From bf0c407edb237b1a9ce7993c7cf90796246209a6 Mon Sep 17 00:00:00 2001
From: ElenaKhaustova <157851531+ElenaKhaustova@users.noreply.github.com>
Date: Mon, 13 Jan 2025 16:55:09 +0000
Subject: [PATCH] feat(all): Replace trufflehog with detect-secrets (#983)

* Removed trufflehog

Signed-off-by: Elena Khaustova <ymax70rus@gmail.com>

* Updated github actions per plugin

Signed-off-by: Elena Khaustova <ymax70rus@gmail.com>

* Updated release notes

Signed-off-by: Elena Khaustova <ymax70rus@gmail.com>

* Updated validate-pr check scopes

Signed-off-by: Elena Khaustova <ymax70rus@gmail.com>

* Updated lint command

Signed-off-by: Elena Khaustova <ymax70rus@gmail.com>

* Added key to trigger check

Signed-off-by: Elena Khaustova <ymax70rus@gmail.com>

* Updated GH action to track per plugin

Signed-off-by: Elena Khaustova <ymax70rus@gmail.com>

* Removed secret

Signed-off-by: Elena Khaustova <ymax70rus@gmail.com>

* Updated GH for kedro-datasets

Signed-off-by: Elena Khaustova <ymax70rus@gmail.com>

* Updated secrets baseline

Signed-off-by: Elena Khaustova <ymax70rus@gmail.com>

---------

Signed-off-by: Elena Khaustova <ymax70rus@gmail.com>
---
 .github/workflows/detect-secrets.yml     |  46 +++
 .github/workflows/kedro-airflow.yml      |   7 +
 .github/workflows/kedro-datasets.yml     |   7 +
 .github/workflows/kedro-docker.yml       |   7 +
 .github/workflows/kedro-telemetry.yml    |   7 +
 .github/workflows/validate-pr-title.yaml |   1 +
 .pre-commit-config.yaml                  |  12 +-
 .secrets.baseline                        | 494 +++++++++++++++++++++++
 Makefile                                 |   5 +-
 kedro-airflow/RELEASE.md                 |   1 +
 kedro-airflow/pyproject.toml             |   2 +-
 kedro-datasets/RELEASE.md                |   2 +
 kedro-datasets/pyproject.toml            |   2 +-
 kedro-docker/RELEASE.md                  |   1 +
 kedro-docker/pyproject.toml              |   2 +-
 kedro-telemetry/RELEASE.md               |   1 +
 kedro-telemetry/pyproject.toml           |   2 +-
 trufflehog-ignore.txt                    |   3 -
 18 files changed, 585 insertions(+), 17 deletions(-)
 create mode 100644 .github/workflows/detect-secrets.yml
 create mode 100644 .secrets.baseline
 delete mode 100644 trufflehog-ignore.txt

diff --git a/.github/workflows/detect-secrets.yml b/.github/workflows/detect-secrets.yml
new file mode 100644
index 000000000..bd360b52b
--- /dev/null
+++ b/.github/workflows/detect-secrets.yml
@@ -0,0 +1,46 @@
+name: Detect secrets on plugins
+
+on:
+  workflow_call:
+    inputs:
+      plugin:
+        type: string
+      os:
+        type: string
+      python-version:
+        type: string
+
+jobs:
+  detect-secrets:
+    defaults:
+      run:
+        shell: bash
+    runs-on: ${{ inputs.os }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ inputs.python-version }}
+      - name: Cache python packages
+        uses: actions/cache@v4
+        with:
+          path: ~/.cache/pip
+          key: ${{inputs.plugin}}-${{inputs.os}}-python-${{inputs.python-version}}
+          restore-keys: ${{inputs.plugin}}
+      - name: Install uv
+        run: |
+          python -m pip install "uv==0.2.21"
+      - name: Install dependencies
+        run: |
+          cd ${{ inputs.plugin }}
+          uv pip install --system "kedro @ git+https://github.com/kedro-org/kedro@main"
+          uv pip install --system "${{inputs.plugin}}[lint] @ ."
+          uv pip freeze --system
+      - name: Install pre-commit hooks
+        run: |
+          pre-commit install --install-hooks
+          pre-commit install --hook-type pre-push
+      - name: Scan all tracked files
+        run: git ls-files ":(glob)*" ${{ inputs.plugin }} -z | xargs -0 detect-secrets-hook --baseline .secrets.baseline
diff --git a/.github/workflows/kedro-airflow.yml b/.github/workflows/kedro-airflow.yml
index 85e7ca62d..92c269ea2 100644
--- a/.github/workflows/kedro-airflow.yml
+++ b/.github/workflows/kedro-airflow.yml
@@ -46,3 +46,10 @@ jobs:
       plugin: kedro-airflow
       os: ${{ matrix.os }}
       python-version: ${{ matrix.python-version }}
+
+  detect-secrets:
+    uses: ./.github/workflows/detect-secrets.yml
+    with:
+      plugin: kedro-airflow
+      os: ubuntu-latest
+      python-version: "3.11"
diff --git a/.github/workflows/kedro-datasets.yml b/.github/workflows/kedro-datasets.yml
index d5aae0282..010115b73 100644
--- a/.github/workflows/kedro-datasets.yml
+++ b/.github/workflows/kedro-datasets.yml
@@ -61,3 +61,10 @@ jobs:
       - name: Documentation check for kedro-datasets
         run: |
           make check-datasets-docs
+
+  detect-secrets:
+    uses: ./.github/workflows/detect-secrets.yml
+    with:
+      plugin: kedro-datasets
+      os: ubuntu-latest
+      python-version: "3.11"
diff --git a/.github/workflows/kedro-docker.yml b/.github/workflows/kedro-docker.yml
index 66783b3b5..16ffcbafe 100644
--- a/.github/workflows/kedro-docker.yml
+++ b/.github/workflows/kedro-docker.yml
@@ -46,3 +46,10 @@ jobs:
       plugin: kedro-docker
       os: ${{ matrix.os }}
       python-version: ${{ matrix.python-version }}
+
+  detect-secrets:
+    uses: ./.github/workflows/detect-secrets.yml
+    with:
+      plugin: kedro-docker
+      os: ubuntu-latest
+      python-version: "3.11"
diff --git a/.github/workflows/kedro-telemetry.yml b/.github/workflows/kedro-telemetry.yml
index 5584ac775..aac47914e 100644
--- a/.github/workflows/kedro-telemetry.yml
+++ b/.github/workflows/kedro-telemetry.yml
@@ -35,3 +35,10 @@ jobs:
       plugin: kedro-telemetry
       os: ubuntu-latest
       python-version: "3.11"
+
+  detect-secrets:
+    uses: ./.github/workflows/detect-secrets.yml
+    with:
+      plugin: kedro-telemetry
+      os: ubuntu-latest
+      python-version: "3.11"
diff --git a/.github/workflows/validate-pr-title.yaml b/.github/workflows/validate-pr-title.yaml
index b6e6fc808..cb1e65327 100644
--- a/.github/workflows/validate-pr-title.yaml
+++ b/.github/workflows/validate-pr-title.yaml
@@ -19,5 +19,6 @@ jobs:
             datasets
             docker
             telemetry
+            all
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 9f9706a34..9d2eb8de3 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -24,6 +24,12 @@ repos:
       additional_dependencies:
         - black==22.12.0
 
+  - repo: https://github.com/Yelp/detect-secrets
+    rev: v1.5.0
+    hooks:
+      - id: detect-secrets
+        args: [ '--baseline', '.secrets.baseline' ]
+
   - repo: local
     hooks:
       - id: ruff-kedro-datasets
@@ -86,12 +92,6 @@ repos:
         pass_filenames: false
         entry: black kedro-telemetry/kedro_telemetry kedro-telemetry/tests
 
-      - id: secret_scan
-        name: "Secret scan"
-        language: system
-        pass_filenames: false
-        entry: make secret-scan
-
       - id: bandit
         name: "Bandit security check"
         language: system
diff --git a/.secrets.baseline b/.secrets.baseline
new file mode 100644
index 000000000..ce3799e06
--- /dev/null
+++ b/.secrets.baseline
@@ -0,0 +1,494 @@
+{
+  "version": "1.5.0",
+  "plugins_used": [
+    {
+      "name": "ArtifactoryDetector"
+    },
+    {
+      "name": "AWSKeyDetector"
+    },
+    {
+      "name": "AzureStorageKeyDetector"
+    },
+    {
+      "name": "Base64HighEntropyString",
+      "limit": 4.5
+    },
+    {
+      "name": "BasicAuthDetector"
+    },
+    {
+      "name": "CloudantDetector"
+    },
+    {
+      "name": "DiscordBotTokenDetector"
+    },
+    {
+      "name": "GitHubTokenDetector"
+    },
+    {
+      "name": "GitLabTokenDetector"
+    },
+    {
+      "name": "HexHighEntropyString",
+      "limit": 3.0
+    },
+    {
+      "name": "IbmCloudIamDetector"
+    },
+    {
+      "name": "IbmCosHmacDetector"
+    },
+    {
+      "name": "IPPublicDetector"
+    },
+    {
+      "name": "JwtTokenDetector"
+    },
+    {
+      "name": "KeywordDetector",
+      "keyword_exclude": ""
+    },
+    {
+      "name": "MailchimpDetector"
+    },
+    {
+      "name": "NpmDetector"
+    },
+    {
+      "name": "OpenAIDetector"
+    },
+    {
+      "name": "PrivateKeyDetector"
+    },
+    {
+      "name": "PypiTokenDetector"
+    },
+    {
+      "name": "SendGridDetector"
+    },
+    {
+      "name": "SlackDetector"
+    },
+    {
+      "name": "SoftlayerDetector"
+    },
+    {
+      "name": "SquareOAuthDetector"
+    },
+    {
+      "name": "StripeDetector"
+    },
+    {
+      "name": "TelegramBotTokenDetector"
+    },
+    {
+      "name": "TwilioKeyDetector"
+    }
+  ],
+  "filters_used": [
+    {
+      "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
+      "min_level": 2
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_indirect_reference"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_likely_id_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_lock_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_potential_uuid"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_sequential_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_swagger_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_templated_secret"
+    }
+  ],
+  "results": {
+    "kedro-datasets/kedro_datasets/dask/parquet_dataset.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/kedro_datasets/dask/parquet_dataset.py",
+        "hashed_secret": "6e1d66a1596528c308e601c10aa0b92d53606ab9",
+        "is_verified": false,
+        "line_number": 71
+      }
+    ],
+    "kedro-datasets/kedro_datasets/pandas/sql_dataset.py": [
+      {
+        "type": "Basic Auth Credentials",
+        "filename": "kedro-datasets/kedro_datasets/pandas/sql_dataset.py",
+        "hashed_secret": "46e3d772a1888eadff26c7ada47fd7502d796e07",
+        "is_verified": false,
+        "line_number": 130
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/kedro_datasets/pandas/sql_dataset.py",
+        "hashed_secret": "e026e197bb77b12d16ab6986e068751f016d0ea5",
+        "is_verified": false,
+        "line_number": 382
+      }
+    ],
+    "kedro-datasets/kedro_datasets/snowflake/snowpark_dataset.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/kedro_datasets/snowflake/snowpark_dataset.py",
+        "hashed_secret": "a761ce3a45d97e41840a788495e85a70d1bb3815",
+        "is_verified": false,
+        "line_number": 83
+      }
+    ],
+    "kedro-datasets/kedro_datasets/spark/spark_jdbc_dataset.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/kedro_datasets/spark/spark_jdbc_dataset.py",
+        "hashed_secret": "46e3d772a1888eadff26c7ada47fd7502d796e07",
+        "is_verified": false,
+        "line_number": 57
+      }
+    ],
+    "kedro-datasets/kedro_datasets_experimental/langchain/_anthropic.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/kedro_datasets_experimental/langchain/_anthropic.py",
+        "hashed_secret": "b60d121b438a380c343d5ec3c2037564b82ffef3",
+        "is_verified": false,
+        "line_number": 44
+      }
+    ],
+    "kedro-datasets/kedro_datasets_experimental/langchain/_cohere.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/kedro_datasets_experimental/langchain/_cohere.py",
+        "hashed_secret": "b60d121b438a380c343d5ec3c2037564b82ffef3",
+        "is_verified": false,
+        "line_number": 45
+      }
+    ],
+    "kedro-datasets/kedro_datasets_experimental/tests/netcdf/test_netcdf_dataset.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/kedro_datasets_experimental/tests/netcdf/test_netcdf_dataset.py",
+        "hashed_secret": "adb5fabe51f5b45e83fdd91b71c92156fec4a63e",
+        "is_verified": false,
+        "line_number": 17
+      }
+    ],
+    "kedro-datasets/kedro_datasets_experimental/tests/video/test_video_dataset.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/kedro_datasets_experimental/tests/video/test_video_dataset.py",
+        "hashed_secret": "adb5fabe51f5b45e83fdd91b71c92156fec4a63e",
+        "is_verified": false,
+        "line_number": 16
+      }
+    ],
+    "kedro-datasets/tests/dask/test_csv_dataset.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/dask/test_csv_dataset.py",
+        "hashed_secret": "adb5fabe51f5b45e83fdd91b71c92156fec4a63e",
+        "is_verified": false,
+        "line_number": 14
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/dask/test_csv_dataset.py",
+        "hashed_secret": "727d8ff68b6b550f2cf6e737b3cad5149c65fe5b",
+        "is_verified": false,
+        "line_number": 27
+      }
+    ],
+    "kedro-datasets/tests/dask/test_parquet_dataset.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/dask/test_parquet_dataset.py",
+        "hashed_secret": "adb5fabe51f5b45e83fdd91b71c92156fec4a63e",
+        "is_verified": false,
+        "line_number": 16
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/dask/test_parquet_dataset.py",
+        "hashed_secret": "727d8ff68b6b550f2cf6e737b3cad5149c65fe5b",
+        "is_verified": false,
+        "line_number": 29
+      }
+    ],
+    "kedro-datasets/tests/holoviews/test_holoviews_writer.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/holoviews/test_holoviews_writer.py",
+        "hashed_secret": "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3",
+        "is_verified": false,
+        "line_number": 108
+      }
+    ],
+    "kedro-datasets/tests/matplotlib/test_matplotlib_writer.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/matplotlib/test_matplotlib_writer.py",
+        "hashed_secret": "dc724af18fbdd4e59189f5fe768a5f8311527050",
+        "is_verified": false,
+        "line_number": 16
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/matplotlib/test_matplotlib_writer.py",
+        "hashed_secret": "727d8ff68b6b550f2cf6e737b3cad5149c65fe5b",
+        "is_verified": false,
+        "line_number": 59
+      }
+    ],
+    "kedro-datasets/tests/pandas/test_csv_dataset.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/pandas/test_csv_dataset.py",
+        "hashed_secret": "727d8ff68b6b550f2cf6e737b3cad5149c65fe5b",
+        "is_verified": false,
+        "line_number": 66
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/pandas/test_csv_dataset.py",
+        "hashed_secret": "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3",
+        "is_verified": false,
+        "line_number": 213
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/pandas/test_csv_dataset.py",
+        "hashed_secret": "adb5fabe51f5b45e83fdd91b71c92156fec4a63e",
+        "is_verified": false,
+        "line_number": 405
+      }
+    ],
+    "kedro-datasets/tests/pandas/test_generic_dataset.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/pandas/test_generic_dataset.py",
+        "hashed_secret": "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3",
+        "is_verified": false,
+        "line_number": 126
+      }
+    ],
+    "kedro-datasets/tests/pandas/test_json_dataset.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/pandas/test_json_dataset.py",
+        "hashed_secret": "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3",
+        "is_verified": false,
+        "line_number": 140
+      }
+    ],
+    "kedro-datasets/tests/pandas/test_sql_dataset.py": [
+      {
+        "type": "Basic Auth Credentials",
+        "filename": "kedro-datasets/tests/pandas/test_sql_dataset.py",
+        "hashed_secret": "46e3d772a1888eadff26c7ada47fd7502d796e07",
+        "is_verified": false,
+        "line_number": 19
+      }
+    ],
+    "kedro-datasets/tests/pandas/test_xml_dataset.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/pandas/test_xml_dataset.py",
+        "hashed_secret": "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3",
+        "is_verified": false,
+        "line_number": 117
+      }
+    ],
+    "kedro-datasets/tests/partitions/test_incremental_dataset.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/partitions/test_incremental_dataset.py",
+        "hashed_secret": "727d8ff68b6b550f2cf6e737b3cad5149c65fe5b",
+        "is_verified": false,
+        "line_number": 440
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/partitions/test_incremental_dataset.py",
+        "hashed_secret": "adb5fabe51f5b45e83fdd91b71c92156fec4a63e",
+        "is_verified": false,
+        "line_number": 460
+      }
+    ],
+    "kedro-datasets/tests/partitions/test_partitioned_dataset.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/partitions/test_partitioned_dataset.py",
+        "hashed_secret": "76f747de912e8682e29a23cb506dd5bf0de080d2",
+        "is_verified": false,
+        "line_number": 415
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/partitions/test_partitioned_dataset.py",
+        "hashed_secret": "9027cc5a2c1321de60a2d71ccde6229d1152d6d3",
+        "is_verified": false,
+        "line_number": 416
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/partitions/test_partitioned_dataset.py",
+        "hashed_secret": "5dcbdf371f181b9b7a41a4be7be70f8cbee67da7",
+        "is_verified": false,
+        "line_number": 452
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/partitions/test_partitioned_dataset.py",
+        "hashed_secret": "727d8ff68b6b550f2cf6e737b3cad5149c65fe5b",
+        "is_verified": false,
+        "line_number": 503
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/partitions/test_partitioned_dataset.py",
+        "hashed_secret": "adb5fabe51f5b45e83fdd91b71c92156fec4a63e",
+        "is_verified": false,
+        "line_number": 523
+      }
+    ],
+    "kedro-datasets/tests/plotly/test_html_dataset.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/plotly/test_html_dataset.py",
+        "hashed_secret": "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3",
+        "is_verified": false,
+        "line_number": 70
+      }
+    ],
+    "kedro-datasets/tests/plotly/test_json_dataset.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/plotly/test_json_dataset.py",
+        "hashed_secret": "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3",
+        "is_verified": false,
+        "line_number": 83
+      }
+    ],
+    "kedro-datasets/tests/plotly/test_plotly_dataset.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/plotly/test_plotly_dataset.py",
+        "hashed_secret": "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3",
+        "is_verified": false,
+        "line_number": 81
+      }
+    ],
+    "kedro-datasets/tests/polars/test_csv_dataset.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/polars/test_csv_dataset.py",
+        "hashed_secret": "727d8ff68b6b550f2cf6e737b3cad5149c65fe5b",
+        "is_verified": false,
+        "line_number": 65
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/polars/test_csv_dataset.py",
+        "hashed_secret": "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3",
+        "is_verified": false,
+        "line_number": 159
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/polars/test_csv_dataset.py",
+        "hashed_secret": "adb5fabe51f5b45e83fdd91b71c92156fec4a63e",
+        "is_verified": false,
+        "line_number": 351
+      }
+    ],
+    "kedro-datasets/tests/polars/test_eager_polars_dataset.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/polars/test_eager_polars_dataset.py",
+        "hashed_secret": "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3",
+        "is_verified": false,
+        "line_number": 126
+      }
+    ],
+    "kedro-datasets/tests/polars/test_lazy_polars_dataset.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/polars/test_lazy_polars_dataset.py",
+        "hashed_secret": "727d8ff68b6b550f2cf6e737b3cad5149c65fe5b",
+        "is_verified": false,
+        "line_number": 93
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/polars/test_lazy_polars_dataset.py",
+        "hashed_secret": "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3",
+        "is_verified": false,
+        "line_number": 198
+      }
+    ],
+    "kedro-datasets/tests/snowflake/test_snowpark_dataset.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/snowflake/test_snowpark_dataset.py",
+        "hashed_secret": "1365dbfe676a193420ed7981184720b426ef2b7a",
+        "is_verified": false,
+        "line_number": 32
+      }
+    ],
+    "kedro-datasets/tests/spark/test_spark_dataset.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/spark/test_spark_dataset.py",
+        "hashed_secret": "adb5fabe51f5b45e83fdd91b71c92156fec4a63e",
+        "is_verified": false,
+        "line_number": 42
+      }
+    ],
+    "kedro-datasets/tests/spark/test_spark_jdbc_dataset.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/spark/test_spark_jdbc_dataset.py",
+        "hashed_secret": "4f4fa638cf19a2919f12e0105085c123ca5c5172",
+        "is_verified": false,
+        "line_number": 15
+      }
+    ],
+    "kedro-datasets/tests/spark/test_spark_streaming_dataset.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/spark/test_spark_streaming_dataset.py",
+        "hashed_secret": "adb5fabe51f5b45e83fdd91b71c92156fec4a63e",
+        "is_verified": false,
+        "line_number": 17
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "kedro-datasets/tests/spark/test_spark_streaming_dataset.py",
+        "hashed_secret": "727d8ff68b6b550f2cf6e737b3cad5149c65fe5b",
+        "is_verified": false,
+        "line_number": 64
+      }
+    ]
+  },
+  "generated_at": "2025-01-13T16:27:46Z"
+}
diff --git a/Makefile b/Makefile
index c7946d605..e8c8a4e08 100644
--- a/Makefile
+++ b/Makefile
@@ -9,7 +9,7 @@ install-pip-setuptools:
 	python -m pip install -U pip setuptools wheel
 
 lint:
-	pre-commit run -a --hook-stage manual ruff-$(plugin) && pre-commit run trailing-whitespace --all-files && pre-commit run end-of-file-fixer --all-files && pre-commit run check-yaml --all-files && pre-commit run check-added-large-files --all-files && pre-commit run check-case-conflict --all-files && pre-commit run check-merge-conflict --all-files && pre-commit run debug-statements --all-files && pre-commit run black-$(plugin) --all-files --hook-stage manual && pre-commit run secret_scan --all-files --hook-stage manual && pre-commit run bandit --all-files --hook-stage manual
+	pre-commit run -a --hook-stage manual ruff-$(plugin) && pre-commit run trailing-whitespace --all-files && pre-commit run end-of-file-fixer --all-files && pre-commit run check-yaml --all-files && pre-commit run check-added-large-files --all-files && pre-commit run check-case-conflict --all-files && pre-commit run check-merge-conflict --all-files && pre-commit run debug-statements --all-files && pre-commit run black-$(plugin) --all-files --hook-stage manual && pre-commit run bandit --all-files --hook-stage manual
 	$(MAKE) mypy
 
 mypy:
@@ -21,9 +21,6 @@ test:
 e2e-tests:
 	cd $(plugin) && behave
 
-secret-scan:
-	trufflehog --max_depth 1 --exclude_paths trufflehog-ignore.txt .
-
 install-test-requirements:
 	cd $(plugin) && uv pip install ".[test]"
 
diff --git a/kedro-airflow/RELEASE.md b/kedro-airflow/RELEASE.md
index 6bd0b7163..348945ac9 100755
--- a/kedro-airflow/RELEASE.md
+++ b/kedro-airflow/RELEASE.md
@@ -1,4 +1,5 @@
 # Upcoming Release
+* Replaced `trufflehog` with `detect-secrets` for detecting secrets within a code base.
 
 # Release 0.9.2
 * Removed support for Python 3.8
diff --git a/kedro-airflow/pyproject.toml b/kedro-airflow/pyproject.toml
index ec7563cdd..6ef8a8b40 100644
--- a/kedro-airflow/pyproject.toml
+++ b/kedro-airflow/pyproject.toml
@@ -38,9 +38,9 @@ test = [
 lint = [
     "bandit",
     "black~=22.0",
+    "detect-secrets~=1.5.0",
     "mypy~=1.0",
     "pre-commit>=2.9.2",
-    "trufflehog>=2.1.0, <3.0",
     "ruff~=0.0.290",
     # mypy requirements
     "types-PyYAML",
diff --git a/kedro-datasets/RELEASE.md b/kedro-datasets/RELEASE.md
index 27df63f78..15c13da84 100755
--- a/kedro-datasets/RELEASE.md
+++ b/kedro-datasets/RELEASE.md
@@ -1,6 +1,8 @@
 # Upcoming Release
 ## Major features and improvements
 
+- Replaced `trufflehog` with `detect-secrets` for detecting secrets within a code base.
+
 ## Bug fixes and other changes
 
 - Fix polars.CSVDataset `save` method on Windows using `utf-8` as default encoding.
diff --git a/kedro-datasets/pyproject.toml b/kedro-datasets/pyproject.toml
index 3ee8eb9e9..1fcde25c6 100644
--- a/kedro-datasets/pyproject.toml
+++ b/kedro-datasets/pyproject.toml
@@ -270,11 +270,11 @@ lint = [
     "bandit>=1.6.2, <2.0",
     "blacken-docs==1.9.2",
     "black~=22.0",
+    "detect-secrets~=1.5.0",
     "import-linter[toml]==1.2.6",
     "mypy~=1.0",
     "pre-commit>=2.9.2",
     "ruff~=0.0.290",
-    "trufflehog~=2.1",
     # mypy related dependencies
     "types-cachetools",
     "types-PyYAML",
diff --git a/kedro-docker/RELEASE.md b/kedro-docker/RELEASE.md
index f81181579..b7bab9313 100644
--- a/kedro-docker/RELEASE.md
+++ b/kedro-docker/RELEASE.md
@@ -1,4 +1,5 @@
 # Upcoming Release
+* Replaced `trufflehog` with `detect-secrets` for detecting secrets within a code base.
 
 # Release 0.6.2
 
diff --git a/kedro-docker/pyproject.toml b/kedro-docker/pyproject.toml
index 15c8d04fc..b669a0e2d 100644
--- a/kedro-docker/pyproject.toml
+++ b/kedro-docker/pyproject.toml
@@ -39,9 +39,9 @@ test = [
 lint = [
     "bandit",
     "black~=22.0",
+    "detect-secrets~=1.5.0",
     "mypy~=1.0",
     "pre-commit>=2.9.2",
-    "trufflehog>=2.1.0, <3.0",
     "ruff~=0.0.290",
 ]
 
diff --git a/kedro-telemetry/RELEASE.md b/kedro-telemetry/RELEASE.md
index df7bb603a..1b4fce80f 100644
--- a/kedro-telemetry/RELEASE.md
+++ b/kedro-telemetry/RELEASE.md
@@ -1,4 +1,5 @@
 # Upcoming release
+* Replaced `trufflehog` with `detect-secrets` for detecting secrets within a code base.
 
 # Release 0.6.2
 * Removed support for Python 3.8
diff --git a/kedro-telemetry/pyproject.toml b/kedro-telemetry/pyproject.toml
index 45f9d995d..1f43f2315 100644
--- a/kedro-telemetry/pyproject.toml
+++ b/kedro-telemetry/pyproject.toml
@@ -35,9 +35,9 @@ test = [
 lint = [
     "bandit>=1.6.2, <2.0",
     "black~=22.0",
+    "detect-secrets~=1.5.0",
     "mypy~=1.0",
     "pre-commit>=2.9.2",
-    "trufflehog>=2.1.0, <3.0",
     "ruff~=0.0.290",
     # mypy requirements
     "types-requests",
diff --git a/trufflehog-ignore.txt b/trufflehog-ignore.txt
deleted file mode 100644
index 1929a2634..000000000
--- a/trufflehog-ignore.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-kedro-telemetry/README.md
-kedro-telemetry/RELEASE.md
-kedro-datasets/tests/tensorflow/test_tensorflow_model_dataset.py