wiz.yml

name: IaC Misconfigurations scan
on: [push]

permissions:
  contents: read
  actions: read
  id-token: write
  security-events: write

jobs:
  set-matrix:
    runs-on: [self-hosted, default-k8s-runner-linux-x64]
    outputs:
      dockerfiles: ${{ steps.set-matrix.outputs.dockerfiles }}
    steps:
      - name: Check out repository
        uses: actions/checkout@v3
      - name: find-docker-files
        id: set-matrix
        run: |
          dockerfiles=$(find . -name "Dockerfile" | jq --raw-input --slurp -c 'split("\n") | map(select(. != ""))')
          echo "dockerfiles=${dockerfiles}" >> $GITHUB_OUTPUT
  wiz-iac-scan-docker:
    needs: set-matrix
    runs-on: [self-hosted, default-k8s-runner-linux-x64]
    if: ${{ needs.set-matrix.outputs.dockerfiles != '[]' && needs.set-matrix.outputs.dockerfiles != '' }}
    strategy:
      fail-fast: false
      matrix:
        dockerfile: ${{ fromJson(needs.set-matrix.outputs.dockerfiles) }}
    steps:
      - name: Check out repository
        uses: actions/checkout@v3

      - name: Wiz IaC Scan
        uses: Innersource/wizcli-wrapper@v1
        with:
          skip_iac_scan: true
          docker_scan_filename: "${{ matrix.dockerfile }}"
          skip_docker_build: true
  wiz-iac-scan-default:
    needs: set-matrix
    runs-on: [self-hosted, default-k8s-runner-linux-x64]
    steps:
      - name: Check out repository
        uses: actions/checkout@v3

      - name: Wiz IaC Scan
        uses: Innersource/wizcli-wrapper@v1
        with:
          iac_scan_path: "."
          skip_docker_scan: true