Earlier this year we announced the private preview of WizOS: secured, minimal container images built from source and maintained by Wiz at near-zero CVEs.
Today we’re excited to launch WizOS in public preview, backed by a full platform approach that makes it easy to adopt and migrate to secured images. Wiz Customers can join the public preview and access our Secured Image Catalog today.
Why WizOS
The problem is clear: container images pulled from open repositories often introduce supply chain risk, inflate CVE counts, and expand the attack surface with unnecessary packages and utilities. Security teams face constant vulnerability noise, while DevOps teams and developers get stuck in a cycle of patching vulnerabilities they didn’t cause and dealing with broken builds. Open source components should accelerate delivery, but without guarantees for how they’re maintained and secured, they create friction that slows teams down.
Enter secured images, which are built and continuously maintained by a trusted, verifiable source to eliminate vulnerabilities. WizOS secured images are built from source in a custom-hardened pipeline, with SBOMs and provenance included in every release so you know exactly what’s entering your supply chain. Wiz maintains the images with strict SLAs for CVE remediation, so you stay secure.
Switching to secured images reduces container image vulnerabilities to near-zero, but migrating existing containers is a hurdle to adoption at scale. This is where WizOS shines. It provides complete visibility into your existing container image landscape, identifies swap opportunities, prioritizes them based on risk, and makes it easy to drive developer adoption through image swaps and vulnerability context in pull requests.
A New Approach to Securing Containers: Start Secure
Wiz already secures containers across every stage of their lifecycle: code, build, registry (store), deployment, cloud, and runtime. All these scans, combined with context from the Wiz security graph, give customers visibility to all containers in their environment and the ability to identify critical attack paths involving vulnerabilities. Wiz maps each vulnerability to its origin, including the image layer.
By analyzing vulnerability findings across our customer base, the Wiz research team found that 39% of critical and high vulnerabilities on containers come from the base image.
What if these inherited vulnerabilities could be avoided?
We realized we needed a new approach to container security, starting with a secure foundation. With WizOS images teams can build on a foundation that is minimal, secure and trusted. By swapping existing container images for WizOS images, customers see vulnerabilities drop to near zero. The benefits are felt across teams:
Security teams: No container image vulnerabilities = time saved on vulnerability triage
DevOps & Platform Engineering Teams: No more patching = more time for innovation
Application Developers: Fewer broken builds = faster releases
More than Just Images: A Full Platform Approach to Driving Adoption at Scale
WizOS is more than an image catalog. It is the only platform that helps organizations operationalize secured images at scale. Adopting secured images and migrating your existing containers can present roadblocks:
Lack of Visibility: Do you know which images your organization needs? Can you prioritize where to start your migration and track how the migration is progressing?
Developer Buy-In: Are the secured images usable for developers? Are they flexible and compatible with common packages for easy customization? Do they reduce friction in development pipelines?
Enforcement: How will you ensure that developers adopt the secured images? How can you prevent untrusted, insecure images from reaching production?
Backed by the Wiz platform, WizOS makes secured images easy to adopt and scale:
Complete visibility: Our container image inventory gives you visibility into your container image landscape, including risk posture, so you can prioritize and track your migration efforts. Our image catalog is fully integrated with your inventory so you can see exactly how many images can be swapped for each image type.
Risk-prioritized image swap opportunities: With visibility into every layer of container images, Wiz automatically identifies images that can be swapped for a WizOS secured image. Filter by “WizOS Image Available” in the container inventory and prioritize based on vulnerabilities and associated issues to mitigate the most urgent risks first. Swapping an image is as simple as changing a line in a dockerfile.
The combination of WizOS and the Wiz platform changes the way we approach container images vulnerability management. Instead of addressing CVEs one by one, Wiz highlights high-impact image replacement opportunities - so by fixing the base image, we reduce hundreds of vulnerabilities at once. That visibility and replicability is what makes adopting secured images both practical and valuable.
Tuomas Vähänen, Staff Security Engineer, Wolt
Mika AI-powered adoption guidance: Unsure where to start? Ask Mika AI to help you prioritize your migration by showing you the most impactful places where you can use WizOS, or show you the top most vulnerable container images that can be swapped for WizOS images. Mika AI can calculate the vulnerability savings and help you draft a migration plan.
Built-in compatibility: WizOS images were designed with compatibility in mind. They are minimal images built with glibc and using apk as the package manager. Images come with the package manager installed so they are ready for devs to use out of the box.
Secured Package Repository: Every image type comes with a package repository that contains dependencies trusted and tested by Wiz for easy customization without sacrificing security.
Image swaps in developer workflows: Make building on secure images a no-brainer for development teams. With vulnerability context and 1-click image migration suggestions directly from the platform and in pull requests, you can enable developers to swap vulnerable images for secure images before they reach production.
Adopting WizOS images was seamless - our developers didn’t need to change their workflows. One simple migration gave us secure, up-to-date images with ongoing automated patching. We’ve gone from reactive fixes to proactive security in a fraction of the time.
Emil Vaagland, Head of Product Security, Vend
What’s Next
The public preview of WizOS is just the beginning. We are doubling-down on expanding our image catalog and enriching our platform approach to secured image adoption. Our image catalog will continue to grow to include additional application-specific image types as well as STIG-hardened images. Wiz customers can submit requests for additional image support directly from the Secured Images Catalog.
Our platform will soon give customers the ability to add guardrails in CI/CD and via the Wiz Admission Controller to ensure only secured images are deployed to production. This is just the starting point for a broader trust story within Wiz that we are excited to share very soon.
Get Started Today
WizOS is in public preview for Wiz customers starting today. Visit the Preview and Migration Hub to join the preview and start using WizOS in your environment.
Want to learn more? Join our product team for our upcoming webinar covering WizOS and how Wiz makes secured images easy to adopt and scale. Register here.
