diff --git a/components/scanners/trufflehog/README.md b/components/scanners/trufflehog/README.md
index a295ef8ee..877feffdb 100644
--- a/components/scanners/trufflehog/README.md
+++ b/components/scanners/trufflehog/README.md
@@ -19,26 +19,8 @@ as the following:
 |--------------------------|--------|----------|------------|---------------------------------------------------------|
 | TRUFFLEHOG\_RAW\_OUT\_FILE\_PATH  | string | yes      | -          | The path where to find the trufflehog report                 |
 | TRUFFLEHOG\_TARGET\_TYPE         | string | false    | repository | The type of target that was used to generate the report |
+| RAW\_OUT\_FILE  | string | yes | "{{ scratchWorkspace }}/trufflehog.json" | The path where to put the trufflehog report
 
 ## Test data
 
 The `trufflehog.json` file used in tests was generated with the following steps:
-
-* Cloning:
-
-```shell
-git clone https://github.com/smithy-security/e2e-monorepo
-```
-
-* Running trufflehog
-
-```shell
-docker run \
-    --rm -it -v "$PWD:/pwd" \
-     trufflesecurity/trufflehog:latest \
-     filesystem --json \
-     --no-fail \
-     --no-update \
-     --log-level=-1 \
-     --directory="/pwd"
-```
diff --git a/components/scanners/trufflehog/component.yaml b/components/scanners/trufflehog/component.yaml
index 9ddb2dfb8..96b4e1998 100644
--- a/components/scanners/trufflehog/component.yaml
+++ b/components/scanners/trufflehog/component.yaml
@@ -6,6 +6,15 @@ parameters:
     type: "string"
     value: "TARGET_TYPE_REPOSITORY"
 steps:
+  - name: "run-trufflehog"
+    image:  ghcr.io/trufflesecurity/trufflehog:3.88.23
+    executable: /bin/bash
+    args:
+      - -c
+      - >-
+        echo "Running trufflehog and sending output to {{ scratchWorkspace }}/trufflehog.json"  &&
+        /etc/entrypoint.sh filesystem --json --no-fail --directory="{{sourceCodeWorkspace}}"  |
+        tee {{ scratchWorkspace }}/trufflehog.json
   - name: "secret-scanner"
     image: "components/scanners/trufflehog"
     executable: "/bin/app"
diff --git a/examples/trufflehog/overrides.yaml b/examples/trufflehog/overrides.yaml
new file mode 100644
index 000000000..dec004821
--- /dev/null
+++ b/examples/trufflehog/overrides.yaml
@@ -0,0 +1,4 @@
+git-clone:
+- name: "repo_url"
+  type: "string"
+  value: "https://github.com/OWASP/igoat"
diff --git a/examples/trufflehog/workflow.yaml b/examples/trufflehog/workflow.yaml
new file mode 100644
index 000000000..17fe7337c
--- /dev/null
+++ b/examples/trufflehog/workflow.yaml
@@ -0,0 +1,7 @@
+description: Trufflehog based workflow
+name: trufflehog
+components:
+- component: file://components/targets/git-clone/component.yaml
+- component: file://components/scanners/trufflehog/component.yaml
+- component: file://components/enrichers/custom-annotation/component.yaml
+- component: file://components/reporters/json-logger/component.yaml