Create main.yml #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "wiz-cli" | |
| on: | |
| push: | |
| branches: | |
| - master | |
| pull_request: | |
| branches: | |
| - master | |
| jobs: | |
| wiz-cli-iac-scan: | |
| name: "Wiz-cli IaC Scan" | |
| runs-on: ubuntu-latest | |
| env: | |
| SCAN_PATH: "." # Set the relative path in the repo to scan | |
| POLICY: "SRH-GH-IAC" # Set the desired Wiz CLI policy to use | |
| # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest | |
| defaults: | |
| run: | |
| shell: bash | |
| steps: | |
| # Checkout the repository to the GitHub Actions runner | |
| - name: Check out repository | |
| uses: actions/checkout@v2 | |
| - name: Download Wiz CLI | |
| run: curl -o wizcli https://downloads.wiz.io/wizcli/latest/wizcli-linux-amd64 && chmod +x wizcli | |
| - name: Authenticate to Wiz | |
| run: ./wizcli auth --id "$WIZ_CLIENT_ID" --secret "$WIZ_CLIENT_SECRET" | |
| env: | |
| WIZ_CLIENT_ID: ${{ secrets.WIZ_CLIENT_ID }} | |
| WIZ_CLIENT_SECRET: ${{ secrets.WIZ_CLIENT_SECRET }} | |
| - name: Run wiz CLI IaC scan | |
| run: ./wizcli iac scan --path $SCAN_PATH --policy "$POLICY" |