Setting up Cloud Insights Integration with Wiz
Overview
Checkmarx One integrates with Wiz by establishing a secure connection with Wiz’s API endpoints. Cloud Insights sends API requests to Wiz’s GraphQL endpoints for inventory and runtime-related data, such as clusters, pods, containers, and network exposures. Wiz’s API processes these queries, executing them against its data sources, and returns the results to Checkmarx One.
In addition, if your account has an enrichment integration, it is possible to view SAST vulnerabilities that were identified by Checkmarx in the correlated repos in your CNAPP platform. For Wiz users with a Code Security license, this integration takes effect automatically when you create a Wiz Cloud Insights account.
Prerequisites
A Checkmarx One account with Essential, Professional or Enterprise license.
Wiz account with advanced license
“Wiz Kubernetes connector” must be installed
A Wiz Client ID and Client Secret for this integration
You will need to provide the API endpoint URL for your Wiz environment
In order to view data from Checkmarx One scans in Wiz, you need the following:
A Wiz license that includes scanning your source code repos
Your SCM needs to be connected to Checkmarx One. This is done by creating a cloud repository integration Project, as described here.
Integration Procedure
The Cloud Insights integration flow differs between the initial integration and subsequent ones.
In the initial integration, users use the Integrate Cloud Account button on the Welcome screen. In subsequent integrations, users use the Manage Accounts > Create Account option.
In the initial integration users are prompted with the cluster findings summary at the end of the discovery stage. In subsequent integrations the summary is not presented.
To integrate with Wiz, proceed as follows:
Log in to Checkmarx One.
Click on Workspace > Cloud Insights.
To create the first account, click on the Integrate Cloud Account button on the Cloud Insights welcome screen. To add additional accounts click on Manage Accounts at the top right and then click Create Account in the side panel.
In the Account Integration dropdown, select Wiz integration.
Configure the following:
Wiz API Endpoint
Wiz Client ID
Wiz Client Secret
Name the account
Click on Create Account.
Cloud Insights will start discovering the cluster findings.
Once the discovery finishes, the findings are displayed.
Click on Let's Start Exploring
The internet-facing clusters are displayed in the Attack Paths screen and Inventory table.
Viewing Checkmarx SAST Results in Wiz
If you have a Cloud Insights Wiz integration and a Code Security license for Wiz, then SAST vulnerabilities identified in Checkmarx One scans are automatically sent to your Wiz to enrich the data shown in the Vulnerability Findings. The data is assigned to the relevant repo based on the correlation made by Cloud Insights between your repos and Checkmarx Projects.