Wiz Defend is Here: Threat detection and response for cloud

Wiz ❤️ HashiCorp: Wiz’s new integration with Terraform Run Tasks helps customers slash risks and boost developer productivity

Mutual Wiz and HashiCorp customers can leverage this integration to scan their IaC configuration and enforce security best practices to reduce risk.

2 minutes read

Today, we're excited to announce Wiz’s integration with Hashicorp Terraform Cloud and Enterprise Run Tasks. Mutual customers can seamlessly add checks to their Terraform pipelines for completely automated security guardrails and feedback. Detect secrets or misconfigurations in IaC using a post-plan or pre-apply run task.  

Hashicorp Terraform Run Tasks  

HashiCorp Terraform Cloud and Enterprise (the self-hosted version of Terraform Cloud) streamlines the provisioning, management, and collaboration of cloud infrastructure. It enables teams managing their cloud infrastructure with Terraform to utilize a unified platform for team collaboration, creating a streamlined review and approval of infrastructure changes. Additionally, Terraform can oversee remote operations with cloud providers. 

Terraform run tasks enable the integration of third-party tools into Terraform provisioning pipelines. Customers can seamlessly incorporate external tasks such as custom scripts, security checks, and dependency updates as regular steps within automated Terraform workflows. Terraform run tasks present an extensible ecosystem where a diverse array of solutions can extend the core Terraform provisioning engine. Run tasks interact with Terraform runs at specific points in the lifecycle, e.g., post-plan and pre-apply. Run tasks have an enforcement level of advisory or mandatory set within the Terraform workspace. The Terraform run will stop the deployment if the Run Task returns a failed status, and the enforcement level is set to mandatory. 

Wiz’s integration with Terraform Cloud and Terraform Enterprise  

The Wiz integration with Terraform Cloud and Terraform Enterprise is a post-plan or pre-apply run task that scans the user’s IaC Terraform configuration and detects secrets and misconfigurations. This integration helps to automate and enforce security best practices, ensuring that only secure infrastructure is deployed — thereby reducing the organization's overall risk exposure. The benefits of this integration include:  

  • Early and consistent reduction of risk: Wiz enables you to take runtime security learnings and apply them (in the form of security scans and policies) into the pipeline enabling a consistent security approach. 

  • Improved efficiency: Enable developers and cloud teams to be productive by integrating their security checks into their existing workflow resulting in faster remediation. 

Wiz's Run Tasks integration serves as a security guardrail, scanning for predefined security policies and preventing insecure deployments. For example, imagine that a publicly exposed storage bucket is added in a Terraform configuration — in this scenario, Terraform constructs a plan for the code, while Wiz's Run Task intervenes to halt the deployment before it reaches the apply stage, ensuring the publicly exposed storage bucket is not deployed.  

The new integration between Wiz and HashiCorp Terraform Cloud helps teams reduce risk by incorporating cloud security insights into Infrastructure as Code development pipelines. Integrating security checks into the development workflow for speedy remediation enhances efficiency and enables the development of new applications securely.

Oron Noah, Head of Product Extensibility and Partnerships

Getting started is simple. This feature is available today in preview. Everything you need is outlined in the Wiz docs (login required). Questions? We’d love to hear from you. Reach out and our team will be glad to assist.    

Continue reading

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management