Skip to main content
Wiz security scanning adds advanced vulnerability detection to your Base44 apps. It runs against your own Wiz tenant, so scans follow your organization’s Wiz policies. When you connect your workspace’s Wiz tenant, your security scan also runs Wiz software composition analysis (SCA) and static application security testing (SAST), so vulnerable dependencies and risky code show up next to Base44’s built-in checks. To get started, connect Wiz once at the workspace level, run a security scan, then review the findings on your app’s Security tab.
Before you begin:
  • Your workspace must be on the Builder plan or higher.
  • You need to be a workspace owner or admin to connect Wiz.
  • You need access to a Wiz tenant with the Base44 integration installed, which provides a Client ID and Client Secret.

How it works

Wiz scanning runs as part of your app’s security scan and adds to Base44’s existing checks rather than replacing them. Base44 runs the Wiz CLI against your app’s code in an isolated, single-use sandbox, then shows the results in your Security tab. Your Wiz credentials are used only to run the scan. Wiz checks 2 areas:
  • Dependencies (SCA): Third-party packages your app uses that have known vulnerabilities.
  • Code (SAST): Patterns in your source code that could introduce a security risk.
Each finding has a severity of Critical, High, Medium, or Low, and links back to the full report in your Wiz tenant.

Step 1: Connect Wiz

Connecting Wiz takes 2 steps: get your credentials from Wiz, then add the connector in Base44. After it is connected, every app in the workspace can include Wiz results in its security scan.

Get your credentials

Wiz provides a Client ID and Client Secret when the Base44 integration is installed in your tenant. You need both to set up the connector in Base44. To get your Wiz credentials:
  1. Install the Base44 integration in your Wiz tenant from the Wiz portal.
  2. Copy the Client ID and Client Secret that Wiz generates.
  3. Store the Client Secret somewhere secure, because Wiz shows it only once.
Warning: Your client secret works like a password. Keep it secure and never share it in screenshots, support tickets, or public places.

Add the connector

Once you have your Wiz credentials, add the connector in your workspace settings. To add the Wiz connector:
  1. Click your workspace name at the top left of your account.
  2. Click Settings.
  3. Under Integrations in the left sidebar, click Connectors.
  4. Find Wiz under Connectors For App Builders.
  5. Click Add.
  6. In the Connect Wiz dialog, paste your Client ID into the Client ID field.
  7. Paste your Client Secret into the Client Secret field.
  8. Click Connect.
The Wiz connector listed under Connectors For App Builders with an Add button
Base44 checks your credentials with Wiz before saving the connection. If Wiz rejects them, you see an error and the connection is not saved.

Step 2: Run a scan

After Wiz is connected, it runs automatically whenever you run a security scan. To run a security scan with Wiz:
  1. Click Dashboard in your app editor.
  2. Click Security.
  3. Click Run Security Scan.
Base44’s own results appear first, and the Wiz sections fill in when the Wiz scan finishes. The Security tab flags when your results are out of date, so run the security scan again after you make changes.

Step 3: Review findings

Wiz results appear in 2 sections on the Security tab. Use View report in Wiz to open the full results in your Wiz tenant, and findings that your Wiz policy blocks are labeled as blocked by policy.
The View report in Wiz link above the Wiz findings on the Security tab

Dependency findings (SCA)

The Wiz SCA Findings section lists vulnerable dependencies, grouped by package. Each entry shows the package and version, how many known vulnerabilities affect it, and the severity. Expand a finding to see each CVE, its advisory link, and the version that fixes it. Where a safe upgrade is available, you can apply the fix the same way you fix Base44’s own dependency findings.

Code findings (SAST)

The Wiz SAST Findings section lists code-level issues, each tied to a file in your app. Expand a finding to see its security category, the affected code, and recommended remediation. Click Fix to send the finding to the AI chat to resolve it.
Wiz SCA and SAST findings on the app's Security tab
Some Wiz categories, such as secrets and infrastructure as code, are not shown in Base44. Open the full report in Wiz to see every finding.

Manage the connection

Workspace owners and admins can update or remove the Wiz connection at any time.
The Wiz Connector page with the Edit button on the connection

Update your credentials

Update your stored credentials if they change in Wiz, or if Wiz stops accepting the ones you saved. To update your Wiz credentials:
  1. Click your workspace name at the top left of your account.
  2. Click Settings.
  3. Under Integrations in the left sidebar, click Connectors.
  4. Find Wiz, then click View.
  5. In the Connections table, click Edit.
  6. Enter a new Client Secret, and a new Client ID if it changed.
  7. Click Save Changes.
Warning: If Wiz rejects your stored credentials, security scans pause until you edit the connector and enter valid credentials.

Delete the connection

Deleting the connector stops Wiz scanning for every app in the workspace, so remove it only when you no longer want Wiz to scan your apps. To delete the Wiz connector:
  1. Click your workspace name at the top left of your account.
  2. Click Settings.
  3. Under Integrations in the left sidebar, click Connectors.
  4. Find Wiz, then click View.
  5. In the Connections table, click Edit.
  6. Click Delete Connector.
  7. Review the confirmation message, then click Delete Connector to confirm.

FAQs

Click a question below to learn more about Wiz security scanning.
Anyone in your workspace with access to the app, including app collaborators, can see the Wiz findings when they run a security scan. The people who use your published app do not see scan results.
No. The Wiz scan runs entirely within an isolated Base44 sandbox, with no AI model involved. Base44 connects to Wiz only to authenticate, fetch your Wiz rules, and upload lightweight scan metadata, never your source code.
No. Wiz scanning does not consume Base44 credits. Scans run against your own Wiz tenant and count toward your Wiz usage, which is part of your Wiz license.
Some vulnerable dependencies come from Base44’s own packages rather than code you added. A finding on a package you installed shows a fix you can apply, while a finding on a package the Base44 SDK brings in is fixed by Base44 centrally, so the fix reaches every app at once.