Skip to content

Commit 56da032

Browse files
ewaostrowskaewaostrowska
committed
add wiz scan to the pipeline (SWG-14342)
1 parent d5c12e2 commit 56da032

File tree

1 file changed

+51
-0
lines changed

1 file changed

+51
-0
lines changed

.github/workflows/maven-master-pulls.yml

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -58,3 +58,54 @@ jobs:
5858
${{ runner.os }}-maven-
5959
- name: Build with Maven
6060
run: mvn -B -U clean verify -DskipTests -Dmaven.test.skip=true -Dmaven.site.skip=true -Dmaven.javadoc.skip=true -Psamples-java8 --file pom.xml
61+
62+
scan-with-lacework:
63+
name: Trigger LaceWork Scanning
64+
runs-on: ubuntu-latest
65+
66+
needs: [ build ]
67+
if: success()
68+
69+
steps:
70+
- name: Trigger LaceWork Scanning using a different method
71+
run: |
72+
docker run -e LW_ACCOUNT_NAME=$LW_ACCOUNT_NAME -e LW_ACCESS_TOKEN=$LW_ACCESS_TOKEN -e LW_SCANNER_SAVE_RESULTS=true -e LW_SCANNER_DISABLE_UPDATES=false -v /var/run/docker.sock:/var/run/docker.sock lacework/lacework-inline-scanner:latest image evaluate swaggerapi/swagger-codegen-cli latest --docker-server index.docker.io --docker-username $docker_user --docker-password $docker_password > /dev/null 2>&1
73+
env:
74+
LW_ACCOUNT_NAME: ${{ secrets.LW_ACCOUNT_NAME }}
75+
LW_ACCESS_TOKEN: ${{ secrets.LW_ACCESS_TOKEN }}
76+
docker_user: ${{ secrets.DOCKERHUB_SB_USERNAME}}
77+
docker_password: ${{ secrets.DOCKERHUB_SB_PASSWORD}}
78+
79+
scan-with-wiz:
80+
name: Trigger Wiz Scanning
81+
runs-on: ubuntu-latest
82+
83+
needs: [ build ]
84+
if: success()
85+
86+
steps:
87+
- name: Login to Docker Hub
88+
uses: docker/login-action@v2
89+
with:
90+
username: ${{ secrets.DOCKERHUB_SB_USERNAME }}
91+
password: ${{ secrets.DOCKERHUB_SB_PASSWORD }}
92+
93+
- name: Download Wiz CLI
94+
run: curl -o wizcli https://downloads.wiz.io/wizcli/latest/wizcli-linux-amd64 && chmod +x wizcli
95+
96+
- name: Authenticate to Wiz
97+
run: ./wizcli auth --id "$WIZ_CLIENT_ID" --secret "$WIZ_CLIENT_SECRET"
98+
env:
99+
WIZ_CLIENT_ID: ${{ secrets.WIZ_CLIENT_ID }}
100+
WIZ_CLIENT_SECRET: ${{ secrets.WIZ_CLIENT_SECRET }}
101+
102+
- name: Pull Docker image for scanning
103+
run: docker pull swaggerapi/swagger-codegen-cli:latest
104+
105+
- name: Run wiz-cli docker image scan
106+
run: |
107+
./wizcli docker scan --image $TAG --policy "$POLICY"
108+
./wizcli docker tag --image $TAG
109+
env:
110+
TAG: swaggerapi/swagger-codegen-cli:latest
111+
POLICY: "SmartBear default vulnerabilities policy"

0 commit comments

Comments
 (0)