Skip to main content

Set up the Wiz connector

Wiz is a cloud security platform that provides protection across code, CI/CD pipelines, and cloud environments.

Ingesting Wiz vulnerability data into Veracode Risk Manager (VRM) helps power risk prioritization and best next actions to ensure that VRM is recommending the best actions to reduce the most risk in your environment.

Complete the following tasks to set up your Veracode Risk Manager (VRM) connector for Wiz.

Ensure user permissions

To deploy VRM, you must have sufficient permissions in Wiz to create a client ID and client secret.

Create the client ID and client secret

Create a client ID and client secret in Wiz to allow VRM to access your Wiz data. You can create the client ID and client secret in Wiz using either a dedicated connector or a service account.

Veracode recommends using the dedicated connector method because it is officially supported by both Wiz and Veracode.

Use a dedicated connector

  1. Log in to your Wiz account.
  2. Go to https://app.wiz.io/settings/connect
  3. Search for and select the Veracode Risk Manager connector.
  4. Follow the steps onscreen to create a connector.
  5. Save the Client ID, Client Secret, and API endpoint to a secure location.

Use a service account

  1. In Wiz, select Settings > Service Accounts > Add Service Account.

  2. Enter a name for the account.

  3. For the Type, select Custom Integration (GraphQL API). Wiz service account

  4. Optionally, select projects to limit the account's access.

  5. Select scopes to grant this account the following permissions:

    PermissionDescription
    read:issuesRead an issue, list issues
    read:vulnerabilitiesRead vulnerabilities
    read:reportsRead reports generated for incremental ingestion
    create:reportsCreate reports to support incremental ingestion

  6. Select Add Service Account. A window opens with your new OAuth credentials: client ID and client secret.

  7. Copy the client ID and client secret to a secure location.

    Wiz client credentials

  8. Select Finish.

Retrieve the GraphQL endpoint and authentication provider

The Wiz GraphQL API endpoint has the following format: https://api.<region>.app.wiz.io/graphql.

<region> is the AWS region of your tenant, such as us1, us2, eu1 or eu2.

To retrieve your GraphQL endpoint and authentication provider:

  1. In the top right of Wiz's portal, select User icon > Tenant > User settings (direct link).
  2. Copy the API endpoint URL to a secure location.
  3. Copy the authentication provider URL to a secure location. Wiz URL endpoint

Create a VRM connector

  1. In VRM, from the left navigation menu, select the Settings icon settings_icon.png.
  2. Select Add Connector.
  3. Select the Wiz tile.
  4. Enter a name for the connector.
  5. Paste the API endpoint URL, client ID, client secret, and authentication provider URL that you generated in Wiz.
  6. Select Add Connector.
Last updated on