Sold by: Dazz
The Dazz Unified Remediation Platform is a SaaS platform that accelerates remediation and risk reduction for security and development teams. Dazz automates the manual, time-consuming remediation process, allowing organizations to quickly uncover blind spots, shrink vulnerability backlog into root causes, and streamline fixes in existing customer workflows.
4.4
Overview
The Dazz Unified Remediation Platform gives security and development teams one remediation solution for everything developed and run in code, clouds, applications, and infrastructure. The Dazz Unified Remediation Platform aggregates data from a plethora of detection technologies, correlates and prioritizes related issues, traces back to root causes, and delivers a contextual remediation plan in order to measurably reduce exposure.
For more information visit: https://www.dazz.io/ . For custom pricing, EULA, or a private contract, please contact AWS-Marketplace@dazz.io , for a private offer.
Highlights
- Prioritize Risk - Dazz unifies and contextualizes all security findings with exposure analysis, exploitability, business impact, and root causes. The result is that customers know the few issues to fix first out of thousands of security findings.
- Reduce Remediation Time - Dazz helps customers remediate faster by automatically identifying root causes, correlating many alerts into one single fix, and generating actionable remediation guidance with generative AI. Engineers, infrastructure, and IT teams that leverage Dazz gain complete context on what needs to be fixed, the impact of any issue, and how best to fix it.
- Secure CI/CD Pipelines - By connecting to your development platforms and security tooling, Dazz helps strengthen the CI/CD by identifying security coverage gaps, authentication and access issues, misconfigurations, and exposure issues.
Details
Sold by
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Dazz Platform - 1000 | Dazz platform for environments with up to 1000 cloud resources | $400,000.00 |
Vendor refund policy
All fees are non-cancellable and non-refundable except as required by law.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Email support is offered Monday - Friday during normal business hours (EST) support@dazz.io
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Rapid7
By Orca Security CNAPP
Top
100
In Infrastructure as Code
Top
10
In Vulnerability and Patch Management, Data Governance
Top
10
In Monitoring, Application Development
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Multi-Source Security Data Aggregation
Aggregates data from multiple detection technologies and correlates related issues to provide unified visibility across code, clouds, applications, and infrastructure
Root Cause Analysis and Tracing
Traces security findings back to root causes and correlates multiple alerts into single actionable issues for streamlined remediation
Risk Prioritization and Contextualization
Prioritizes security findings using exposure analysis, exploitability assessment, and business impact evaluation to identify critical issues requiring immediate attention
Generative AI-Powered Remediation Guidance
Generates contextual remediation plans and actionable guidance using generative AI to accelerate the remediation process
CI/CD Pipeline Security Integration
Integrates with development platforms and security tooling to identify security coverage gaps, authentication issues, misconfigurations, and exposure vulnerabilities within CI/CD pipelines
Attack Surface Management
Aggregates comprehensive attack surface visibility across hybrid environments with external attack surface scans to provide 360-degree view of entire attack surface
Vulnerability Management
Delivers complete visibility across on-premise and remote endpoints to identify, communicate, and remediate vulnerabilities, misconfigurations, and risks
Cloud Security
Provides code-to-cloud protection for cloud-native applications with seamless CI/CD pipeline integration and agentless risk assessment based on reachability, exploitability, and potential impact
Next-Generation SIEM and XDR
Delivers accelerated detection and response with SaaS deployment, intuitive interface, out-of-the-box detections informed by MDR SOC, and built-in automation capabilities
Threat Intelligence
Delivers high-fidelity actionable threat intelligence infused with proprietary threat and vulnerability research from Rapid7 Labs and community-driven tools
Agentless Cloud Security Architecture
Agentless-first approach using patented SideScanning technology that provides deep visibility into cloud environments without requiring agent deployment
Risk Prioritization and Attack Path Analysis
Granular risk scoring applied to each alert with capability to identify and correlate seemingly unrelated issues into dangerous attack paths
Unified Cloud Security Platform
Single platform consolidating multiple security functions including CSPM, CWPP, CIEM, DSPM, Container security, and API security
CI/CD Integration for Application Security
Seamless integration into CI/CD process to secure applications from code to cloud deployment
AI-Powered Investigation and Remediation
Generative AI capabilities for simplified security investigations and accelerated remediation workflows
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
No security profile
No security profile
-
-
-
-
-
Standard contract
No
No
No
Customer reviews
Aditya Sarkar
Unified dashboards have streamlined code‑to‑cloud risk tracking and reduced manual reviews
Reviewed on Apr 08, 2026
Review from a verified AWS customer
What is our primary use case?
The main use case for Wiz Code is its unique selling proposition, which is the dashboarding. What you want is to see what is wrong within your environment, and that is where Wiz Code picks up the market value with a unified dashboard for all your code-to-cloud issues under a single umbrella, something missing in other products like Prisma Cloud or Aquasec. Aquasec does not have DAST and does not compete with the entire solution, while Prisma Cloud does DAST but lacks in dashboarding and recategorization of the vulnerabilities, which is the USP of Wiz Code.
What is most valuable?
The best features of Wiz Code that I appreciate the most include their entire dashboarding and the seamless integration with different DevOps tooling like GitHub or Azure DevOps . It seamlessly integrates, allowing you to run scanners directly onto the machines without consuming too many resources, and the recategorization of vulnerabilities is absolutely wonderful, giving you a complete attack path, which is something I love about Wiz Code because it details the entire lateral movement of the issue, whether it is a complete shift-left or shift-right, serving as the differentiators compared to other tools in the market.
When I talk about ROI with Wiz Code, it almost cuts you down to 20% to 25% of the daily effort needed in terms of FTE. If you are working with around 100 developers or engineers, you might come down to 60 to 70 engineers, with the rest completely automated by removing false positives, showcasing where the USP comes in.
What needs improvement?
The areas that have room for improvement in Wiz Code are their IaC policies, which require a little more maturity. When discussing IaC policies, you want to ensure engineers cannot merge anything non-compliant to your environment, and they need to streamline these with different cloud service providers, as every cloud has its own policies, such as Azure 's policies. They need to mature their IaC policies and provide more custom policies for better integration.
Aside from the policies, that is the main area for improvement.
For how long have I used the solution?
I started using Wiz Code as part of one of the client engagements where they wanted to do some market research around the SaaS, DAST, IaC, and container scanning tools. From that point in time, I have been using this for more than a year.
What do I think about the stability of the solution?
In terms of stability, I rate it a nine, as I did not observe any instability within the product. The best part is that their entire solution is built on APIs, allowing for easy integration without a codeless approach.
What do I think about the scalability of the solution?
For scalability, I rate it nine.
How are customer service and support?
I would rate the technical support of Wiz Code an eight. It is not bad, but the response time or RTO is longer than expected, indicating where they need to improve.
How was the initial setup?
In terms of deployment, I would not say there were any challenges. The documentation is absolutely excellent and easy to follow, although they have locked the documentation, requiring minimum access called document reader, which is available only if you take a solution from them.
The deployment took just a day. You only need to be ready with your service principal to authenticate your environment, and then you can onboard the entire system, where results typically need at least 24 to 48 hours to start populating on the dashboard, but integration is quite seamless.
What was our ROI?
During my POC, I observed that the automated code reviews reduce human error by approximately 47%, which is the exact number we found out, reflecting a 50-50 ratio.
What's my experience with pricing, setup cost, and licensing?
Regarding pricing, I would say that the pricing model is a little bit hefty on the pocket. For instance, Wiz Code scans your containers twice, first during runtime and then during shift-left when you build the Kubernetes manifest, which causes Wiz Code to charge separately for running the agent on the containers to give runtime posture, as well as for scanning images in the environment during shift-left, which I feel is not good for the client, although I understand it is a marketing strategy.
What other advice do I have?
My thoughts on Wiz Code's error detection feature is that it is an add-on that makes life easier. Though I personally did not find it a path-breaking solution, it adds value where you are already getting the ROI of the product.
My thoughts on the real-time code tracking in Wiz Code is that it is very important because you cannot expect developers to use a repo on a daily basis, as there can be a release cycle for each application causing some days when the repo is dormant, making shift-left only applicable when you trigger the pipeline. That is where agentless scanning comes into play to ensure you have a continuous state of your repository, especially for picking up zero-day vulnerabilities which can pop up within 15 to 20 days.
If you ask me for advice regarding Wiz Code, I would definitely recommend it. Google already bought Wiz Code in a 32 billion dollar deal, improving it significantly, but it still depends on how customers choose to use it. If you want a single view of your entire code-to-cloud, then Wiz Code is the product, but for more mature needs in CSPM, CWPP , ASPM, or DSPM, you may need a POC to determine the best fit for your environment.
Approximately, we had a team strength of about 2,000 to 2,500 developers using Wiz Code.
Wiz Code does not require any maintenance unless it is an on-prem solution where you are managing the underlying machine within your environment.
I would rate this review overall a 9.5.
reviewer2618736
Continuous code security has reduced vulnerabilities and provides real-time risk visibility
Reviewed on Jan 02, 2026
Review from a verified AWS customer
What is our primary use case?
Folks deploying infrastructure with Terraform code need to verify that those deployments do not have vulnerability concerns, and if they do, they need to be remediated, which is the main use case for Wiz Code .
What is most valuable?
The best features with Wiz Code give you a reasonable picture when it comes to vulnerabilities, which means you see the usual severity levels. You also get to see references on how to remediate vulnerabilities. The fact that it has a visual dashboard helps all stakeholders, especially folks who need to remediate, to get that picture correctly and then take action. You know exactly how to track SLAs, which is another great feature. Those features make the tool useful for most people.
It has been quite easy to get visibility into the vulnerabilities and what steps need to be taken. The fact that you get something in real-time means you can plan to either remediate in real-time or put that as an action to remediate. Overall, Wiz Code improves your workflow efficiency to more than average.
What needs improvement?
I have a big improvement in mind for Wiz Code, not a small improvement. When I look at tools such as vulnerability detection tools, I focus on how the reporting could help fast-track risk mitigations. I don't want folks to just look at the severity rating, whether it's critical, high, or medium. I would love to see how that presents a risk. Meaning that if a particular vulnerability is compromised, it could be a low severity, but if it's compromised, what business impact does it have? With capabilities we have in AI and other technologies, I think we could do much more than just sharing vulnerability ratings or severity ratings for folks to act on. That approach is outdated. Something that communicates the value would make sense and could help drive or change habits. That's what I'm thinking, and that's why I say it's a big one, not just something small.
For how long have I used the solution?
I have used Wiz Code for about three years now.
What do I think about the stability of the solution?
Wiz Code is reasonably cool in terms of stability overall.
What do I think about the scalability of the solution?
Wiz Code is scalable.
How are customer service and support?
The support from Wiz Code is incredible. I don't give anyone a 10 in the first place, frankly, but I think a nine will look good. Wiz has done incredibly well. They've set up regular connects with the team, they share new updates, and they want to get feedback in terms of what we think could be done differently. Those sessions actually help. If you need them to jump on a call to resolve an issue, they are always available. That's why I give them a nine.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I did use other solutions before choosing Wiz Code for this, specifically InsightVM . InsightVM has some capabilities I've used in the past as well. However, I wouldn't say I've used InsightVM the way I currently use Wiz Code. I can't really judge or compare the difference between the two. I'm sure InsightVM or Rapid7 has improved on its offerings since when I used it.
Which other solutions did I evaluate?
The metric regarding automated code reviews is something I have not captured, but it's a good metric.
What other advice do I have?
I do use Wiz Code's real-time code tracking.
From my perspective, I think it's positive, but for folks who need to remediate and have old habits when it comes to software development, it might be a big concern. Ultimately, it helps everyone because you have that visibility and you can take action within a sprint because of that visibility. If you can act right away, you can capture that as part of your sprint planning and remediate promptly. It's a good feature. However, I speak from a security perspective. For a product team, it could be a lot to handle. With creating the right habits over time, it becomes an advantage for everyone.
I have never had to think about Wiz Code's error detection feature for improving code quality.
I do not use the analytics tools within Wiz Code. I may know this tool by a different term, but I need clarification on what the analytics tool encompasses.
I have no idea of the pricing for Wiz Code. I have no knowledge of current pricing.
To rate Wiz Code, I need to think of some baseline, but I don't really have any baseline. When I consider the support they offer, which is fantastic, and how reliable the tool is, I could give them a rating of eight.
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Lawrence Chung
Unified security platform has enabled proactive detection of code and pipeline vulnerabilities
Reviewed on Dec 02, 2025
Review from a verified AWS customer
What is our primary use case?
I mainly use Wiz Code to evaluate the codebase on AWS .
Wiz Code is used to run security scans on registry images as a specific example of how I evaluate my AWS codebase.
What is most valuable?
Wiz Code offers great features by providing vulnerabilities that it can detect within code.
Wiz Code detects vulnerabilities effectively through integration with the workflow while being fast and accurate.
Wiz Code takes CNAPP to the next level by offering AppSec capabilities on top of CSPM functionality.
Wiz Code has positively impacted my organization through the unified platform that gives the ability to shift left in security and detect issues before they go into production.
Wiz Code provides the ability to detect vulnerabilities within infrastructure code or the CI/CD pipeline early so that issues can be fixed before going into production.
What needs improvement?
Integration with more scans would be great, though Wiz Code is currently pretty solid as it is.
For how long have I used the solution?
I have been using Wiz Code for about a year now.
What other advice do I have?
My advice for others looking into using Wiz Code is that it is a great product if you are looking for a CNAPP solution that includes CSPM and AppSec along with CWP, providing a unified platform to see your whole code to deployment. I would rate this product an 8 out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
G Verduci
Automated scans have strengthened application penetration testing and continuously find vulnerabilities
Reviewed on Dec 02, 2025
Review provided by PeerSpot
What is our primary use case?
What is most valuable?
In my opinion, all the security features Wiz Code offers are the best. The security feature that stands out the most to me is the automated scanning in Wiz Code. Automated scanning is my top pick when it comes to Wiz Code features. Wiz Code has not yet positively impacted my organization or changed anything in my workflow or results. I expect to see strong security for our applications and secure applications in my workflow or results as I continue using Wiz Code.
What needs improvement?
There is nothing I wish worked better or features I would like to see for improving Wiz Code. There is nothing that comes to mind about needed improvements for Wiz Code.
For how long have I used the solution?
I have been using Wiz Code for three months.
What do I think about the stability of the solution?
I think Wiz Code is reliable; I have not experienced any issues with stability.
Which solution did I use previously and why did I switch?
I have no idea if I previously used a different solution before Wiz Code; I am fairly new to this.
What was our ROI?
I am not sure if I have seen a return on investment from using Wiz Code.
What's my experience with pricing, setup cost, and licensing?
I have no idea about the pricing, setup cost, and licensing for Wiz Code.
Which other solutions did I evaluate?
I have no idea if I evaluated other options before choosing Wiz Code.
What other advice do I have?
My advice to others looking into using Wiz Code is to proceed with caution. I gave this review a rating of 10.