{{- define "template.scan-trufflehog" }}
- name: scan-trufflehog
      container:
        image: trufflesecurity/trufflehog:latest
        command:
          - sh
          - -c
        args:
          - |
            set -eu
            mkdir -p /workspace/reports
            trufflehog filesystem /workspace --json > /workspace/reports/trufflehog.json || true
      volumeMounts:
        - name: workspace
          mountPath: /workspace
{{- end }}