Backstage (Spotify)

The Wiz plugin for Spotify Backstage brings Wiz Issues and Vulnerabilities directly into the Spotify Backstage developer portal. By mapping Wiz Projects to Backstage components, the integration surfaces critical cloud security risk and context next to the software services developers interact with daily.

Integration Benefits

• In-Context Visibility: Developers can view the total count, severity, remediation status, and detection timelines of vulnerabilities per component directly within Backstage.

• Granular Search & Filtering: Allows development teams to search through findings by specific rule, resource, or CVE to quickly focus on what is relevant to their current tasks.

• Frictionless Remediation: Provides one-click navigation from the Backstage portal into the Wiz platform, passing full context, remediation guidance, and code-to-cloud pipeline analysis to accelerate fixes.

Better Together

Wiz and Spotify Backstage bridge the gap between security and engineering teams by aligning security findings with established ownership boundaries. While Wiz provides horizontal and vertical views of risk across cloud environments (via Projects and Services), Backstage serves as the daily operational hub for developers. Together, they democratize security, eliminating the need for developers to sift through unfamiliar dashboards or wait for manual tickets, thereby maintaining engineering momentum while ensuring a strong security posture.

Challenge

Security risks are traditionally disconnected from the everyday tools and ownership models used by developers. Cloud risks are often written in a "different language," making it difficult for an engineer to determine if a vulnerability even belongs to their team or service. This lack of clear ownership slows down response times, creates friction between security and engineering, and leaves organizations exposed to unresolved threats.

Solution

When a developer opens a specific component in Spotify Backstage (such as a public-facing website), the Wiz plugin automatically pulls and displays the associated security findings for that project. For example, if a component shows multiple vulnerable resources, the developer can instantly see that these resources run on an internet-exposed load balancer via the Wiz Security Graph. The developer can immediately assess the impact and seamlessly transition into Wiz for exact remediation guidance—all without disrupting their standard development workflow.