This extension is deprecated and will be removed from the marketplace on December 31, 2024. Until then, only security patches will be released, with no new features added.
Newer Extension Available for Wiz Code Users
It is recommended to use the newer Wiz Code extension that is also available in the marketplace.
The newer extension requires the Wiz Code add-on license and contains many improvements, including:
Easier onboarding
In-code quick fix for code findings
Performance improvements
Better findings display
Features
Automates Wiz CLI scan execution through VS Code commands
IaC scanning for selected file/folder in explorer
IaC scanning for current, or selected, workspace folder
Docker image vulnerability/secret scanning
Directory scanning for secrets and binary/library vulnerabilities
Findings from scans are shown in the "Findings" view
Information for each finding is shown in "Findings Help" when selected
Downloads the latest version of Wiz CLI
Shows the version of the currently installed Wiz CLI
Requirements
The Wiz CLI must be installed on the development machine.
This can be done beforehand, or through the Wiz: Download latest Wiz CLI command.
A Wiz service account with create:security_scans permissions at a minimum.
Adding read:projects allows for interactive project selection.
Adding read:scan_policies allows for interactive policy selection.
Object
Requirements
Wiz CLI
latest version
Wiz Service Account
create:security_scans
Minimum VS Code Version
^1.65.0
Platforms Supported
MacOS and Windows
Terminal Shell Support
cmd.exe, pwsh, powershell, zsh (macos)
Configuration
Once the extension is installed, you will need to configure the extension with your Wiz service account credentials.
In VS Code, open the Settings editor (on macOS - command + ,; on Windows/Linux - ctrl + ,).
At the top search bar, type “Wiz” to easily locate the extension settings.
Provide the Client ID of your Wiz service account for the Wiz: Client ID setting.
Run the Wiz: Set the Service Account Secret command in the VS Code command palette and supply the Client Secret of your Wiz service account when prompted. At this point, you should be ready to perform scans with the default scan configuration.
(Optional) Adjust scan settings by using the table below.
At this point you should be ready to perform scans with the default scan configuration. If you wish to adjust any scan settings, you can find a full table of configuration options below.
Extension Commands
Command
Description
Wiz: Download latest Wiz CLI
Downloads the latest version of Wiz CLI
Wiz: Set the Service Account Secret
Sets the Client Secret for the Wiz service account used by the extension
Wiz: Refresh Scan Results
Refreshes the results in the "Findings" section based on the latest scan
Wiz: Directory Scan Selection
Scans a specified directory for secrets and vulnerabilities
Wiz: Dockerfile Image Scan
Scans images referenced in FROM statements within Dockerfiles
Wiz: IaC Scan Selection
Scans the selected item in the Explorer section
Wiz: IaC Scan Workspace Folder
Scans the Workspace folder selected by the user
Wiz: Image Scan
Scans a specified container image for vulnerabilities
Wiz: Open Settings
Opens the VS Code settings for the extension
Wiz: Select Directory Scan Policies
Interactive selection of Directory scan policies
Wiz: Select IaC Scan Policies
Interactive selection of IaC scan policies
Wiz: Select Image Scan Policies
Interactive selection of Image scan policies
Wiz: Show the current version of Wiz CLI
Shows the currently-installed version of Wiz CLI
Wiz: Update Project Setting
Updates the Project UUID for which scans should be scoped
Extension Settings
Setting
Description
wiz.wizcliPath
The full path to the Wiz CLI binary, including the file name (e.g. /some/path/wizcli or c:\wiz\wizcli.exe)
wiz.clientId
The Client ID of a Wiz service account with the minimal required permissions for scans (i.e. create:security_scans)
wiz.clientSecretFile
The secure file path of the encoded Client Secret of the Wiz service account
wiz.directoryPolicy
The Wiz CI/CD Directory policies for scans. This value can be comma separated multi-value
wiz.iacPolicy
The Wiz CI/CD IaC policies for scans. This value can be comma separated multi-value
wiz.imagePolicy
The Wiz CI/CD Image policies for scans. This value can be comma separated multi-value
wiz.policyHitsOnly
Only display results that failed the applied policies
wiz.pullDockerfileImages
Automatically pull Docker images when scanning a Dockerfile
wiz.scanOnSave
Automatically execute Wiz CLI IaC scans when applicable files are saved
wiz.projectId
The UUID of the Wiz project for which scans should be scoped. Defaults to the Wiz service account scope.
wiz.dir
The secure directory location to save the Wiz authorization token
wiz.tags
Tags in this format: key=value, whose keys are all lowercase. Tags can have no values. Separate tags by using commas. (e.g. owner=FirstName,environment)
wiz.env
The Wiz Environment. Leave blank if uncertain
* All settings changes require a restart of VS Code.
Limitations
Does not support multi-select
Does not support keybindings
Usage
For the most up-to-date usage instructions, please navigate to the Wiz documentation here.
