diff --git a/ee/lib/ee/gitlab/git_access.rb b/ee/lib/ee/gitlab/git_access.rb
index 4ff78ba9050ca3333cf99ebafef75003363b35fc..4ecd806924a17d79baeed090a258f71af8ffe77b 100644
--- a/ee/lib/ee/gitlab/git_access.rb
+++ b/ee/lib/ee/gitlab/git_access.rb
@@ -14,6 +14,8 @@ module GitAccess
 
       override :check
       def check(cmd, changes)
+        pp "EE GitAccess#check called - RequestStore object_id: #{::Gitlab::SafeRequestStore.object_id}"
+
         check_maintenance_mode!(cmd)
         check_geo_license!
         check_smartcard_access!
@@ -82,9 +84,13 @@ def check_custom_ssh_action!
 
       override :check_for_console_messages
       def check_for_console_messages
-        super.push(
-          *current_replication_lag_message
-        )
+        pp "check_for_console_messages - RequestStore object_id: #{::Gitlab::SafeRequestStore.object_id}"
+        pp "SPP message: #{::Gitlab::SafeRequestStore[:spp_warning_message]}"
+
+        messages = [*current_replication_lag_message]
+        messages.push(::Gitlab::SafeRequestStore[:spp_warning_message])
+
+        super.push(*messages)
       end
 
       override :check_download_access!
diff --git a/ee/lib/gitlab/checks/secret_push_protection/secrets_check.rb b/ee/lib/gitlab/checks/secret_push_protection/secrets_check.rb
index 4bccb64e9b6abfc7db9b34d6d44313b1937c7238..1b18cc7316c3ab336e7166d514eb7ce49b5277db 100644
--- a/ee/lib/gitlab/checks/secret_push_protection/secrets_check.rb
+++ b/ee/lib/gitlab/checks/secret_push_protection/secrets_check.rb
@@ -72,6 +72,7 @@ def run_validation_dark_launch!
         end
 
         def run_validation!
+          pp "SPP run_validation! called"
           return unless eligibility_checker.should_scan?
 
           audit_logger.track_spp_scan_executed('regular')
@@ -81,6 +82,8 @@ def run_validation!
           logger.log_timed(LOG_MESSAGES[:secrets_check]) do
             payloads = payload_processor.standardize_payloads
 
+            raise StandardError.new("This is a test message")
+
             thread = Thread.new do
               # This is to help identify the thread in case of a crash
               Thread.current.name = "secrets_check"
@@ -121,6 +124,22 @@ def run_validation!
 
             message = format(ERROR_MESSAGES[:scan_initialization_error], { error_msg: e.message })
             secret_detection_logger.error(build_structured_payload(message:))
+          rescue ::Gitlab::GitAccess::ForbiddenError
+            # Re-raise to ensure secrets still block pushes
+            raise
+          rescue StandardError => e
+            # Catch all other unexpected errors
+            ::Gitlab::ErrorTracking.track_exception(e)
+            secret_detection_logger.error(
+              build_structured_payload(
+                message: "Secret push protection failed: #{e.message}",
+                error_class: e.class.name
+              )
+            )
+
+            # Store warning message for display
+            ::Gitlab::SafeRequestStore[:spp_warning_message] =
+              'Secret detection scan encountered an error. Your push was allowed, but please verify no secrets were committed.'
           ensure
             # clean up the thread
             thread&.exit