Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.semgrep.dev/llms.txt

Use this file to discover all available pages before exploring further.

Semgrep integrates with Wiz by establishing a secure connection with Wiz’s API endpoints. If your Wiz instance has a security graph enrichment integration, you can view SAST vulnerabilities that Semgrep identifies in the repositories it scans and are also present in your cloud-native application protection platform (CNAPP). Semgrep’s goal is to give you a holistic view of your code and infrastructure security so that you can focus on what matters most.
A list of Semgrep findings in Wiz
Detailed information for a finding sent by Semgrep to Wiz

Prerequisites

This integration is available for users with both a Semgrep Code license and a Wiz Code Security license. To send Semgrep Code findings to Wiz:
NOTEFor Wiz users with a Code Security license: this integration takes effect automatically when you create a Wiz Cloud Insights account.

Limitations

Semgrep sends data to Wiz after every successful full scan; Semgrep does not send data from diff-aware scans. Wiz batches and syncs your data once every 24 hours. By default, the Code findings that Semgrep sends are:
  • Critical or high severity
  • From full scans
  • From the default branch of each repository
Semgrep sends findings from all repositories on supported SCMs in your organization. Findings previously sent but not included in submissions are marked as fixed in Wiz. Currently, findings from repositories on SCMs other than GitHub and GitLab are not supported, as indicated in Prerequisites.
CAUTIONDue to a limitation of how Wiz handles external enrichment data, you must run a new SAST scan on your Semgrep project once a week to maintain the data displayed in Wiz.

Add the Semgrep integration from the Wiz Integration Network

To learn how to add the Semgrep integration from the Wiz Integration Network, review Wiz Docs’ Semgrep Integration.

Configure the integration in Semgrep

Once you’ve added the Semgrep integration from the Wiz Integration Network, you must continue the setup process in Semgrep:
1
Sign in to Semgrep.
2
In the navigation bar, click Settings.
3
Navigate to Integrations, and click + Add > Wiz.
4
In the dialog that appears, provide the following information:i. API Endpoint URLii. Authentication URLiii. Client IDiv. Client SecretYou can obtain the API Endpoint URL and the Authentication URL from Wiz in Tenant Info, while Wiz provides the Client ID and Client Secret when you set up a service account.
5
Click Connect.
6
If Semgrep successfully creates the connection, a dialog pops up that says, “Wiz credential created successfully.” Semgrep also lists Wiz as an integration; you can verify the connection again by clicking Test connection.

Edit the integration

To edit the integration:
1
Sign in to Semgrep.
2
In the navigation bar, click Settings.
3
Navigate to Integrations, and find the Wiz integration.
4
Click Edit, and update the information required by Wiz as needed.
5
Click Save changes.

Delete the integration

To delete the integration:
1
Sign in to Semgrep.
2
In the navigation bar, click Settings.
3
Navigate to Integrations, and find the Wiz integration.
4
Click the trash can icon.
5
Click Delete to confirm.