Skip to content

Commit 1abe40f

Browse files
ewaostrowskaewaostrowska
committed
add wiz scan to the pipeline (SWG-14342)
1 parent ddbe8aa commit 1abe40f

File tree

1 file changed

+45
-46
lines changed

1 file changed

+45
-46
lines changed

.github/workflows/maven-master-pulls.yml

Lines changed: 45 additions & 46 deletions
Original file line numberDiff line numberDiff line change
@@ -13,17 +13,13 @@ jobs:
1313
java: [ 11 ]
1414

1515
steps:
16-
- uses: actions/checkout@v4
16+
- uses: actions/checkout@v2
1717
- name: Set up Java
18-
uses: actions/setup-java@v4
18+
uses: actions/setup-java@v1
1919
with:
2020
java-version: ${{ matrix.java }}
21-
distribution: temurin
22-
server-id: central
23-
server-username: MAVEN_USERNAME
24-
server-password: MAVEN_PASSWORD
2521
- name: Cache local Maven repository
26-
uses: actions/cache@v4
22+
uses: actions/cache@v2
2723
with:
2824
path: ~/.m2/repository
2925
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
@@ -40,17 +36,13 @@ jobs:
4036
java: [ 8 ]
4137

4238
steps:
43-
- uses: actions/checkout@v4
39+
- uses: actions/checkout@v2
4440
- name: Set up Java
45-
uses: actions/setup-java@v4
41+
uses: actions/setup-java@v1
4642
with:
4743
java-version: ${{ matrix.java }}
48-
distribution: temurin
49-
server-id: central
50-
server-username: MAVEN_USERNAME
51-
server-password: MAVEN_PASSWORD
5244
- name: Cache local Maven repository
53-
uses: actions/cache@v4
45+
uses: actions/cache@v2
5446
with:
5547
path: ~/.m2/repository
5648
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
@@ -60,35 +52,42 @@ jobs:
6052
run: mvn -B -U clean verify -DskipTests -Dmaven.test.skip=true -Dmaven.site.skip=true -Dmaven.javadoc.skip=true -Psamples-java8 --file pom.xml
6153

6254
scan-with-wiz:
63-
name: Trigger Wiz Scanning
64-
runs-on: ubuntu-latest
65-
66-
needs: [ build ]
67-
if: success()
68-
69-
steps:
70-
- name: Login to Docker Hub
71-
uses: docker/login-action@v2
72-
with:
73-
username: ${{ secrets.DOCKERHUB_SB_USERNAME }}
74-
password: ${{ secrets.DOCKERHUB_SB_PASSWORD }}
75-
76-
- name: Download Wiz CLI
77-
run: curl -o wizcli https://downloads.wiz.io/wizcli/latest/wizcli-linux-amd64 && chmod +x wizcli
78-
79-
- name: Authenticate to Wiz
80-
run: ./wizcli auth --id "$WIZ_CLIENT_ID" --secret "$WIZ_CLIENT_SECRET"
81-
env:
82-
WIZ_CLIENT_ID: ${{ secrets.WIZ_CLIENT_ID }}
83-
WIZ_CLIENT_SECRET: ${{ secrets.WIZ_CLIENT_SECRET }}
84-
85-
- name: Pull Docker image for scanning
86-
run: docker pull swaggerapi/swagger-codegen-cli:latest
87-
88-
- name: Run wiz-cli docker image scan
89-
run: |
90-
./wizcli docker scan --image $TAG --policy "$POLICY"
91-
./wizcli docker tag --image $TAG
92-
env:
93-
TAG: swaggerapi/swagger-codegen-cli:latest
94-
POLICY: "SmartBear default vulnerabilities policy"
55+
name: Trigger Wiz Scanning
56+
runs-on: ubuntu-latest
57+
58+
needs: [ build ]
59+
if: success()
60+
61+
steps:
62+
- name: Login to Docker Hub
63+
uses: docker/login-action@v3
64+
with:
65+
username: ${{ secrets.DOCKERHUB_SB_USERNAME }}
66+
password: ${{ secrets.DOCKERHUB_SB_PASSWORD }}
67+
68+
- name: Checkout code
69+
uses: actions/checkout@v3
70+
71+
- name: Set up Docker Buildx
72+
uses: docker/setup-buildx-action@v3
73+
74+
- name: Build Docker image
75+
run: |
76+
docker buildx build --load -t swagger-codegen:latest .
77+
78+
- name: Download Wiz CLI
79+
run: curl -o wizcli https://downloads.wiz.io/wizcli/latest/wizcli-linux-amd64 && chmod +x wizcli
80+
81+
- name: Authenticate to Wiz
82+
run: ./wizcli auth --id "$WIZ_CLIENT_ID" --secret "$WIZ_CLIENT_SECRET"
83+
env:
84+
WIZ_CLIENT_ID: ${{ secrets.WIZ_CLIENT_ID }}
85+
WIZ_CLIENT_SECRET: ${{ secrets.WIZ_CLIENT_SECRET }}
86+
87+
- name: Run wiz-cli docker image scan
88+
run: |
89+
./wizcli docker scan --image $TAG --policy "$POLICY" > /dev/null 2>&1
90+
./wizcli docker tag --image $TAG > /dev/null 2>&1
91+
env:
92+
TAG: swagger-codegen:latest
93+
POLICY: "SmartBear default vulnerabilities policy"

0 commit comments

Comments
 (0)