Overview
ZeroPath’s Wiz integration enables you to upload scanner results directly to your Wiz dashboard and view exposure information in the Explorer and Application tabs. This integration is currently in early access.Prerequisites
Before setting up the Wiz integration, ensure you have:- Wiz UVM enabled in your Wiz account
- The necessary Wiz API permissions (see Required Permissions)
- Access to your Wiz dashboard settings
Enabling Wiz UVM
If Wiz UVM is not already enabled on your account:- Navigate to your Wiz dashboard
- Go to Settings → Preview & Migration Hub
- Enable Universal Vulnerability Management (UVM)
Setup Instructions
1. Create the Integration in Wiz
Create the integration credentials using the dedicated ZeroPath tile in Wiz — do not create credentials through a service account.- Navigate to https://app.wiz.io/settings/deployments/integrations/new/zero-path
- Follow the prompts to complete the integration setup and generate your credentials
2. Configure the Integration in ZeroPath
- Navigate to https://zeropath.com/app/settings/integrations
- Click Add Integration
- Select Wiz from the list of available integrations
-
Fill out the configuration fields:
Required Fields:
- Client ID: Your Wiz service account client ID
- GraphQL URL: Your Wiz GraphQL API endpoint (e.g.,
https://api.us17.app.wiz.io/graphql) - Client Secret: Your Wiz service account client secret
- Token URL: OAuth token endpoint (defaults to
https://auth.app.wiz.io/oauth/token) - Wiz Project IDs: Limit the integration to specific Wiz projects by entering project IDs separated by commas or new lines. Leave blank to include all projects.
- Enable SAST Enrichment: Toggle to enable uploading scanner results to Wiz (enabled by default)
- Click Save to complete the integration setup
3. Required Permissions
Your Wiz API credentials must have the following permissions:- Upload scanner results to Wiz
- Read exposure and configuration data
- Sync findings between platforms
Features
Scanner Results Upload
Once configured, ZeroPath automatically uploads scanner results to your Wiz Unified Vulnerability Management (UVM) dashboard. The uploaded results from ZeroPath will be visible in your Wiz UVM interface, allowing you to view and manage findings alongside your other Wiz security data.Exposure Information in ZeroPath
The integration pulls exposure information from Wiz and displays it in ZeroPath’s Application view. You can see which applications have internet exposure based on Wiz’s network analysis, along with direct links to the Wiz dashboard and exposed URIs.Dynamic Tagging Based on Exposure
Create tags that automatically apply to repositories when internet exposure is detected by Wiz.Setting Up Dynamic Tags
- Go to Settings > Tags
- Click Create Tag
- Enter a tag name and optional description
- Under Dynamic Tag Triggers, select Internet exposure
- Optionally select specific repositories or add custom property filters
- Click Create Tag
Verifying the Integration
After setting up the Wiz integration, you can verify it’s working correctly by checking the following:Check SAST Results in Wiz
If Enable SAST Enrichment is turned on:- Run a full scan on a repository in ZeroPath
- After the scan completes, navigate to your Wiz UVM dashboard
- Look for the uploaded findings from ZeroPath in your SAST results
- Findings will appear alongside your other Wiz security data
SAST results are uploaded automatically after a full scan completes. Allow a few minutes for results to appear in Wiz.
Check Exposure Data in ZeroPath
If the integration is pulling exposure data correctly:- Navigate to any Application in ZeroPath that is deployed and exposed to the internet
- In the Application view, look for:
- Wiz Dashboard Link: A clickable link labeled “Open Wiz Dashboard” that takes you directly to the resource in Wiz
- Exposed URIs: A list of publicly accessible endpoints detected by Wiz
Check Integration Status
- Go to https://zeropath.com/app/settings/integrations
- Verify the Wiz integration card is displayed with your configured Project IDs
- Click the settings icon to confirm your configuration is saved correctly
View Wiz Sync Progress
To view detailed information about the current Wiz sync progress:- Navigate to https://zeropath.com/app/scans
- Click on the scan time to open the scan logs
- The logs will show the status of the Wiz integration, including upload progress and any errors
Troubleshooting
Scanner Results Not Appearing in Wiz
- Verify SAST Enrichment is enabled: In your integration settings, ensure the “Enable SAST Enrichment” toggle is turned on
- Verify UVM is enabled: Confirm that Wiz UVM is active in your Wiz dashboard under Settings → Preview & Migration Hub
- Check API permissions: Ensure your Wiz API credentials have all required permissions, especially
create:external_data_ingestionandread:system_activities - Run a full scan: SAST results are only uploaded after full scans complete, not PR scans
- Wait for processing: Allow a few minutes for results to appear in Wiz after the scan completes
Exposure Data Not Appearing in ZeroPath
- Verify deployment files exist: ZeroPath detects exposures by analyzing deployment configuration files (Kubernetes YAML, Docker Compose, Helm charts) in your repository
- Check API permissions: Ensure your credentials have
read:network_exposure,read:resources, andread:projectspermissions - Verify resources in Wiz: The resources defined in your deployment files must exist in your Wiz inventory
- Check Project IDs: If you specified Wiz Project IDs, ensure your resources are in those projects
Dynamic Tags Not Applying
- Confirm exposure data sync: Verify that exposure information is being synced from Wiz (check the Application view for Wiz exposure data)
- Check tag configuration: Ensure the Internet exposure trigger is selected in your tag settings at Settings > Tags
- Check permissions: Ensure your Wiz credentials have
read:resourcesandread:projectspermissions