add wiz scan on create PR to 3.0.0 (SWG-14342)

ewaostrowska · ewaostrowska · commit 9b7a6e2440d0 · 2025-07-14T11:27:29.000+02:00
diff --git a/.github/workflows/maven-master-pulls.yml b/.github/workflows/maven-master-pulls.yml
@@ -32,6 +32,26 @@ jobs:
       - name: Build with Maven
         run: mvn -B -U verify --file pom.xml
 
+      - name: Download Wiz CLI
+        run: curl -o wizcli https://downloads.wiz.io/wizcli/latest/wizcli-linux-amd64 && chmod +x wizcli
+
+      - name: Authenticate to Wiz
+        run: ./wizcli auth --id "$WIZ_CLIENT_ID" --secret "$WIZ_CLIENT_SECRET"
+        env:
+          WIZ_CLIENT_ID: ${{ secrets.WIZ_CLIENT_ID }}
+          WIZ_CLIENT_SECRET: ${{ secrets.WIZ_CLIENT_SECRET }}
+
+      - name: Scan Maven build directory with Wiz
+        run: |
+          ./wizcli dir scan \
+            --path . \
+            --policy "$POLICY" \
+            --tag repo="${{ github.repository }}" \
+            --tag commit="${{ github.sha }}" \
+            --tag java="${{ matrix.java }}"
+        env:
+          POLICY: "SmartBear default vulnerabilities policy"
+
   build-java8:
 
     runs-on: ubuntu-latest
@@ -57,24 +77,4 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-maven-
       - name: Build with Maven
-        run: mvn -B -U clean verify -DskipTests -Dmaven.test.skip=true -Dmaven.site.skip=true -Dmaven.javadoc.skip=true -Psamples-java8 --file pom.xml
-
-      - name: Download Wiz CLI
-        run: curl -o wizcli https://downloads.wiz.io/wizcli/latest/wizcli-linux-amd64 && chmod +x wizcli
-
-      - name: Authenticate to Wiz
-        run: ./wizcli auth --id "$WIZ_CLIENT_ID" --secret "$WIZ_CLIENT_SECRET"
-        env:
-          WIZ_CLIENT_ID: ${{ secrets.WIZ_CLIENT_ID }}
-          WIZ_CLIENT_SECRET: ${{ secrets.WIZ_CLIENT_SECRET }}
-
-      - name: Scan Maven build directory with Wiz
-        run: |
-          ./wizcli dir scan \
-            --path . \
-            --policy "$POLICY" \
-            --tag repo="${{ github.repository }}" \
-            --tag commit="${{ github.sha }}" \
-            --tag java="${{ matrix.java }}"
-        env:
-          POLICY: "SmartBear default vulnerabilities policy"
+        run: mvn -B -U clean verify -DskipTests -Dmaven.test.skip=true -Dmaven.site.skip=true -Dmaven.javadoc.skip=true -Psamples-java8 --file pom.xml
