Wiz - `main` Branch Scan Overview

by ADMIN 34 views

Configured Wiz Branch Policies

Wiz provides a comprehensive security and compliance platform that helps organizations identify and remediate vulnerabilities, secrets, and misconfigurations in their infrastructure. One of the key features of Wiz is its ability to scan branches and identify potential security risks. In this article, we will provide an overview of the Wiz main branch scan, including the configured branch policies and the scan summary.

Default Vulnerabilities Policy

The default vulnerabilities policy in Wiz is designed to identify and prioritize vulnerabilities in an organization's infrastructure. This policy is configured to scan for vulnerabilities in the main branch and provide a summary of the findings. The policy includes the following settings:

  • Vulnerability severity: The policy is configured to scan for vulnerabilities with a severity of critical, high, medium, and low.
  • Vulnerability type: The policy is configured to scan for vulnerabilities in the following types:
    • Remote code execution (RCE)
    • Denial of service (DoS)
    • Authentication bypass
    • Data exposure
    • Other
  • Vulnerability status: The policy is configured to scan for vulnerabilities that are:
    • Open
    • Closed
    • Fixed
    • Ignored

Default Secrets Policy

The default secrets policy in Wiz is designed to identify and prioritize secrets in an organization's infrastructure. This policy is configured to scan for secrets in the main branch and provide a summary of the findings. The policy includes the following settings:

  • Secret type: The policy is configured to scan for the following types of secrets:
    • API keys
    • Database credentials
    • Encryption keys
    • Other
  • Secret status: The policy is configured to scan for secrets that are:
    • Exposed
    • Encrypted
    • Not exposed

Default IaC Policy

The default IaC policy in Wiz is designed to identify and prioritize misconfigurations in an organization's infrastructure as code (IaC). This policy is configured to scan for misconfigurations in the main branch and provide a summary of the findings. The policy includes the following settings:

  • IaC type: The policy is configured to scan for misconfigurations in the following types of IaC:
    • AWS CloudFormation
    • Azure Resource Manager (ARM)
    • Google Cloud Platform (GCP) CloudFormation
    • Other
  • IaC status: The policy is configured to scan for misconfigurations that are:
    • Open
    • Closed
    • Fixed
    • Ignored

Default Sensitive Data Policy

The default sensitive data policy in Wiz is designed to identify and prioritize sensitive data in an organization's infrastructure. This policy is configured to scan for sensitive data in the main branch and provide a summary of the findings. The policy includes the following settings:

  • Sensitive data type: The policy is configured to scan for the following types of sensitive data:
    • Personal identifiable information (PII)
    • Financial information
    • Health information
    • Other
  • Sensitive data status: The policy is configured to scan for sensitive data that is:
    • Exposed
    • Encrypted
    • Not exposed

Wiz Scan

The Wiz scan summary provides a comprehensive overview of the findings from the main branch scan. The summary includes the following information:

Scanner Findings
Vulnerability Finding Vulnerabilities 2 Critical 2 High 5 Medium
Data Finding Sensitive Data 1 <img align="top" valign="top" alt="High" title="High"="https://assets.wiz.io/wiz-code/short_severity_tags/high_light.svg"> 2 Info
Secret Finding Secrets 2 High
IaC Misconfiguration IaC Misconfigurations 15 High 23 <source media="(prefers-color-scheme: dark)" srcset="https://assets.wiz.io/wiz-code/short_se

Frequently Asked Questions

In this article, we will provide answers to some of the most frequently asked questions about the Wiz main branch scan.

Q: What is the Wiz main branch scan?

A: The Wiz main branch scan is a comprehensive security and compliance scan that is designed to identify and prioritize vulnerabilities, secrets, and misconfigurations in an organization's infrastructure as code (IaC).

Q: What types of vulnerabilities are scanned by the Wiz main branch scan?

A: The Wiz main branch scan scans for the following types of vulnerabilities:

  • Remote code execution (RCE)
  • Denial of service (DoS)
  • Authentication bypass
  • Data exposure
  • Other

Q: What types of secrets are scanned by the Wiz main branch scan?

A: The Wiz main branch scan scans for the following types of secrets:

  • API keys
  • Database credentials
  • Encryption keys
  • Other

Q: What types of IaC misconfigurations are scanned by the Wiz main branch scan?

A: The Wiz main branch scan scans for the following types of IaC misconfigurations:

  • AWS CloudFormation
  • Azure Resource Manager (ARM)
  • Google Cloud Platform (GCP) CloudFormation
  • Other

Q: What types of sensitive data are scanned by the Wiz main branch scan?

A: The Wiz main branch scan scans for the following types of sensitive data:

  • Personal identifiable information (PII)
  • Financial information
  • Health information
  • Other

Q: How often is the Wiz main branch scan run?

A: The Wiz main branch scan is run on a regular basis, depending on the organization's configuration and policies.

Q: What is the purpose of the Wiz main branch scan?

A: The purpose of the Wiz main branch scan is to identify and prioritize vulnerabilities, secrets, and misconfigurations in an organization's infrastructure as code (IaC), and to provide a comprehensive security and compliance report.

Q: How can I view the results of the Wiz main branch scan?

A: The results of the Wiz main branch scan can be viewed in the Wiz dashboard, and can also be exported to a CSV file for further analysis.

Q: Can I customize the Wiz main branch scan to meet my organization's specific needs?

A: Yes, the Wiz main branch scan can be customized to meet an organization's specific needs, including the types of vulnerabilities, secrets, and misconfigurations that are scanned, and the frequency of the scan.

Q: Is the Wiz main branch scan compatible with my organization's IaC tools and platforms?

A: Yes, the Wiz main branch scan is compatible with a wide range of IaC tools and platforms, including AWS CloudFormation, Azure Resource Manager (ARM), and Google Cloud Platform (GCP) CloudFormation.

Q: How can I get started with the Wiz main branch scan?

A: To get started with the Wiz main branch scan, you will need to sign up for a Wiz account and configure your organization's Ia tools and platforms to work with Wiz.

Additional Resources

For more information about the Wiz main branch scan, please refer to the following resources:

We hope this article has provided you with a better understanding of the Wiz main branch scan and how it can help your organization identify and prioritize vulnerabilities, secrets, and misconfigurations in your infrastructure as code (IaC).