> ## Documentation Index
> Fetch the complete documentation index at: https://docs.backline.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Wiz Integration

> Import SCA and container image vulnerability findings from Wiz into Backline

## Overview

Wiz is a cloud security platform that provides comprehensive vulnerability scanning across your software supply chain, including source code dependencies and container images. This integration connects Backline with Wiz to automatically import vulnerability findings, enabling centralized remediation workflows.

## What You Can Do

With the Wiz integration, Backline can:

* Automatically import SCA vulnerabilities detected in source code repository dependencies
* Automatically import container image vulnerabilities detected in your container images
* Track vulnerabilities detected across your repositories and container images
* Create remediation workflows for imported vulnerabilities
* Maintain vulnerability detection timestamps from Wiz
* Centralize security vulnerabilities from multiple scanners in one place

## Prerequisites

Before connecting Wiz, ensure you have:

* A Wiz account with Project Admin role
* Access to the Integration Hub in Backline
* A connected source control management (SCM) integration in Backline (e.g., GitHub, GitLab) for SCA findings

## Getting Your API Endpoint URL

<Steps>
  <Step title="Log in to Wiz">
    Access your Wiz portal and log in with your credentials.
  </Step>

  <Step title="Open User Settings">
    Click the **User Profile icon** in the top-right corner, then select **User Settings**.
  </Step>

  <Step title="Navigate to Tenant Info">
    Click **Tenant** from the left menu options.
  </Step>

  <Step title="Copy the API Endpoint URL">
    Copy the **API Endpoint URL** displayed on the screen. It will look like `https://api.<region>.app.wiz.io/`.
  </Step>
</Steps>

## Creating a Service Account

Wiz requires a dedicated service account to authenticate API requests. You must have the **Project Admin role** to create one.

<Steps>
  <Step title="Navigate to Service Accounts">
    Click the **Settings icon** in the top-right corner, then select **Service Accounts** from the left menu.
  </Step>

  <Step title="Add a Service Account">
    Click **Add Service Account**.
  </Step>

  <Step title="Configure the Service Account">
    Fill in the form:

    * **Name**: Enter a descriptive name (e.g., `Backline Integration`)
    * **Type**: Select **Custom Integration (GraphQL API)**
    * **API Scopes**: Enable **Read vulnerabilities**
  </Step>

  <Step title="Save and Copy Credentials">
    Click **Add Service Account**. On the confirmation screen, copy the **Client ID** and **Client Secret** and store them securely.
  </Step>
</Steps>

<Warning>
  Store your Client ID and Client Secret securely. The Client Secret will only be shown once during creation.
</Warning>

## Connecting Wiz

<Steps>
  <Step title="Navigate to Integrations">
    In Backline, go to the Integration Hub from the main menu.
  </Step>

  <Step title="Select Wiz">
    Find and click on the Wiz integration card.
  </Step>

  <Step title="Enter Connection Details">
    In the connection form, enter:

    * **API Endpoint URL**: The endpoint URL copied from your Wiz Tenant Info (e.g., `https://api.<region>.app.wiz.io/`)
    * **Client ID**: The Client ID from your Wiz service account
    * **Client Secret**: The Client Secret from your Wiz service account
  </Step>

  <Step title="Configure Scan Options">
    Choose which vulnerability types Backline should import:

    * **Scan SCA Vulnerabilities**: Import vulnerabilities detected in source code repository dependencies (enabled by default)
    * **Scan Container Image Vulnerabilities**: Import vulnerabilities detected in container images (enabled by default)
  </Step>

  <Step title="Test Connection">
    Click **Connect** to verify your credentials. Backline will authenticate with Wiz and confirm the API endpoint is reachable.
  </Step>
</Steps>

## Scan Options

Backline supports two types of findings from Wiz, which can be enabled or disabled independently:

| Option                                   | Default | Description                                                             |
| ---------------------------------------- | ------- | ----------------------------------------------------------------------- |
| **Scan SCA Vulnerabilities**             | Enabled | Imports vulnerabilities detected in source code repository dependencies |
| **Scan Container Image Vulnerabilities** | Enabled | Imports vulnerabilities detected in container images                    |

Disabling an option reduces the volume of imported findings to only the relevant asset type.

## How It Works

Once connected, Backline will:

1. **Fetch Vulnerabilities**: Periodically query the Wiz API for open vulnerability findings
2. **Map to Repositories**: Associate SCA & Container Image vulnerabilities with the correct repositories in your Backline workspace
3. **Track Detection Time**: Preserve the original detection timestamp from Wiz

## Scan Schedule

After connecting Wiz, Backline automatically schedules periodic scans to fetch new vulnerabilities. The scan runs every 6 hours to ensure your vulnerabilities stay up to date.

<Note>
  The initial scan begins shortly after the integration is connected. You can view imported findings in the Vulnerabilities section.
</Note>

## Managing the Integration

### Viewing Connection Status

To check your Wiz connection:

1. Open the Integration Hub
2. Find the Wiz card
3. A **Configure** button indicates the integration is connected

### Reconnecting

If your credentials expire or need to be updated:

1. Click **Configure** on the Wiz card
2. Enter the new Client ID and Client Secret
3. Click **Connect** to verify the new credentials

## Troubleshooting

### Connection Failed — Authentication Error

If Backline cannot authenticate with Wiz:

* Verify your Client ID and Client Secret are correct
* Confirm the service account has not been deleted or disabled in Wiz
* Ensure the credentials were copied correctly (the Client Secret is only shown once)

### Connection Failed — API Endpoint Error

If authentication succeeds but the API endpoint cannot be reached:

* Check that the API Endpoint URL matches the value shown in your Wiz Tenant Info
* Ensure the service account has the **Read vulnerabilities** API scope enabled
* Verify the region in the URL is correct for your Wiz tenant

### Missing Vulnerabilities

If expected vulnerabilities are not appearing:

* Only findings with a CVE identifier are imported
* For SCA findings, verify the relevant repositories are accessible to Backline via your connected SCM integration
* Confirm the **Scan SCA Vulnerabilities** or **Scan Container Image Vulnerabilities** option is enabled for the finding type you expect
* Check that the vulnerability status is `Open` in Wiz (closed or accepted findings are not imported)

### SCA Findings Not Matched to Repositories

If SCA vulnerabilities are not appearing for certain repositories:

* Backline filters SCA findings to repositories accessible via your connected SCM integration
* Ensure the repository is connected and visible in Backline through your GitHub or GitLab integration