From ef71756318484f3864d05e06a81e178082b3bcb6 Mon Sep 17 00:00:00 2001 From: Sean Heeley <67065230+sheeley18@users.noreply.github.com> Date: Fri, 17 Oct 2025 09:03:53 -0400 Subject: [PATCH 1/6] Create main.yml --- .github/workflows/main.yml | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 .github/workflows/main.yml diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 00000000..d2d20183 --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,38 @@ +name: "wiz-cli" +on: + push: + branches: + - master + pull_request: + branches: + - master + +jobs: + wiz-cli-iac-scan: + name: "Wiz-cli IaC Scan" + runs-on: ubuntu-latest + env: + SCAN_PATH: "." # Set the relative path in the repo to scan + POLICY: "SRH-GH-IAC" # Set the desired Wiz CLI policy to use + + # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest + defaults: + run: + shell: bash + + steps: + # Checkout the repository to the GitHub Actions runner + - name: Check out repository + uses: actions/checkout@v2 + + - name: Download Wiz CLI + run: curl -o wizcli https://downloads.wiz.io/wizcli/latest/wizcli-linux-amd64 && chmod +x wizcli + + - name: Authenticate to Wiz + run: ./wizcli auth --id "$WIZ_CLIENT_ID" --secret "$WIZ_CLIENT_SECRET" + env: + WIZ_CLIENT_ID: ${{ secrets.WIZ_CLIENT_ID }} + WIZ_CLIENT_SECRET: ${{ secrets.WIZ_CLIENT_SECRET }} + + - name: Run wiz CLI IaC scan + run: ./wizcli iac scan --path $SCAN_PATH --policy "$POLICY" From f181092be24debd9d89c4c9e9a943aa6703c6794 Mon Sep 17 00:00:00 2001 From: Sean Heeley <67065230+sheeley18@users.noreply.github.com> Date: Fri, 17 Oct 2025 09:24:35 -0400 Subject: [PATCH 2/6] Update main.yml --- .github/workflows/main.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index d2d20183..398dd467 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -13,8 +13,7 @@ jobs: runs-on: ubuntu-latest env: SCAN_PATH: "." # Set the relative path in the repo to scan - POLICY: "SRH-GH-IAC" # Set the desired Wiz CLI policy to use - + # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest defaults: run: From 9fd19e64b7662818e25e82600d7464082f39e801 Mon Sep 17 00:00:00 2001 From: Sean Heeley <67065230+sheeley18@users.noreply.github.com> Date: Fri, 17 Oct 2025 09:56:04 -0400 Subject: [PATCH 3/6] Update main.yml --- .github/workflows/main.yml | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 398dd467..e24dfd16 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -34,4 +34,26 @@ jobs: WIZ_CLIENT_SECRET: ${{ secrets.WIZ_CLIENT_SECRET }} - name: Run wiz CLI IaC scan - run: ./wizcli iac scan --path $SCAN_PATH --policy "$POLICY" + run: ./wizcli iac scan --path $SCAN_PATH + + wiz-cli-dir-scan: + name: "Wiz-cli Dir Scan" + runs-on: ubuntu-latest + env: + SCAN_PATH: "." # Set the relative path in the repo to scan + + # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest + defaults: + run: + shell: bash + + steps: + - name: Authenticate to Wiz + run: ./wizcli auth --id "$WIZ_CLIENT_ID" --secret "$WIZ_CLIENT_SECRET" + env: + WIZ_CLIENT_ID: ${{ secrets.WIZ_CLIENT_ID }} + WIZ_CLIENT_SECRET: ${{ secrets.WIZ_CLIENT_SECRET }} + + - name: Run wiz CLI Dir scan + run: ./wizcli dir scan --path $SCAN_PATH + From e933c254c606100f479af45f85f29b8104d15d12 Mon Sep 17 00:00:00 2001 From: Sean Heeley <67065230+sheeley18@users.noreply.github.com> Date: Fri, 17 Oct 2025 09:58:51 -0400 Subject: [PATCH 4/6] Update main.yml --- .github/workflows/main.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e24dfd16..0cd708a3 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -14,13 +14,11 @@ jobs: env: SCAN_PATH: "." # Set the relative path in the repo to scan - # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest defaults: run: shell: bash steps: - # Checkout the repository to the GitHub Actions runner - name: Check out repository uses: actions/checkout@v2 @@ -42,12 +40,17 @@ jobs: env: SCAN_PATH: "." # Set the relative path in the repo to scan - # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest defaults: run: shell: bash steps: + - name: Check out repository + uses: actions/checkout@v2 + + - name: Download Wiz CLI + run: curl -o wizcli https://downloads.wiz.io/wizcli/latest/wizcli-linux-amd64 && chmod +x wizcli + - name: Authenticate to Wiz run: ./wizcli auth --id "$WIZ_CLIENT_ID" --secret "$WIZ_CLIENT_SECRET" env: @@ -56,4 +59,3 @@ jobs: - name: Run wiz CLI Dir scan run: ./wizcli dir scan --path $SCAN_PATH - From 13ff6faee5537d02143a0cb21706301723dace41 Mon Sep 17 00:00:00 2001 From: Sean Heeley <67065230+sheeley18@users.noreply.github.com> Date: Fri, 17 Oct 2025 10:00:38 -0400 Subject: [PATCH 5/6] Update main.yml --- .github/workflows/main.yml | 43 +++++++------------------------------- 1 file changed, 8 insertions(+), 35 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 0cd708a3..6f29d786 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -8,42 +8,15 @@ on: - master jobs: - wiz-cli-iac-scan: - name: "Wiz-cli IaC Scan" + wiz-cli-scan: + name: "Wiz-cli ${{ matrix.scan-type }} Scan" runs-on: ubuntu-latest + strategy: + matrix: + scan-type: [iac, dir] env: - SCAN_PATH: "." # Set the relative path in the repo to scan + SCAN_PATH: "." - defaults: - run: - shell: bash - - steps: - - name: Check out repository - uses: actions/checkout@v2 - - - name: Download Wiz CLI - run: curl -o wizcli https://downloads.wiz.io/wizcli/latest/wizcli-linux-amd64 && chmod +x wizcli - - - name: Authenticate to Wiz - run: ./wizcli auth --id "$WIZ_CLIENT_ID" --secret "$WIZ_CLIENT_SECRET" - env: - WIZ_CLIENT_ID: ${{ secrets.WIZ_CLIENT_ID }} - WIZ_CLIENT_SECRET: ${{ secrets.WIZ_CLIENT_SECRET }} - - - name: Run wiz CLI IaC scan - run: ./wizcli iac scan --path $SCAN_PATH - - wiz-cli-dir-scan: - name: "Wiz-cli Dir Scan" - runs-on: ubuntu-latest - env: - SCAN_PATH: "." # Set the relative path in the repo to scan - - defaults: - run: - shell: bash - steps: - name: Check out repository uses: actions/checkout@v2 @@ -57,5 +30,5 @@ jobs: WIZ_CLIENT_ID: ${{ secrets.WIZ_CLIENT_ID }} WIZ_CLIENT_SECRET: ${{ secrets.WIZ_CLIENT_SECRET }} - - name: Run wiz CLI Dir scan - run: ./wizcli dir scan --path $SCAN_PATH + - name: Run wiz CLI scan + run: ./wizcli ${{ matrix.scan-type }} scan --path $SCAN_PATH From f80c88de77609b0d80b9dac67525f1b606a4ecbf Mon Sep 17 00:00:00 2001 From: Sean Heeley <67065230+sheeley18@users.noreply.github.com> Date: Fri, 17 Oct 2025 10:04:28 -0400 Subject: [PATCH 6/6] Update main.yml --- .github/workflows/main.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 6f29d786..b55ac293 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -8,12 +8,9 @@ on: - master jobs: - wiz-cli-scan: - name: "Wiz-cli ${{ matrix.scan-type }} Scan" + wiz-scan: + name: "Wiz-cli Scan" runs-on: ubuntu-latest - strategy: - matrix: - scan-type: [iac, dir] env: SCAN_PATH: "." @@ -30,5 +27,8 @@ jobs: WIZ_CLIENT_ID: ${{ secrets.WIZ_CLIENT_ID }} WIZ_CLIENT_SECRET: ${{ secrets.WIZ_CLIENT_SECRET }} - - name: Run wiz CLI scan - run: ./wizcli ${{ matrix.scan-type }} scan --path $SCAN_PATH + - name: Run IaC scan + run: ./wizcli iac scan --path $SCAN_PATH + + - name: Run Dir scan + run: ./wizcli dir scan --path $SCAN_PATH