Wiz
Blog

Wiz Code: Experience True ASPM With Code-to-Cloud Context

Enhance your application security posture with Wiz Code's integration of 3rd-party SAST scanners and cloud context for faster risk prioritization and remediation.

Oron Noah, Shashank Golla
4 minutes read

AppSec and engineering teams today face the paradox of choice. With a growing array of tools—SAST, DAST, SCA, API Security, and more—the real challenge isn’t just identifying risks but prioritizing the high volume of findings and navigating tool-specific workflows. Consequently, even the most advanced security tools can go underutilized.

Wiz Code offers a new way forward with the Wiz Integration (WIN) Platform, our open integration ecosystem. By ingesting findings today from external tools like SAST, and soon DAST, and API security into Wiz’s Security Graph, Wiz Code unifies them with cloud and runtime insights, enabling teams to prioritize and address critical issues faster—no matter where they originate. This empowers organizations to get the best of both worlds: leveraging their existing stack while enhancing actionability.

Code-to-cloud: The Holy Grail of Visibility

Wiz Code extends Wiz’s cloud security platform into the heart of developer environments, ensuring security teams can track risks from the first line of code to cloud infrastructure. At the core is a unified inventory and code-to-cloud correlation powered by the Wiz Security Graph.

Wiz maps both ends of the stack—starting with what’s running in production using Wiz Cloud, which maintains a comprehensive inventory of all cloud resources, technologies, and environments.

On the other end, Wiz Code scans and catalogs code repositories, CI/CD pipelines, and developer identities. It automatically pulls repositories and tracks both human (developers) and non-human identities (such as service accounts), correlating their activity with cloud environments.

The Inventory > Code Repositories page provides essential data on the repositories in your code environment

This unified view helps security teams determine who is responsible for any change and how it ties into the broader application security posture.

Enforcing Security Policies with a Unified Policy Engine

Wiz Code leverages a unified policy engine that enforces security policies consistently across the entire development lifecycle. Whether scanning for vulnerabilities, misconfigurations, secrets, or sensitive data, Wiz ensures that security rules are applied uniformly across both code and cloud environments.

Wiz’s built-in scanners can detect a broad range of risks, including:

  • Software Composition Analysis: Detecting vulnerabilities in third-party libraries.

  • IaC scanning: Ensuring Infrastructure-as-Code deployments are secure.

  • Secrets detection: Finding and mitigating hardcoded credentials in code repositories.

  • Sensitive data scanning: Highlighting sensitive information that should be protected.

The WIN platform offers native CI/CD integrations, allowing teams to run Wiz scans directly within their pipelines to identify and remediate risks before they reach production. DevOps platforms like Harness and Buildkite have developed Wiz-certified integrations, embedding the WizCLI deep into continuous integration workflows. This allows their users to scan for IaC misconfigurations, secrets, and vulnerabilities in code and containers, adding another layer of defense pre-deployment.

Ingesting Third-Party Findings

The WIN platform enriches Wiz Code with SAST and DAST findings from existing AppSec tools in a team's security stack. Incorporating these findings in Wiz gives security teams a more comprehensive approach to code security by unifying code and cloud security insights in one place.

Whether integrating directly with a partner like Checkmarx or creating a custom integration where you can bring these findings from any 3rd party tools, WIN ensures that your SAST and DAST findings are contextualized within Wiz, linked directly to the relevant code repository objects, and presented alongside other critical Wiz findings.

Enrich the Wiz Security Graph with data from Checkmarx.

Through Wiz’s Security Graph, findings ingested from 3rd-party solutions like Checkmarx SAST are treated just like the findings raised by Wiz’s built-in scanners. For example, if CWE-1004 (a cookie handling issue) is detected in the codebase through Checkmarx SAST, Wiz Code correlates that finding, through version control system (VCS) connectors, to the associated application and cloud infrastructure, showing which specific workloads are affected and presenting a full attack path.

Prioritizing the Right Risks: Context-Driven Security

Without the right context, teams waste valuable time triaging low-risk issues while more critical vulnerabilities go undetected. Wiz Code solves this by connecting code-level issues to their impact on cloud environments, helping teams focus on what matters most.

With Wiz Code, it’s not just about finding misconfigurations or vulnerabilities in code; it’s about seeing how they impact applications running in cloud environments and prioritizing their findings based on confirmed risk.

“We truly believe that code to cloud is a reality and not just a vision. By utilizing a bi-directional integration, we close the gaps on both sides, providing the missing context for application security and development teams as well as the missing actionability for cloud and operations teams. This will revolutionize how teams approach both application and cloud security.”

Ori Bendet, VP of Product Management at Checkmarx

Orchestrating remediation and collaboration

Wiz Code simplifies the remediation process by fostering collaboration between security and development teams. With project-based segmentation, each team can focus on their relevant code repositories and cloud resources, ensuring that security findings are properly scoped.

To streamline remediation, Wiz Code integrates seamlessly with ChatOps solutions like Slack and Microsoft Teams, as well as ticketing systems like Jira, Linear, ServiceNow, and many more! This ensures that issues are automatically assigned to the right developer or infrastructure owner, with all the context needed for swift remediation.

WIN Ticketing & Messaging Integrations

Confidently Protect Your Applications With Code-to-Cloud Context

Wiz Code’s approach to Application Security Posture Management (ASPM) isn’t about adding more security checks—it’s about making the most of the tools already in place. With a unified, context-rich view of risks from code to cloud, organizations can accelerate remediation, streamline operations, and help teams focus on what matters most.

If you use an AppSec tool that isn’t yet integrated with Wiz, don’t worry—ask your vendor to fill out an application for the WIN platform. For more information on our integrations or to get started with WIN for ASPM, visit our integration catalog.

See the Wiz Integration catalog (WIN)

Tags
#Product

Continue reading

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo