diff --git a/.github/workflows/secrets-scan.yml b/.github/workflows/secrets-scan.yml
new file mode 100644
index 00000000..049c02f4
--- /dev/null
+++ b/.github/workflows/secrets-scan.yml
@@ -0,0 +1,29 @@
+name: Secrets Scan
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+jobs:
+  security-secrets:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: '2'
+          ref: '${{ github.event.pull_request.head.ref }}'
+      - run: |
+          git reset --soft HEAD~1
+      - name: Install Talisman
+        run: |
+          # Download Talisman
+          wget https://github.com/thoughtworks/talisman/releases/download/v1.37.0/talisman_linux_amd64 -O talisman
+
+          # Checksum verification
+          checksum=$(sha256sum ./talisman | awk '{print $1}')
+          if [ "$checksum" != "8e0ae8bb7b160bf10c4fa1448beb04a32a35e63505b3dddff74a092bccaaa7e4" ]; then exit 1; fi  
+
+          # Make it executable
+          chmod +x talisman
+      - name: Run talisman
+        run: |
+          # Run Talisman with the pre-commit hook
+          ./talisman --githook pre-commit
\ No newline at end of file
diff --git a/.talismanrc b/.talismanrc
index f1e85f86..41223457 100644
--- a/.talismanrc
+++ b/.talismanrc
@@ -1,6 +1,9 @@
 fileignoreconfig:
-  - filename: package-lock.json
-    checksum: 1c800fd99bd50e77185fe36aa6494210e33096452dc72280a9931fc4a3dc67e3
-  - filename: .husky/pre-commit
-    checksum: 5baabd7d2c391648163f9371f0e5e9484f8fb90fa2284cfc378732ec3192c193
+- filename: .github/workflows/secrets-scan.yml
+  ignore_detectors:
+    - filecontent
+- filename: package-lock.json
+  checksum: 9d0340f9359927d477fe8ab4650642c068c592be63fb817651d866849e0dbbc2
+- filename: .husky/pre-commit
+  checksum: 5baabd7d2c391648163f9371f0e5e9484f8fb90fa2284cfc378732ec3192c193
 version: ""
\ No newline at end of file