Checkout foundation-security repository
+        id: checkout-foundation-security
+        uses: actions/checkout@v4
+        with:
+          repository: EnterpriseDB/foundation-security
+          ref: v2
+          path: foundation-security
+          token: ${{secrets.GH_SLONIK}}
+
+      - name: Secrets Scan
+        id: call-th-composite
+        uses: ./foundation-security/actions/trufflehog
+        with:
+          cloudsmith-token: ${{ secrets.CLOUDSMITH_READ_ALL }}