> ## Documentation Index
> Fetch the complete documentation index at: https://zeropath.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Exposure Information

> Pull exposure data from Wiz to identify internet-exposed applications

## Overview

The Wiz exposure integration pulls network exposure and cloud configuration data from Wiz into ZeroPath. This allows you to see which of your applications are internet-exposed and automatically adjust security policies based on exposure status.

## How Exposure Detection Works

When Wiz integration is enabled, ZeroPath automatically detects whether your code is deployed to internet-facing infrastructure. Here's how the process works:

1. **Deployment file detection** — ZeroPath searches your repository for deployment configuration files (Kubernetes manifests, Dockerfiles, Helm charts, docker-compose files, etc.) based on common naming conventions and directory patterns (e.g., `k8s/`, `deploy/`, `helm/`, `production.yaml`).
2. **Resource name extraction** — Container names, service names, and deployment names are parsed from those deployment files. For YAML files, it looks at Kubernetes `kind: Deployment` metadata, container specs, and docker-compose service definitions. For Dockerfiles, it checks `LABEL` directives and infers names from directory structure.
3. **Wiz resource matching** — Those extracted names are matched against your organization's Wiz inventory to identify deployed resources.
4. **Exposure check** — Matched resources are checked for `PUBLIC_INTERNET` network exposures in Wiz. Only public internet exposures are considered — private network exposures do not affect the result.

## What You Get

### Exposure Data in ZeroPath

Once configured, ZeroPath displays Wiz exposure information in your Application view. You can see which applications have internet exposure, along with a link to your Wiz tenant dashboard and a list of exposed URIs.

### Severity Score Impact

Internet exposure data is used to help calculate severity scores for findings. Code deployed to internet-facing infrastructure is considered higher risk, which is reflected in the severity scoring.

### Dynamic Tagging Based on Exposure

Create tags that automatically apply to repositories when internet exposure is detected.

1. Go to [Settings > Tags](https://zeropath.com/app/settings/tags)
2. Click **Create Tag**
3. Under **Dynamic Tag Triggers**, select **Internet exposure**
4. Click **Create Tag**

Repositories with internet exposure will automatically receive this tag.

## Required Permissions

For exposure information, your Wiz API credentials need:

```
read:resources
read:projects
read:network_exposure
```

## Troubleshooting

### Exposure Data Not Syncing

* **Check API permissions**: Ensure your Wiz API credentials have `read:network_exposure`, `read:resources`, and `read:projects` permissions
* **Review integration status**: Check the integration status in ZeroPath settings
* **Verify Wiz data**: Confirm that the exposure data exists in your Wiz account

### Dynamic Tags Not Applying

* **Confirm exposure data sync**: Verify that exposure information is being synced from Wiz
* **Check tag configuration**: Ensure the Internet exposure trigger is selected in your tag settings