From d796c562e3b5b6f31178c084fe970c4a2e884880 Mon Sep 17 00:00:00 2001
From: aamir-ahmad-atlan <aamir.ahmad@atlan.com>
Date: Tue, 19 Mar 2024 17:01:14 +0530
Subject: [PATCH] added wiz image scan workflow

---
 .github/workflows/wiz-image-scan.yml | 47 ++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 .github/workflows/wiz-image-scan.yml

diff --git a/.github/workflows/wiz-image-scan.yml b/.github/workflows/wiz-image-scan.yml
new file mode 100644
index 000000000..01e4d5a71
--- /dev/null
+++ b/.github/workflows/wiz-image-scan.yml
@@ -0,0 +1,47 @@
+name: Wiz Image Scan
+on:
+  push:
+    branches:
+      - main
+      - wiz-image-scan-main
+  pull_request:
+    branches:
+      - main
+jobs:
+  scan:
+    name: Wiz Image Scan
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push docker image
+        id: docker_build
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: false
+          tags: ${{ github.event.repository.name }}:latest
+          outputs: type=docker,dest=/tmp/${{ github.event.repository.name }}.tar
+
+      - name: Download Wiz CLI
+        run: curl -o wizcli https://wizcli.app.wiz.io/latest/wizcli && chmod +x wizcli
+
+      - name: Authenticate to Wiz
+        run: ./wizcli auth --id "$WIZ_CLIENT_ID" --secret "$WIZ_CLIENT_SECRET"
+        env:
+          WIZ_CLIENT_ID: ${{ secrets.WIZ_CLIENT_ID }}
+          WIZ_CLIENT_SECRET: ${{ secrets.WIZ_CLIENT_SECRET }}
+
+      - name: Run wiz-cli docker image scan
+        run: |
+          docker load --input /tmp/${{ github.event.repository.name }}.tar
+          ./wizcli docker scan --image ${{ github.event.repository.name }}:latest --policy "$POLICY"
\ No newline at end of file