add wiz scan on create PR to 3.0.0 (SWG-14342)

ewaostrowska · ewaostrowska · commit 8dd7de6149a9 · 2025-07-14T10:29:14.000+02:00
diff --git a/.github/workflows/maven-master.yml b/.github/workflows/maven-master.yml
@@ -88,7 +88,7 @@ jobs:
         with:
           java-version: ${{ matrix.java }}
       - name: Cache local Maven repository
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: ~/.m2/repository
           key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
diff --git a/.github/workflows/maven-pr-3.0.yml b/.github/workflows/maven-pr-3.0.yml
@@ -75,4 +75,16 @@ jobs:
           fi
           echo "GENERATORS_VERSION_PROPERTY ${GENERATORS_VERSION_PROPERTY}"
           echo "GENERATORS_VERSION_PROPERTY=${GENERATORS_VERSION_PROPERTY}" >> $GITHUB_ENV
-          mvn clean verify -U -DJETTY_TEST_HTTP_PORT=8070 -DJETTY_TEST_STOP_PORT=8069 ${GENERATORS_VERSION_PROPERTY}
+          mvn clean verify -U -DJETTY_TEST_HTTP_PORT=8070 -DJETTY_TEST_STOP_PORT=8069 ${GENERATORS_VERSION_PROPERTY}
+          
+      - name: Download Wiz CLI
+        run: curl -o wizcli https://downloads.wiz.io/wizcli/latest/wizcli-linux-amd64 && chmod +x wizcli
+
+      - name: Scan Maven build directory with Wiz
+        run: |
+          ./wizcli auth --id "$WIZ_CLIENT_ID" --secret "$WIZ_CLIENT_SECRET"
+          ./wizcli dir scan --path target --policy "$POLICY"
+        env:
+          WIZ_CLIENT_ID: ${{ secrets.WIZ_CLIENT_ID }}
+          WIZ_CLIENT_SECRET: ${{ secrets.WIZ_CLIENT_SECRET }}
+          POLICY: "SmartBear default vulnerabilities policy"
