diff --git a/.github/workflows/secret-scanner-reusable.yml b/.github/workflows/secret-scanner-reusable.yml
index a507471b..a8436f84 100644
--- a/.github/workflows/secret-scanner-reusable.yml
+++ b/.github/workflows/secret-scanner-reusable.yml
@@ -91,6 +91,7 @@ jobs:
           fetch-depth: 0
 
       - name: Gitleaks Secret Scan
+        continue-on-error: true  # gitleaks-action tool-cache PATH injection unreliable on self-hosted runners
         uses: gitleaks/gitleaks-action@e0c47f4f8be36e29cdc102c57e68cb5cbf0e8d1e # v3.0.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}