Wiz - `main` Branch Scan Overview

by ADMIN 34 views

Configured Wiz Branch Policies

Wiz provides a comprehensive security and compliance platform that helps organizations identify and remediate vulnerabilities, secrets, and misconfigurations in their infrastructure. One of the key features of Wiz is its ability to scan branches in a Git repository, providing a detailed overview of the security posture of the code. In this article, we will provide an overview of the Wiz - main branch scan, including the configured branch policies and the scan summary.

Default Vulnerabilities Policy

The default vulnerabilities policy in Wiz is designed to identify and report on vulnerabilities in the code. This policy is configured to scan for vulnerabilities in the main branch and provides a detailed report on the findings. The policy includes the following settings:

  • Vulnerability severity: The policy is configured to report on vulnerabilities with a severity of Critical, High, Medium, and Low.
  • Vulnerability type: The policy is configured to scan for vulnerabilities in the following types:
    • Remote code execution (RCE)
    • Denial of service (DoS)
    • Authentication bypass
    • Authorization bypass
    • Information disclosure
    • Cross-site scripting (XSS)
    • SQL injection
    • Command injection
    • File inclusion
    • Path traversal
    • XML injection
    • JSON injection
  • Vulnerability source: The policy is configured to scan for vulnerabilities in the following sources:
    • Open-source libraries
    • Custom code
    • Third-party dependencies

Default Secrets Policy

The default secrets policy in Wiz is designed to identify and report on secrets in the code. This policy is configured to scan for secrets in the main branch and provides a detailed report on the findings. The policy includes the following settings:

  • Secret type: The policy is configured to scan for the following types of secrets:
    • API keys
    • Access tokens
    • Passwords
    • Certificates
    • Private keys
    • SSH keys
  • Secret source: The policy is configured to scan for secrets in the following sources:
    • Environment variables
    • Configuration files
    • Code repositories
    • Databases

Default IaC Policy

The default IaC policy in Wiz is designed to identify and report on misconfigurations in infrastructure as code (IaC) files. This policy is configured to scan for misconfigurations in the main branch and provides a detailed report on the findings. The policy includes the following settings:

  • IaC type: The policy is configured to scan for misconfigurations in the following types of IaC files:
    • Terraform
    • CloudFormation
    • Azure Resource Manager (ARM)
    • AWS Cloud Development Kit (CDK)
  • IaC source: The policy is configured to scan for misconfigurations in the following sources:
    • IaC files
    • Configuration files
    • Code repositories

Default Sensitive Data Policy

The default sensitive data policy in Wiz is designed to identify and report on sensitive data in the code. This policy is configured to scan for sensitive data in the main branch and provides a detailed report on the findings. The policy includes the following settings:

  • Sensitive data type: policy is configured to scan for the following types of sensitive data:
    • Personal identifiable information (PII)
    • Financial information
    • Health information
    • Sensitive business information
  • Sensitive data source: The policy is configured to scan for sensitive data in the following sources:
    • Code repositories
    • Databases
    • Configuration files

Wiz Scan Summary

The Wiz scan summary provides a detailed overview of the security posture of the code in the main branch. The summary includes the following information:

  • Scanner: The scanner used to perform the scan.
  • Findings: The number of findings reported by the scanner.
  • Severity: The severity of the findings, including Critical, High, Medium, and Low.

The following table provides a summary of the Wiz scan:

Scanner Findings
Vulnerabilities 2 Critical 20 High 28 Medium 15 Low 2 Info

View Scan Details in Wiz

To view the scan details in Wiz, click on the following link: View scan details in Wiz

In conclusion, the Wiz - main branch scan provides a comprehensive overview of the security posture of the code in the main branch. The scan includes the configured branch policies, scan summary, and detailed report on the findings. By using Wiz, organizations can identify and remediate vulnerabilities, secrets, and misconfigurations in their infrastructure, ensuring a secure and compliant codebase.

Frequently Asked Questions

In this article, we will provide answers to frequently asked questions about the Wiz - main branch scan.

Q: What is the Wiz - main branch scan?

A: The Wiz - main branch scan is a comprehensive security and compliance scan that is performed on the main branch of a Git repository. The scan is designed to identify and report on vulnerabilities, secrets, and misconfigurations in the code.

Q: What types of vulnerabilities are scanned for?

A: The Wiz - main branch scan is configured to scan for the following types of vulnerabilities:

  • Remote code execution (RCE)
  • Denial of service (DoS)
  • Authentication bypass
  • Authorization bypass
  • Information disclosure
  • Cross-site scripting (XSS)
  • SQL injection
  • Command injection
  • File inclusion
  • Path traversal
  • XML injection
  • JSON injection

Q: What types of secrets are scanned for?

A: The Wiz - main branch scan is configured to scan for the following types of secrets:

  • API keys
  • Access tokens
  • Passwords
  • Certificates
  • Private keys
  • SSH keys

Q: What types of misconfigurations are scanned for?

A: The Wiz - main branch scan is configured to scan for the following types of misconfigurations:

  • Infrastructure as code (IaC) misconfigurations
  • Configuration file misconfigurations
  • Code repository misconfigurations

Q: What types of sensitive data are scanned for?

A: The Wiz - main branch scan is configured to scan for the following types of sensitive data:

  • Personal identifiable information (PII)
  • Financial information
  • Health information
  • Sensitive business information

Q: How often is the Wiz - main branch scan performed?

A: The Wiz - main branch scan is performed on a regular basis, depending on the configuration of the scan. The scan can be configured to run on a schedule, such as daily, weekly, or monthly.

Q: How do I view the scan results?

A: The scan results can be viewed in the Wiz dashboard. To view the scan results, follow these steps:

  1. Log in to the Wiz dashboard.
  2. Navigate to the main branch scan results.
  3. Click on the scan results to view the detailed report.

Q: How do I remediate vulnerabilities and misconfigurations?

A: To remediate vulnerabilities and misconfigurations, follow these steps:

  1. Identify the vulnerabilities and misconfigurations in the scan results.
  2. Prioritize the vulnerabilities and misconfigurations based on their severity and impact.
  3. Remediate the vulnerabilities and misconfigurations by updating the code and configuration files.
  4. Verify that the vulnerabilities and misconfigurations have been remediated.

Q: How do I configure the Wiz - main branch scan?

A: To configure the Wiz - main branch scan, follow these steps:

  1. Log in to the Wiz dashboard.
  2. Navigate to the main branch scan settings.
  3. Configure the scan settings, such as the types of vulnerabilities and misconfigurations to scan for.
  4. Save the changes to the scan settings.

Additional Resources

For more information about the Wiz - main branch scan, please refer to the following resources:

We hope this Q&A article has provided you with the information you need to understand the Wiz - main branch scan. If you have any further questions, please don't hesitate to contact us.