add wiz scan on create PR to 3.0.0 (SWG-14342)

Author: ewaostrowska

.github/workflows/maven-master-pulls.yml

@@ -49,21 +49,4 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-maven-
       - name: Build with Maven
-        run: mvn -B -U clean verify -DskipTests -Dmaven.test.skip=true -Dmaven.site.skip=true -Dmaven.javadoc.skip=true -Psamples-java8 --file pom.xml
-
-  scan-with-lacework:
-      name: Trigger LaceWork Scanning
-      runs-on: ubuntu-latest
-
-      needs: [ build ]
-      if: success()
-
-      steps:
-        - name: Trigger LaceWork Scanning using a different method
-          run: |
-            docker run -e LW_ACCOUNT_NAME=$LW_ACCOUNT_NAME -e LW_ACCESS_TOKEN=$LW_ACCESS_TOKEN -e LW_SCANNER_SAVE_RESULTS=true -e LW_SCANNER_DISABLE_UPDATES=false -v /var/run/docker.sock:/var/run/docker.sock lacework/lacework-inline-scanner:latest image evaluate swaggerapi/swagger-codegen-cli latest --docker-server index.docker.io --docker-username $docker_user --docker-password $docker_password  > /dev/null 2>&1
-          env:
-            LW_ACCOUNT_NAME: ${{ secrets.LW_ACCOUNT_NAME }}
-            LW_ACCESS_TOKEN: ${{ secrets.LW_ACCESS_TOKEN }}
-            docker_user: ${{ secrets.DOCKERHUB_SB_USERNAME}}
-            docker_password: ${{ secrets.DOCKERHUB_SB_PASSWORD}}
+        run: mvn -B -U clean verify -DskipTests -Dmaven.test.skip=true -Dmaven.site.skip=true -Dmaven.javadoc.skip=true -Psamples-java8 --file pom.xml

.github/workflows/maven-master.yml

@@ -88,7 +88,7 @@ jobs:
         with:
           java-version: ${{ matrix.java }}
       - name: Cache local Maven repository
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: ~/.m2/repository
           key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}

.github/workflows/maven-pr-3.0.yml

@@ -75,4 +75,24 @@ jobs:
           fi
           echo "GENERATORS_VERSION_PROPERTY ${GENERATORS_VERSION_PROPERTY}"
           echo "GENERATORS_VERSION_PROPERTY=${GENERATORS_VERSION_PROPERTY}" >> $GITHUB_ENV
-          mvn clean verify -U -DJETTY_TEST_HTTP_PORT=8070 -DJETTY_TEST_STOP_PORT=8069 ${GENERATORS_VERSION_PROPERTY}
+          mvn clean verify -U -DJETTY_TEST_HTTP_PORT=8070 -DJETTY_TEST_STOP_PORT=8069 ${GENERATORS_VERSION_PROPERTY}
+
+      - name: Download Wiz CLI
+        run: curl -o wizcli https://downloads.wiz.io/wizcli/latest/wizcli-linux-amd64 && chmod +x wizcli
+
+      - name: Authenticate to Wiz
+        run: ./wizcli auth --id "$WIZ_CLIENT_ID" --secret "$WIZ_CLIENT_SECRET"
+        env:
+          WIZ_CLIENT_ID: ${{ secrets.WIZ_CLIENT_ID }}
+          WIZ_CLIENT_SECRET: ${{ secrets.WIZ_CLIENT_SECRET }}
+
+      - name: Scan Maven build directory with Wiz
+        run: |
+          ./wizcli dir scan \
+            --path . \
+            --policy "$POLICY" \
+            --tag repo="${{ github.repository }}" \
+            --tag commit="${{ github.sha }}" \
+            --tag java="${{ matrix.java }}" > /dev/null 2>&1
+        env:
+          POLICY: "SmartBear default vulnerabilities policy"