Announcing Jit + Wiz: Bridge the Gap Between ASPM and CNAPP

Today, we’re thrilled to announce Jit’s certified integration with Wiz! This partnership will make it easier than ever for developers to consistently resolve security issues before production, and for security teams to unify and prioritize the top risks in production – effectively bridging the gap between the core objectives of ASPM and CNAPP.

We believe that securing apps in the cloud has been overcomplicated by tool sprawl, alerting noise, and a disjointed UX for developers. Using the Jit + Wiz integration, security teams can unify product security findings and highlight the real risks with contextual prioritization, while empowering developers to independently resolve security issues without slowing them down.

Oron Noah, VP of Product Extensibility and Partnerships, sums up the integration well: "We're thrilled to welcome Jit to the Wiz Integration Network (WIN). This bi-directional integration enables CloudSec and AppSec teams to collaborate seamlessly, creating a shared understanding of security risks across code and cloud environments. By combining Wiz's cloud context with Jit's SAST insights, developers can now prioritize and resolve security alerts more effectively within their development workflows."

Why did we build the integration? 

Mitigating application security risk in the cloud has traditionally required a long list of code and infrastructure security scanners to surface potential vulnerabilities – including SAST, SCA, secrets detection, CSPM, DAST, and many more.

There are many capable scanners that can detect such vulnerabilities, but there are very few who make it easy for development and security teams to resolve them. There are a few core challenges that prevent efficient risk mitigation for applications in the cloud: 

1. Lack of context: Code and cloud scanners are notorious for generating mountains of security “issues” without much context that describe why they matter. To prioritize the real risks, you’ll need to understand the runtime context of security issues, including: which issues are running in production, which are exposed to the internet, and which are connected to a database handling sensitive data. 

2. Disjointed SDLC integrations that slow down development cycles: developers have resisted code security scanners for as long as they’ve been around. Who can blame them? Security tools have contradicted the core mandate of software development: to deliver new features quickly. It's time to rethink developer security with a UX that integrates natively into their environment and code commit flows. 

3. Siloed vulnerability management and prioritization: vulnerability prioritization is overcomplicated when there are many different tools prioritizing security findings in different ways. To unify risk prioritization, a single toolset for code-to-cloud security scanning and vulnerability management is needed. 

Jit’s integration with Wiz resolves these exact problems.

Using Jit’s Context Engine + Wiz Cloud, security teams get a single toolset to prioritize the real risks in their environment. And with Jit + Wiz Code, developers get immediate feedback on the security of each code change within the development environment – making it easy to resolve vulnerabilities before production.

A closer look at the bidirectional Jit + Wiz integration

Our bidirectional integration will push Jit’s SAST   (and future DAST ) findings to Wiz to unify vulnerability reporting and prioritization in one place, while pulling Wiz findings and runtime context into Jit’s risk prioritization framework. This provides a single toolset for full code-to-cloud security scanning coverage and vulnerability prioritization.

Help developers understand the WHY: Pulling Wiz runtime context and issues into Jit

Jit’s approach to ASPM is developer-focused. By empowering developers with immediate security feedback and auto remediation to resolve issues within their environment, they don’t need to be security experts to consistently resolve security issues before production.

With this new integration, Jit’s continuous security feedback for developers will include Wiz runtime context within their environment. When Jit detects an issue, developers will be able to understand the runtime context of the security issue based on Jit and Wiz’s contextual prioritization:

Specifically, Wiz Issues – which provide visibility into toxic combinations of risks in your cloud – will provide runtime context like if the issues found by Jit in your code will call a database with unprotected data, is deployed to an insecure Kubernetes cluster, or is publicly exposed to the internet – among other runtime factors.

Jit then provides immediate remediation guidance with one-click code suggestions to resolve the issue within their environment.



Additionally, Jit and Wiz customers will be able to view Wiz Issues within Jit’s Risk Graph, which is powered by the Context Engine. At the top of the graph below, you can find a Wiz-detected issue within the same repository as the Jit-detected issue (left of the graph) – providing additional context and unifying risks in one place.



In summary, developers can quickly understand the security issues in each code change, why the given issues introduce real risk, and how to resolve the issue – while security teams gain additional runtime context to focus on the top risks. 

Unify product security risk management: Push Jit SAST findings into Wiz

Static Application Security Testing (SAST)  are core scanners within many AppSec implementations. Customers can now push Jit-detected SAST findings to Wiz – unifying Jit’s application security scanning results alongside other security issues detected by Wiz. 

In the example below, you can see a list of Jit’s SAST findings within Wiz.



By pushing Jit findings into Wiz, security teams can unify risk prioritization across the full landscape of code-to-cloud security scanners. 

Optimize application risk mitigation for security teams AND developers 

Building and running secure applications in the cloud requires shared ownership between development and security teams. Without full buy-in from both of these groups, product security will be a continuous uphill battle. 

Using Jit + Wiz, both security and development teams get purpose-built user experiences to prioritize and mitigate risks without slowing them down. 

Developers receive automated feedback on the security of every code change within their environment, paired with runtime context to understand security impact and remediation guidance to resolve the issue. Security teams get a single place to unify SAST findings alongside all other findings in the cloud – from hard coded secrets, to cloud misconfigurations, to unprotected data. 

As a result, technical organizations get the best of both worlds to resolve product security issues before they’re deployed to production environments, and within production environments. To learn more, book a demo with Jit.