wiz cli CHEF-32378

[vipin230]

Description

This pull request introduces a new GitHub Actions workflow to perform Wiz CLI security scans on Docker images as part of the CI process. It adds the ability to optionally trigger a Wiz scan and fail the build on policy violations, enhancing the security posture of Docker images built in pull requests.

Security scanning integration:

• Added a new reusable workflow .github/workflows/wiz.yml that builds the Docker image, fetches Wiz credentials via AKeyless, runs a Wiz CLI scan, and summarizes the results. The workflow supports custom build strategies and securely handles secrets.
• Updated .github/workflows/ci-main-pull-request.yml to add two new inputs: perform-wiz-scan (to enable/disable Wiz scanning) and wiz-fail-build (to control whether policy violations fail the build).
• Integrated the new Wiz scan workflow into the main CI workflow, conditionally running it based on the new input flags and passing through the fail-build option.

Related Issue

https://progresssoftware.atlassian.net/browse/CHEF-32378

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Chore (non-breaking change that does not add functionality or fix an issue)

Checklist:

• I have read the CONTRIBUTING document.
• I have run the pre-merge tests locally and they pass.
• I have updated the documentation accordingly.
• I have added tests to cover my changes.
• If Gemfile.lock has changed, I have used --conservative to do it and included the full output in the Description above.
• All new and existing tests passed.
• All commits have been signed-off for the Developer Certificate of Origin.