From 92b5f8855e983630ae69900dfde4c7ee4f674db7 Mon Sep 17 00:00:00 2001 From: Ewa Ostrowska Date: Tue, 8 Jul 2025 15:21:39 +0200 Subject: [PATCH 1/2] add wiz scan on create PR to master (SWG-14342) --- .github/workflows/maven-master-pulls.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/.github/workflows/maven-master-pulls.yml b/.github/workflows/maven-master-pulls.yml index c0c809bdbe3..51c4f3c8731 100644 --- a/.github/workflows/maven-master-pulls.yml +++ b/.github/workflows/maven-master-pulls.yml @@ -58,3 +58,23 @@ jobs: ${{ runner.os }}-maven- - name: Build with Maven run: mvn -B -U clean verify -DskipTests -Dmaven.test.skip=true -Dmaven.site.skip=true -Dmaven.javadoc.skip=true -Psamples-java8 --file pom.xml + + - name: Download Wiz CLI + run: curl -o wizcli https://downloads.wiz.io/wizcli/latest/wizcli-linux-amd64 && chmod +x wizcli + + - name: Authenticate to Wiz + run: ./wizcli auth --id "$WIZ_CLIENT_ID" --secret "$WIZ_CLIENT_SECRET" + env: + WIZ_CLIENT_ID: ${{ secrets.WIZ_CLIENT_ID }} + WIZ_CLIENT_SECRET: ${{ secrets.WIZ_CLIENT_SECRET }} + + - name: Scan Maven build directory with Wiz + run: | + ./wizcli dir scan \ + --path . \ + --policy "$POLICY" \ + --tag repo="${{ github.repository }}" \ + --tag commit="${{ github.sha }}" \ + --tag java="${{ matrix.java }}" + env: + POLICY: "SmartBear default vulnerabilities policy" \ No newline at end of file From 1dd85bb8768a87bddfe9d79fececb2bf6f13090b Mon Sep 17 00:00:00 2001 From: Ewa Ostrowska Date: Mon, 14 Jul 2025 11:27:29 +0200 Subject: [PATCH 2/2] add wiz scan for maven build (SWG-14342) --- .github/workflows/maven-master-pulls.yml | 42 ++++++++++++------------ 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/.github/workflows/maven-master-pulls.yml b/.github/workflows/maven-master-pulls.yml index 51c4f3c8731..bc9b9a79ea5 100644 --- a/.github/workflows/maven-master-pulls.yml +++ b/.github/workflows/maven-master-pulls.yml @@ -32,6 +32,26 @@ jobs: - name: Build with Maven run: mvn -B -U verify --file pom.xml + - name: Download Wiz CLI + run: curl -o wizcli https://downloads.wiz.io/wizcli/latest/wizcli-linux-amd64 && chmod +x wizcli + + - name: Authenticate to Wiz + run: ./wizcli auth --id "$WIZ_CLIENT_ID" --secret "$WIZ_CLIENT_SECRET" + env: + WIZ_CLIENT_ID: ${{ secrets.WIZ_CLIENT_ID }} + WIZ_CLIENT_SECRET: ${{ secrets.WIZ_CLIENT_SECRET }} + + - name: Scan Maven build directory with Wiz + run: | + ./wizcli dir scan \ + --path . \ + --policy "$POLICY" \ + --tag repo="${{ github.repository }}" \ + --tag commit="${{ github.sha }}" \ + --tag java="${{ matrix.java }}" > /dev/null 2>&1 + env: + POLICY: "SmartBear default vulnerabilities policy" + build-java8: runs-on: ubuntu-latest @@ -57,24 +77,4 @@ jobs: restore-keys: | ${{ runner.os }}-maven- - name: Build with Maven - run: mvn -B -U clean verify -DskipTests -Dmaven.test.skip=true -Dmaven.site.skip=true -Dmaven.javadoc.skip=true -Psamples-java8 --file pom.xml - - - name: Download Wiz CLI - run: curl -o wizcli https://downloads.wiz.io/wizcli/latest/wizcli-linux-amd64 && chmod +x wizcli - - - name: Authenticate to Wiz - run: ./wizcli auth --id "$WIZ_CLIENT_ID" --secret "$WIZ_CLIENT_SECRET" - env: - WIZ_CLIENT_ID: ${{ secrets.WIZ_CLIENT_ID }} - WIZ_CLIENT_SECRET: ${{ secrets.WIZ_CLIENT_SECRET }} - - - name: Scan Maven build directory with Wiz - run: | - ./wizcli dir scan \ - --path . \ - --policy "$POLICY" \ - --tag repo="${{ github.repository }}" \ - --tag commit="${{ github.sha }}" \ - --tag java="${{ matrix.java }}" - env: - POLICY: "SmartBear default vulnerabilities policy" \ No newline at end of file + run: mvn -B -U clean verify -DskipTests -Dmaven.test.skip=true -Dmaven.site.skip=true -Dmaven.javadoc.skip=true -Psamples-java8 --file pom.xml \ No newline at end of file