add wiz scan to the pipeline (SWG-14342)

ewaostrowska · ewaostrowska · commit 131087592bf3 · 2025-07-10T13:01:40.000+02:00
diff --git a/.github/workflows/maven-master-pulls.yml b/.github/workflows/maven-master-pulls.yml
@@ -68,7 +68,7 @@ jobs:
 
         steps:
         - name: Login to Docker Hub
-          uses: docker/login-action@v2
+          uses: docker/login-action@v3
           with:
             username: ${{ secrets.DOCKERHUB_SB_USERNAME }}
             password: ${{ secrets.DOCKERHUB_SB_PASSWORD }}
@@ -82,13 +82,24 @@ jobs:
             WIZ_CLIENT_ID: ${{ secrets.WIZ_CLIENT_ID }}
             WIZ_CLIENT_SECRET: ${{ secrets.WIZ_CLIENT_SECRET }}
 
-        - name: Pull Docker image for scanning
-          run: docker pull swaggerapi/swagger-codegen-cli:latest
+        - name: Checkout code
+          uses: actions/checkout@v3
+
+        - name: Set up Docker Buildx
+          uses: docker/setup-buildx-action@v3
+
+        - name: Build Docker image
+          run: |
+            docker build -t swagger-codegen:latest .
+
+        - name: Save Docker image to tarball
+          run: |
+            docker save swagger-codegen:latest -o swagger-codegen.tar
 
         - name: Run wiz-cli docker image scan
           run: |
-            ./wizcli docker scan --image $TAG --policy "$POLICY"
+            ./wizcli docker scan --image-archive $TAG --policy "$POLICY"
             ./wizcli docker tag --image $TAG
           env:
-            TAG: swaggerapi/swagger-codegen-cli:latest
+            TAG: swagger-codegen.tar
             POLICY: "SmartBear default vulnerabilities policy"
