Skip to main content

View Semgrep findings in Wiz's Security Graph

Semgrep integrates with Wiz by establishing a secure connection with Wiz's API endpoints. If your Wiz instance has a security graph enrichment integration, you can view SAST vulnerabilities that Semgrep identifies in the repositories it scans and are also present in your cloud-native application protection platform (CNAPP). Semgrep's goal is to give you a holistic view of your code and infrastructure security so that you can focus on what matters most.

A list of Semgrep findings in Wiz Figure. A list of Semgrep findings in Wiz.

Detailed information for a finding sent by Semgrep to Wiz Figure. Detailed information for a finding sent by Semgrep to Wiz.

Prerequisites

This integration is available for users with both a Semgrep Code license and a Wiz Code Security license.

To send Semgrep Code findings to Wiz:

note

For Wiz users with a Code Security license: this integration takes effect automatically when you create a Wiz Cloud Insights account.

Limitations

Semgrep sends data to Wiz after every successful full scan; Semgrep does not send data from diff-aware scans. Wiz batches and syncs your data once every 24 hours.

By default, the Code findings that Semgrep sends are:

  • Critical or high severity
  • From full scans
  • From the default branch of each repository

Semgrep sends findings from all repositories on supported SCMs in your organization. Findings previously sent but not included in submissions are marked as fixed in Wiz.

Currently, findings from repositories on SCMs other than GitHub and GitLab are not supported, as indicated in Prerequisites.

caution

Due to a limitation of how Wiz handles external enrichment data, you must run a new SAST scan on your Semgrep project once a week to maintain the data displayed in Wiz.

Add the Semgrep integration from the Wiz Integration Network

To learn how to add the Semgrep integration from the Wiz Integration Network, review Wiz Docs' Semgrep Integration.

Configure the integration in Semgrep

Once you've added the Semgrep integration from the Wiz Integration Network, you must continue the setup process in Semgrep:

  1. Sign in to Semgrep.
  2. In the navigation bar, click Settings.
  3. Navigate to Integrations, and click + Add > Wiz.
  4. In the dialog that appears, provide the following information:
    1. API Endpoint URL
    2. Authentication URL
    3. Client ID
    4. Client Secret You can obtain the API Endpoint URL and the Authentication URL from Wiz in Tenant Info, while Wiz provides the Client ID and Client Secret when you set up a service account.
  5. Click Connect.
  6. If Semgrep successfully creates the connection, a dialog pops up that says, "Wiz credential created successfully." Semgrep also lists Wiz as an integration; you can verify the connection again by clicking Test connection. Semgrep displays a success message if you configure the integration correctly. Figure. Semgrep displays a success message if you configure the integration correctly.

Edit the integration

To edit the integration:

  1. Sign in to Semgrep.
  2. In the navigation bar, click Settings.
  3. Navigate to Integrations, and find the Wiz integration.
  4. Click Edit, and update the information required by Wiz as needed.
  5. Click Save changes.

Delete the integration

To delete the integration:

  1. Sign in to Semgrep.
  2. In the navigation bar, click Settings.
  3. Navigate to Integrations, and find the Wiz integration.
  4. Click the trash can icon.
  5. Click Delete to confirm.

Not finding what you need in this doc? Ask questions in our Community Slack group, or see Support for other ways to get help.