Skip to main content

Setting up Cloud Insights Integration with Wiz

Overview

Checkmarx One integrates with Wiz by establishing a secure connection with Wiz’s API endpoints. Cloud Insights sends API requests to Wiz’s GraphQL endpoints for inventory and runtime-related data, such as clusters, pods, containers, and network exposures. Wiz’s API processes these queries, executing them against its data sources, and returns the results to Checkmarx One.

In addition, if your account has an enrichment integration, it is possible to view SAST vulnerabilities that were identified by Checkmarx in the correlated repos in your CNAPP platform. For Wiz users with a Code Security license, this integration takes effect automatically when you create a Wiz Cloud Insights account.

Prerequisites

  • A Checkmarx One account with Essential, Professional or Enterprise license.

  • Wiz account with advanced license

  • “Wiz Kubernetes connector” must be installed

  • A Wiz Client ID and Client Secret for this integration

  • You will need to provide the API endpoint URL for your Wiz environment

  • In order to view data from Checkmarx One scans in Wiz, you need the following:

    • A Wiz license that includes scanning your source code repos

    • Your SCM needs to be connected to Checkmarx One. This is done by creating a cloud repository integration Project, as described here.

Integration Procedure

The Cloud Insights integration flow differs between the initial integration and subsequent ones.

  • In the initial integration, users use the Integrate Cloud Account button on the Welcome screen. In subsequent integrations, users use the Manage Accounts > Create Account option.

  • In the initial integration users are prompted with the cluster findings summary at the end of the discovery stage. In subsequent integrations the summary is not presented.

To integrate with Wiz, proceed as follows:

  1. Log in to Checkmarx One.

  2. Click on Workspace > Cloud Insights.

    Cloud_Insights_icon.png

  3. To create the first account, click on the Integrate Cloud Account button on the Cloud Insights welcome screen. To add additional accounts click on Manage Accounts at the top right and then click Create Account in the side panel.

  4. In the Account Integration dropdown, select Wiz integration.

  5. Configure the following:

    • Wiz API Endpoint

    • Wiz Client ID

    • Wiz Client Secret

    • Name the account

      Cloud_Insights_Wiz_Integration1.png

  6. Click on Create Account.

    Cloud Insights will start discovering the cluster findings.

  7. Once the discovery finishes, the findings are displayed.

    Click on Let's Start Exploring

    Cloud_Insights_Wiz_Cluster_Findings.png

  8. The internet-facing clusters are displayed in the Attack Paths screen and Inventory table.

    Cloud_Insights_Wiz_Attack_Path1.png
    Cloud_Insights_Wiz_Inventory1.png

Viewing Checkmarx SAST Results in Wiz

If you have a Cloud Insights Wiz integration and a Code Security license for Wiz, then SAST vulnerabilities identified in Checkmarx One scans are automatically sent to your Wiz to enrich the data shown in the Vulnerability Findings. The data is assigned to the relevant repo based on the correlation made by Cloud Insights between your repos and Checkmarx Projects.

image__5_.png
In this section: