Skip to content

feat: security-workflow #2

feat: security-workflow

feat: security-workflow #2

name: 'wiz-cli'
on: [pull_request]
jobs:
wiz-cli-dir-scan:
name: 'Wiz-cli Directory Scan'
runs-on: ubuntu-latest
env:
SCAN_PATH: "./" # Set the relative path in the repo to scan
# POLICY: "Default Vulnerabily policy" # Set the desired Wiz CLI policy to use, BLANK FOR ALL
# Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
defaults:
run:
shell: bash
steps:
# Checkout the repository to the GitHub Actions runner
- name: Check out repository
uses: actions/checkout@v4
- name: Download Wiz CLI
run: curl -o wizcli https://downloads.wiz.io/wizcli/latest/wizcli-linux-amd64 && chmod +x wizcli
- name: Authenticate to Wiz
run: ./wizcli auth --id "$WIZ_CLIENT_ID" --secret "$WIZ_CLIENT_SECRET"
env:
WIZ_CLIENT_ID: ${{ secrets.WIZ_CLIENT_ID }}
WIZ_CLIENT_SECRET: ${{ secrets.WIZ_CLIENT_SECRET }}
- name: Run wiz CLI Directory scan
run: ./wizcli dir scan --path $SCAN_PATH