Skip to content
| Marketplace
Sign in
Azure DevOps>Azure Pipelines>Wiz CLI Azure DevOps Extension
Wiz CLI Azure DevOps Extension

Wiz CLI Azure DevOps Extension

Wiz

wiz.io
|
796 installs
| (3) | Free
Wiz CLI Extension for Azure DevOps Pipelines
Get it free

Wiz CLI Azure DevOps Pipeline Extension

Wiz CLI Azure DevOps Extension helps you automate the detection of misconfigurations, vulnerabilities and secrets in your Azure DevOps Pipelines.

Demo


IAC Report

Features

  • Automates Wiz CLI scan execution through Azure DevOps Pipelines
    • IaC scanning for misconfigurations and secrets
    • Docker image vulnerability, secret and sensitive data scanning
    • Docker image tagging for Image Trust
    • Directory scanning for secrets, binary/library vulnerabilities and sensitive data
    • Virtual machine and virtual machine image scanning
  • Findings from scans are shown in both the console output and a provided Wiz report
  • Downloads latest version of the Wiz CLI if it doesn't already exist on the runner

Requirements

  • A Wiz service account with create:security_scans permissions at a minimum.
    • Adding read:scan_policies to allow for viewing the relevant CI/CD policies in the portal.
Object Requirements
Wiz CLI latest version
Wiz Service Account create:security_scans
Runner Platforms Supported Linux, Windows

Usage

For the most up-to-date usage instructions, please navigate to the Wiz documentation here.

Release Notes

0.4.1

  • Updated task version to match extension version

0.4.0

  • Reorganized scan findings display into separate tabs for better readability
  • Added support for proxy

0.3.4

  • Added support for Malware detection in directory and image scans --file-hashes-scan
  • Added support for authentication retries

0.3.3

  • Removed Status column in console output

0.3.2

  • Fixed bug with new Status column in console output failing on undefined fields

0.3.1

  • Fixed bug with Windows runners and the temporary directory
  • Added Status column in console output for CVEs (FAILED_BY_POLICY, IGNORED, BELOW_THRESHOLD)

0.3.0

  • Fixed versioning bug

0.2.16

  • Add support for --name scan identifier in the dir scan command
  • Add support for node versions: 10, 16, 20

0.2.15

  • Add support for configuring the wizcli path with wizCliPath

0.2.14

  • Fix bug in empty IAC scan results when --policy-hits-only=true
  • Add SBOM support (sbomOutput and sbomFormat)

0.2.13

  • Add --dockerfile support for container image scans
  • Add --output support for scan results

0.2.12

  • Add proper support for non-prod tenants
  • NOTE: WizCLI path is currently hardcoded to /tmp/wizcli

0.2.11

  • Add docker tag support when running as SUDO

0.2.10

  • UI - removed the severity column background color and changed text color instead

0.2.9

  • Added mountWithLayers output to console and UI

0.2.8

  • UI - Add Grace Period End column to image/directory vulnerabilities

0.2.7

  • UI - restrict tab names to 40 characters for Directory and IAC scans.
  • UI - tab names for images just returns the image:tag
  • UI - hide vulnerability tables that are empty

0.2.6

  • Fixed bug with non mountWithLayers image scans

0.2.5

  • Added support for the iac scan option --parameter-files command.
  • Added support for --driver on Linux runners.
    • There are two fields required driver:mountWithLayers and sudo:true
    • Currently, only the layerID will show up in the scan results, next release will have the UI updates
  • Added support for the wizcli docker tag command.
  • Added support for using a custom DOCKER_HOST.

0.2.4

  • Added support for the --no-publish command.

0.2.3

  • Fixed issue with --sensitive-data not working with the image command.

0.2.2

  • Added --sensitive-data capabilities for Image and Directory scans

0.2.1

  • Support for manual configuration of CI Metadata
  • Added --legacy-secret-scanner configuration for IAC scans
  • Added --no-dotnet-binary-scanning for Image and Directory scans

0.2.0

  • Support for Windows runners

0.1.11

  • Added the vmImage and vm scan commands

0.1.10

  • New summary configuration field that will prevent detailed results in the console output and UI report

0.1.9

  • Verify WizCLI is executable

0.1.8

  • Resolved fedramp authentication issues
  • Add SucceededWithIssues as a possible Task Result

0.1.7

  • Resolved wizenv issue: failed to get auth url: env type [app] isn't mapped!

0.1.6

  • Added proper support for gov, fedramp tenants (using the wizenv field)
  • wizcli always downloads from the public URL

0.1.5

  • Update Marketplace Listing

0.1.3

  • Mark extension as public, GA release

0.1.2

  • Converted UI to tables
  • Fixed minor UI inconsistencies

0.1.1

  • Fixed UI bug where policies were on a single line
  • Added CI/CD Metadata

0.1.0

  • Initial release
  • Contact us
  • Jobs
  • Privacy
  • Manage cookies
  • Terms of use
  • Trademarks
© 2025 Microsoft