From ef71756318484f3864d05e06a81e178082b3bcb6 Mon Sep 17 00:00:00 2001
From: Sean Heeley <67065230+sheeley18@users.noreply.github.com>
Date: Fri, 17 Oct 2025 09:03:53 -0400
Subject: [PATCH 1/3] Create main.yml

---
 .github/workflows/main.yml | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 .github/workflows/main.yml

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
new file mode 100644
index 00000000..d2d20183
--- /dev/null
+++ b/.github/workflows/main.yml
@@ -0,0 +1,38 @@
+name: "wiz-cli"
+on:
+  push:
+    branches:
+    - master
+  pull_request:
+    branches:
+    - master
+
+jobs:
+  wiz-cli-iac-scan:
+    name: "Wiz-cli IaC Scan"
+    runs-on: ubuntu-latest
+    env:
+      SCAN_PATH: "." # Set the relative path in the repo to scan
+      POLICY: "SRH-GH-IAC" # Set the desired Wiz CLI policy to use
+
+    # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
+    defaults:
+      run:
+        shell: bash
+
+    steps:
+      # Checkout the repository to the GitHub Actions runner
+      - name: Check out repository
+        uses: actions/checkout@v2
+
+      - name: Download Wiz CLI
+        run: curl -o wizcli https://downloads.wiz.io/wizcli/latest/wizcli-linux-amd64 && chmod +x wizcli
+
+      - name: Authenticate to Wiz
+        run: ./wizcli auth --id "$WIZ_CLIENT_ID" --secret "$WIZ_CLIENT_SECRET"
+        env:
+          WIZ_CLIENT_ID: ${{ secrets.WIZ_CLIENT_ID }}
+          WIZ_CLIENT_SECRET: ${{ secrets.WIZ_CLIENT_SECRET }}
+
+      - name: Run wiz CLI IaC scan
+        run: ./wizcli iac scan --path $SCAN_PATH --policy "$POLICY"

From f181092be24debd9d89c4c9e9a943aa6703c6794 Mon Sep 17 00:00:00 2001
From: Sean Heeley <67065230+sheeley18@users.noreply.github.com>
Date: Fri, 17 Oct 2025 09:24:35 -0400
Subject: [PATCH 2/3] Update main.yml

---
 .github/workflows/main.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index d2d20183..398dd467 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -13,8 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     env:
       SCAN_PATH: "." # Set the relative path in the repo to scan
-      POLICY: "SRH-GH-IAC" # Set the desired Wiz CLI policy to use
-
+      
     # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
     defaults:
       run:

From b15e3e934d18e232bea05c6dc3d4d82dffdcbdbb Mon Sep 17 00:00:00 2001
From: sheeley18 <sean.heeley@wiz.io>
Date: Fri, 17 Oct 2025 11:09:47 -0400
Subject: [PATCH 3/3] Add SQL injection example

---
 src/SQLInjection.java | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 src/SQLInjection.java

diff --git a/src/SQLInjection.java b/src/SQLInjection.java
new file mode 100644
index 00000000..b784de26
--- /dev/null
+++ b/src/SQLInjection.java
@@ -0,0 +1,9 @@
+import java.sql.*;
+import javax.servlet.http.HttpServletRequest;
+
+public class SQLInjection {
+  public static ResultSet doQuery(HttpServletRequest request, Connection connection) throws SQLException {
+    String customerName = request.getParameter("customerName");
+    String query = "SELECT account_balance FROM user_data WHERE user_name = " + customerName;
+    Statement statement = connection.createStatement();
+    ResultSet results = statement.executeQuery(query);