Wiz
Blog

Extend Wiz to your Developers: Enable secure cloud development with agility

New capabilities extend Wiz CNAPP to secure the entire software pipeline, enabling organizations to securely develop for the cloud.

Swaroop Sham, Or Heller
6 minutes read

Today, we are excited to announce new capabilities to help organizations secure the cloud software development process and speed up the resolution of issues. Wiz Secure Cloud Development introduces the ability to:     

  • Scan your code repositories to detect risk early and speed up resolution of issues    

  • Trace risks in the cloud automatically back to the code and teams that introduced them 

  • Provide in-code remediation guidance so developers can fix issues at the source quickly 

  • Ensure the integrity of container images to prevent the risk of image tampering    

  • Secure your software supply chain with complete SBOM visibility without agents  

These new Secure Cloud Development capabilities are the zenith of the CNAPP promise and unlock new value for modern organizations accelerating innovation in the cloud: 

  • Secure the cloud SDLC by design: Scan for everything, everywhere, all at once and ensure anything deployed to production meets security baselines against a single, unified policy framework rooted in run-time context  

  • Rapidly fix issues systemically at the source: Cloud-to-code remediation enables teams to identify risks in production and directly link them to their root cause in the source code origin, greatly accelerating the speed and efficiency of remediation 

  • Readiness for the next threat: Simplify identification of supply chain threats with agentless SBOM search that uncovers 0-day vulnerabilities and streamline investigation of incidents by tracing attack vectors back to the source (e.g.: did we leak this compromised token in our source code?) 

The Developer's Security dilemma 

The cloud is critical to innovation, and developers play a vital role in its development, deployment, and security. Traditional cloud security solutions struggle to address new risks effectively as they take a siloed view of architecture and risks and are nearly impossible to operationalize as they are seen either as a security tool that developers cannot use or a developer tool that security teams cannot trust. To develop secure cloud applications by design, organizations need a new cloud security operating model built on key foundational pillars:  

  • Early and unconditional visibility into security risks across the pipeline with the same scanners for secrets, vulnerabilities, and more at every step, for every architecture, and for first- and third-party software components 

  • Consistent governance and control by evaluating risks against the same policy as software moves from the developers' sandbox through deployment and into production 

  • Flexibility for risks and incident learnings to be easily prioritized and fixed at any stage of the development pipeline as needed by the business 

  • Centralized visibility for security teams and self-service for development teams so they can understand and control risks together across the development lifecycle 

By integrating these pillars into their approach, organizations will effectively align developer autonomy with stringent security, fostering an environment where innovative software development happens securely and rapidly. 

One cloud security platform for production and every development pipeline

Wiz's cloud security platform covers all scenarios, from code to production, enabled by capabilities like Wiz Guardrails, SBOM generation, and Image integrity to help secure cloud development. Its unified scanner and policy framework enable the same robust security across every step of the build and run time. Wiz secures code, CI/CD pipelines, and deployments while tracking changes in the cloud and code. Most importantly, Wiz democratizes security for customers, with over 50% of active Wiz users already outside of centralized security teams. This centralizes control for security teams without hindering developers, provides early security feedback for developers, and lets organizations customize their software pipeline's security approach. 

With Priceline’s large cloud footprint, we want to address systemic issues, ensure our code is secure at build time, and protect our software supply chain. Wiz enabled us to maintain security while shifting left; we have the necessary guardrails in place that give developers autonomy to deploy securely, saving time for both security and dev teams. This has made security into a business enabler, and it’s helped us maintain a frictionless relationship with our teammates in development.

Andrew McKenna, Cloud Security Architect, Priceline  

Code Scanning: Find and fix risk in your code faster with the new GitHub Connector  

The new Wiz GitHub connector builds on GitHub's revolutionary code collaboration platform. By connecting Wiz to your organization's GitHub account, Wiz automatically discovers all code repositories and maps GitHub users to their environment ownership. The connector then scans the code repositories — either periodically or based on specific events — to identify vulnerabilities, misconfigurations, and secrets, facilitating the remediation of these issues through timely upgrades or fixes.  

For each scan, you can review the scan results, including issues found, scan policies, and commit properties to determine who made the changes in which branch and assess the impact of any issue discovered. GitHub scanning is now available in preview. 

Cloud to code: Trace risk in production right down to code 

Tracing from cloud to code allows security teams to identify production risks and directly link them to the specific code repository and code commit. This accelerates root cause analysis and incident response and significantly reduces the time frame when systems are vulnerable to potential threats. Wiz's new cloud-to-code capability enables you to retrieve metadata from the CI, including who committed the changes, the basis branch and the Docker file contents, and the technologies included. The metadata provided enables you to directly link issues in your cloud to the source code resulting in faster and better understanding of the issue and speeding up remediation. Wiz Cloud to code (for containers) is available now using the Wiz CLI.

SBOM and Image Integrity: Secure your software supply chain  

Supply chain security is critical for safeguarding against threats targeting third-party component vulnerabilities. Securing container images used in deployment ensures no malicious code or vulnerabilities are deployed. An accurate software bill of materials (SBOM) tracks components, letting organizations rapidly identify and mitigate supply chain risks. 

Wiz now extends into the software supply chain, allowing only verified or trusted container images to be deployed, reducing the risk of vulnerabilities or malware from altered images. This enhancement includes features like image tampering protection through signature validation and enforcement of trusted sources by authorizing specific developers and teams and comprehensive visibility in Kubernetes pipelines to monitor changes and identify potential threats efficiently across all clusters. You can access this feature now. Learn more by visiting the Wiz docs(login required).

Wiz's agentless SBOM provides complete visibility into your applications' components, such as packages, open-source libraries, and nested dependencies, without any blind spots or requiring an agent. Maintain an updated SBOM mirroring your production environment without a dedicated process. Export SBOMs in standard formats and centralize them in S3 buckets for analysis or sharing. Search your SBOM to identify and address risks in your application components quickly. Visit the Wiz docs (login required) to get started.

One last thing: Cloud security delivered to your AWS console

Innovation at Wiz goes beyond new use cases or new capabilities to ensure ease of use for everyone that builds in the cloud. Today, we have also launched the Wiz browser extension that empowers infrastructure owners with immediate and contextual cloud security insights right from their cloud platform interface. DevOps, Infrastructure, and IT teams now have complete context about the security posture of their cloud resource directly from their cloud dashboard so they can simply understand and improve security posture without leaving their existing workflows.   

The successful operationalization of a secure cloud development process is the key to scale your cloud security program. Capabilities like code scanning and in-code remediation deliver on the true promise of cloud-native security and development, because they make fixing risks faster and prevent costly production issues at the source. In this spirit, Wiz is demonstrating our continued commitment to enabling customers to fully embrace the concept of DevSecOps with a simple, intuitive platform.

Yinon Costica, VP Product & Cofounder, Wiz

Wiz, with its commitment to continuous innovation, offers a comprehensive CNAPP solution for all cloud security needs, including secure software development, posture management, and threat detection and response. Wiz caters to every stakeholder, including developers, cloud security, and incident response teams and is easy to operationalize and adopt. To discover how to leverage these capabilities for enabling secure cloud development, explore the Wiz docs (login required). Have questions, comments, or feedback? Reach out to Wiz! We love hearing from you. 

 

Tags
#Product

Continue reading

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo