feat: security-workflow #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'wiz-cli' | |
on: [pull_request] | |
jobs: | |
wiz-cli-dir-scan: | |
name: 'Wiz-cli Directory Scan' | |
runs-on: ubuntu-latest | |
env: | |
SCAN_PATH: "./" # Set the relative path in the repo to scan | |
# POLICY: "Default Vulnerabily policy" # Set the desired Wiz CLI policy to use, BLANK FOR ALL | |
# Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest | |
defaults: | |
run: | |
shell: bash | |
steps: | |
# Checkout the repository to the GitHub Actions runner | |
- name: Check out repository | |
uses: actions/checkout@v4 | |
- name: Download Wiz CLI | |
run: curl -o wizcli https://downloads.wiz.io/wizcli/latest/wizcli-linux-amd64 && chmod +x wizcli | |
- name: Authenticate to Wiz | |
run: ./wizcli auth --id "$WIZ_CLIENT_ID" --secret "$WIZ_CLIENT_SECRET" | |
env: | |
WIZ_CLIENT_ID: ${{ secrets.WIZ_CLIENT_ID }} | |
WIZ_CLIENT_SECRET: ${{ secrets.WIZ_CLIENT_SECRET }} | |
- name: Run wiz CLI Directory scan | |
run: ./wizcli dir scan --path $SCAN_PATH |