fix: solve codeql alerts #66

Workflow file for this run

	# Workflow name!
	name: 'wiz-cli'

	# Events that trigger this workflow:
	# - When a pull request is opened or updated
	# - When manually triggered via the GitHub Actions UI
	# - On a weekly schedule (every Sunday at midnight)
	on:
	pull_request: {}
	workflow_dispatch: {}
	schedule:
	- cron: '0 0 * * 0'

	permissions: {}

	jobs:
	wiz-cli-iac-scan:
	name: 'Wiz-cli IaC Scan'
	runs-on: ubuntu-latest
	if: ${{ github.actor != 'dependabot[bot]' }}
	environment: wiz
	permissions:
	security-events: write # Needed to upload SARIF results to GitHub Security tab
	contents: read # Allows the job to read repo content
	actions: write # Allows the job to trigger or interact with actions
	env:
	SCAN_PATH: "."
	POLICY: "Audit IaC policy"
	steps:
	- name: Check out repository
	uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	with:
	fetch-depth: 0 # Fetch full history for accurate scan results

	- name: Generate Github token
	id: generate_github_token
	uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
	with:
	app-id: ${{ vars.BT_DX_WIZ_APP_ID }}
	private-key: ${{ secrets.BT_DX_WIZ_APP_PEM }}
	owner: BeyondTrust
	repositories: wiz-iac-scan-action

	- name: Checkout wiz-iac-scan-action
	uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	with:
	repository: beyondtrust/wiz-iac-scan-action
	ref: "0429602a8db7783139e3f092ba276040203ef095" # v1.0.0
	token: ${{ steps.generate_github_token.outputs.token }}
	path: ./wiz-iac-scan
	fetch-depth: 1
	sparse-checkout: \|
	/action.yml
	sparse-checkout-cone-mode: false

	- name: Run WizCLI
	uses: ./wiz-iac-scan/
	with:
	wiz_client_id: ${{ secrets.WIZ_CLIENT_ID }}
	wiz_client_secret: ${{ secrets.WIZ_CLIENT_SECRET }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: solve codeql alerts #66

Workflow file

fix: solve codeql alerts #66

Uh oh!

Workflow file for this run