Harness

Harness natively integrates Wiz CLI into the Security Testing Orchestration (STO) module. This allows users to run misconfiguration scans against Infrastructure as Code (IaC) templates and vulnerability scans against resources such as container images, as steps within their Harness pipelines, or ingest Wiz scan reports (JSON/SARIF format) generated for container images and code repositories.

Challenge and Solution

Through the integration of Wiz CLI into Harness STO, Wiz IaC, Secret Detection and Container scanners are included in the Harness Platform Step Library. Users simply have to add an execution step within the specified pipeline phase, provide Wiz authentication credentials, and execute the pipeline. Harness STO automatically deduplicates and prioritizes vulnerabilities for security teams and developers. For each detected vulnerability, Harness STO provides prescriptive AI-generated remediation guidance so developers can rapidly remediate vulnerabilities without toil. Users can enforce policy-as-code pipeline governance based on the OPA standard, track issues through JIRA, and manage security exemptions. 

Integration Benefits

• ​​Seamlessly integrate Wiz CLI with the Harness Security Testing Orchestration (STO) module, as well as with Harness Continuous Integration (CI) and Harness Infrastructure-as-Code-Management (IaCM) modules 

• Effortlessly configure and run IaC, Secret Detection, and Container scans to detect secrets, identify infrastructure misconfigurations, and vulnerabilities as part of developers’ pull requests  

• Reduce alert fatigue in the cloud by catching and fixing critical risks before they ever reach production  

• Govern and enforce policies on your development pipelines based on vulnerability severity and CVE data provided by Wiz 

• Auto-remediate vulnerabilities with code assistance and recommendations from Harness AIDA (AI Developer Assistant) 

Better Together

Together, Wiz and Harness solve a key challenge of shift left security. Most organizations that implement application security testing earlier in their software development lifecycles do so without the tools and capabilities that would offer them faster security scans and vulnerability remediation workflows that minimize developer toil. 

The integration of Wiz CLI with Harness Security Testing Orchestration is ideal for software-producing organizations seeking to deliver more secure applications at higher velocity. Wiz CLI scans are fast and deliver accurate and reliable vulnerability data. Harness STO seamlessly integrates Wiz CLI and connects developers with application security teams through intuitive workflows that facilitate rapid vulnerability remediation and effective security governance.