Today marks the general availability of Wiz Code, the natural next step in the evolution of Wiz and CNAPP to the left!
We have always believed that in order to scale in the cloud, security must be woven into the development lifecycle. That is why we are bringing the trademark precision of Wiz’s cloud security platform to developer environments. Extending our coverage from the first line of code to runtime has already helped our customers in preview transform their AppSec and DevSecOps programs. Now, every other organization can secure their cloud-native applications at every stage of development, protecting their code, CI/CD systems, and infrastructure in one unified platform.
The results are immediate: better security posture for your code and cloud, faster remediation of security issues, and improved developer productivity.
Unifying developer and cloud security
The cloud has changed everything. Modern development practices like DevOps, containerization, and Infrastructure-as-Code (IaC) have blurred the lines between code and infrastructure. If developers are no longer building in isolation, how is it that application security and cloud security are still treated as separate concerns? This disconnect has led to duplication of efforts, inefficiencies with multiple-point solutions, and ultimately a higher total cost of ownership—all while leaving critical gaps in security coverage.
Meanwhile, the attack surface has expanded. Attackers now target the entire software supply chain—from source code management and CI/CD systems to developer identities. These paths present new entry points to cloud environments and their crown jewels, such as sensitive data and critical infrastructure. Worse, by exploiting these paths, attackers can trigger large-scale software supply chain attacks that affect thousands of downstream users, dramatically widening the blast radius.
Wiz Code was built to address these growing risks by securing every stage of the lifecycle, from code and cloud to runtime. Wiz Code extends Wiz Cloud’s capabilities by correlating critical attack paths and cloud risks back to their source code and the developer, offering remediation directly within the code. This results in faster, more effective resolution of cloud risks, right at the source.
The hallmark of Wiz is to combine visibility with context for the benefit of individuals across multiple teams. Comprehensive code to cloud security is yet another key that unlocks the true promise of CNAPP. Wiz Code comes at an opportune moment: businesses are thirsting for platform solutions that enable innovation, agility, and scale.
Philip Bues, Senior Research Manager in Cloud Security, IDC
Unlocking new use cases with Wiz Code
Code-to-Cloud and Cloud-to-Code mapping with the Wiz Security Graph: Wiz Code uses the Security Graph to connect code repositories and CI/CD pipelines, to cloud environments and back. This capability enables security teams to prioritize the most critical issues, mapping them across the entire stack—from misconfigurations in cloud infrastructure to vulnerabilities in third-party libraries and exposed secrets. Additionally, Wiz Code highlights ownership context, making it clear which development teams are responsible for specific issues. This accelerates remediation, eliminates silos, and drives efficient collaboration.
One policy engine for code, cloud, and runtime: Wiz Code expands the Wiz unified policy engine that enforces security controls consistently across the entire development lifecycle. This includes SCA and SBOM, as well as scanning for open source vulnerabilities, malware, exposed secrets, IaC misconfigurations, and sensitive data. By correlating findings across code, cloud, and runtime, Wiz merges them into a single view, helping teams identify root causes and address issues faster and more effectively.
Accelerated remediation of misconfigurations and vulnerabilities in the cloud: Wiz Code is deeply embedded into developer workflows and generates one-click fix suggestions, so developers don’t have to leave their favorite tools. This empowers organizations to fix cloud issues in code faster, reducing their window of exposure and exploitation. The ability to trace risks back to the repository and the developer that introduced them allows teams to quickly apply fixes and compare before/after states, ensuring the issue is fully remediated.
Starting secure in code with Wiz guardrails: Wiz Code offers real-time security feedback, enriched with cloud insights, directly in the IDE and pull requests. This helps developers anticipate the impact vulnerabilities or exposed secrets will have once their code is deployed. By ensuring robust code security from the start, development teams can avoid accumulating security debt, keeping their sprint cycles focused on value delivery while maintaining a high level of security.
Extending security posture management to the pipeline: Wiz Code extends Wiz’s CSPM capabilities to developer environments like version control and CI/CD systems. By integrating configuration data from developer tools into the Security Graph, Wiz Code provides more accurate risk prioritization, helping teams focus on critical attack paths. In addition, security teams can assess their degree of compliance with emerging frameworks such as OWASP TOP10 CI/CD Risks or OpenSSF Source Code Management Best Practices.
Real-World Example: Log4Shell and the power of Wiz Code
Let’s revisit Log4Shell (CVE-2021-44228) to show Wiz Code in action.
Imagine a Java application in which the Wiz Sensor identifies the Log4Shell vulnerability in a container during runtime. Wiz flags this critical threat, confirming that the vulnerable Log4J library is loaded in memory and actively running in the affected workload.
Once detected in the live container, Wiz traces the issue back to the original Dockerfile used to build the container image. Developers then easily remediate the vulnerability by initiating a one-click pull request. Wiz suggests upgrading the vulnerable Apache Log4J library directly in the manifest file. Once it’s done and the updated container images are redeployed, Wiz will re-assess the issue in cloud and runtime to confirm it has been resolved.
In this example, organizations don’t need a combination of siloed security tools to cobble together a solution. They can quickly eliminate an existing vulnerability and get ready for the next one to be exploited in the wild—with full visibility, risk assessment, and remediation all in a single platform.
Wiz Code has helped us shift left our security responsibilities. Teams are now catching and fixing issues before they get deployed and coming to us earlier for help designing their solutions. Having source repositories directly in Wiz also has helped us ensure projects are scoped to their actual owners, as a lot of accounts are shared. Having that direct sourcing to the repos speeds up triage for us as well.
Rory Carson, Security Engineer at Contentful
The future of developer and cloud security is here
Four years ago, we set out to create a product that security and development teams would love. The mission was to build a platform that would enable a new operating model for security in the cloud, in which cloud builders and defenders engage together in a collective effort to reduce risk – ultimately making everyone’s life easier. Wiz Code is the next frontier on that journey.
Wiz Code and Wiz Cloud represent the future of cloud-native security. With the Security Graph as the foundation, they bridge the gap between application and cloud security, providing organizations with complete visibility, risk prioritization, and remediation across the entire cloud-native lifecycle. With this unified platform, teams can operationalize security programs at scale—breaking down silos and securing their entire cloud-native application lifecycle, from code to runtime.
In the final section of this blog series on uncovering complex hybrid cloud attacks, we’ll share key elements of the response to the real-world sophisticated cloud attack outlined in Part 2.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management