diff --git a/files/workflows/add-issues-and-prs-to-fs-project-board.yml b/files/workflows/add-issues-and-prs-to-fs-project-board.yml
index f641c37..511473f 100644
--- a/files/workflows/add-issues-and-prs-to-fs-project-board.yml
+++ b/files/workflows/add-issues-and-prs-to-fs-project-board.yml
@@ -17,7 +17,11 @@ on:
   issues:
     types:
       - opened
-  pull_request:
+  # Using "pull_request_target" instead of "pull_request" to support PRs from forks.
+  # Workflow runs triggered on PRs from forks do not have access to secrets, so "github-token" input below would otherwise be empty.
+  # This action does not check out nor execute user code so we should be safe.
+  # We also hardcode to specific hash to ensure no unintended changes underneath us.
+  pull_request_target:
     types:
       - opened
 
diff --git a/github/FilOzone.yml b/github/FilOzone.yml
index e26e470..35bd21f 100644
--- a/github/FilOzone.yml
+++ b/github/FilOzone.yml
@@ -264,8 +264,8 @@ repositories:
     has_discussions: false
     merge_commit_message: PR_TITLE
     merge_commit_title: MERGE_MESSAGE
-    secret_scanning_push_protection: false
-    secret_scanning: false
+    secret_scanning_push_protection: true
+    secret_scanning: true
     squash_merge_commit_message: COMMIT_MESSAGES
     squash_merge_commit_title: COMMIT_OR_PR_TITLE
     visibility: public