Product

Resources

Company

Talk to a real human

Book a demo

Blog

Root Partners with Wiz: Find Vulnerabilities Once, Fix Them for Good

Technology Partnership Enables Mutual Customers to Reduce Cloud Risk and Remediate Vulnerabilities in Minutes, Not Months

Mickey Gordon

CPO, Co-Founder

Published :

Mar 17, 2026


Root, the automated vulnerability remediation company, today announces its partnership with cloud security leader Wiz by joining the Wiz Integration Network (WIN). Through this partnership, Root brings the power of its AVR Factory to WIN, enabling customers to seamlessly connect Wiz's discovery engine to automated remediation across the full technology stack - no migrations, no manual patching, no PDFs.

Together, Wiz and Root close the gap between finding vulnerabilities and actually fixing them. Through SCA scanning, Wiz Code discovers CVEs across repos and container images with full context: severity, exploitability, asset exposure. When a remediated version from Root is available, it surfaces directly inside the Wiz workflow, mapped to the specific vulnerability, with Root clearly attributed as the remediation source. This partnership delivers:

  • Discovery to remediation in one workflow. Wiz Code finds vulnerabilities. Root's patched version appears as the fix, right inside Wiz. Remediated libraries, images, and patches land in your repos and registries automatically, with SBOM, VEX, and attestation.

  • Fix what you're running - don't migrate off it. Root remediates the software you actually use. No forced base image swaps, no "upgrade to our stack or stay vulnerable." Your OSS, your versions, fixed in place.

  • Majority of exposure, handled. Most real CVE risk lives in app dependencies, the stuff "secure your base image only" vendors leave for you to deal with. Root has a libraries first approach, and fixes the exposure in your applications, where the exposure actually is, as well as covering your base images.

The combined value of these two platforms gives security and engineering teams something the industry has been missing: when Wiz detects a vulnerable package, Root's tested, attributed fix is already there. No ticket. No research. No waiting for a maintainer. Just a clear path from vulnerability to remediated artifact.

"This integration delivers what security teams have been asking for: proof that what they're running is actually fixed," said Mickey Gordon,  Co Founder and CPO at Root. "Root customers already see the fix delivered to them. Now, using Wiz they’ll see remediation recognized right inside their Wiz ecosystem.” 

“We’re happy to welcome Root to the WIN ecosystem,” said Oron Noah, VP of Product, Extensibility and Partnerships at Wiz. “Together, we’re helping customers move from discovery to remediation in a single workflow, so security and engineering can work side by side to reduce risk without slowing innovation.”

WIN is designed to enable a modern cloud security operating model, where security and cloud teams work together to understand and reduce cloud risk. This partnership strengthens the WIN ecosystem, delivering greater value to mutual customers who rely on Wiz and Root to secure their cloud environments.

How It Works

The integration connects Wiz's vulnerability discovery directly to Root's remediation engine, so when Wiz finds a vulnerable package, Root's fix is already waiting.

  1. Wiz discovers a vulnerability — Wiz Code scans your repos and container images, identifying vulnerable packages with severity and exploitability context.

  2. Root's remediated version surfaces — For every vulnerability where Root has a fix available, Wiz displays Root's patched version as the remediation path. You see the vulnerability, the fix, and Root as the source, right inside the Wiz workflow you already use.

  3. Root delivers fixed artifacts — Root's AVR Factory remediates libraries first (where 80% of exposure lives), then images, then patch streams. Patched packages are delivered as Root Libraries, Root Image Catalog, and Root Patches to your repos (PyPI, npm, Maven, Go) and registries (ECR, GCR), with SBOM, VEX, and attestation. Current stats: 83% automation rate, 15–40 minute average patch time.

  4. Your posture updates in real time — As remediation completes, Wiz reflects the improved security state. Vulnerabilities move from open to resolved, and your compliance artifacts are already generated.

The result: Wiz shows you what's vulnerable. Root shows you exactly how it's fixed. No ambiguity, no generic "update available" guidance. A specific, tested, attributed remediation for the package you're actually running.

Image results in Wiz CLI without Root

Before Root patches in Wiz


Image results in Wiz CLI with Root's version surfacing

Getting Started

What you need:

  • A Wiz tenant with Wiz Code / Wiz SCA enabled

  • A Root account

  • Package repos and container registries reachable from Root

Setup:

  1. Enable the WIN integration between your Wiz and Root accounts

  2. Wiz SCA scans your repos and images and surfaces Root's remediated versions for detected vulnerabilities

  3. Root delivers fixed artifacts—patched libraries, images, and patches—to your repos and registries

  4. Explore more in Root's Wiz documentation

Learn more at wiz.io/integrations or root.io/book-a-demo.

Trusted by businesses who can't afford slowing down

Fix CVEs without changing how you build.

Get vulnerability-free layers for your current images.

Pull vulnerability free code now

Book a demo

Fix CVEs without changing how you build.

Get vulnerability-free layers for your current images.

Pull vulnerability free code now

Book a demo

Fix CVEs without changing how you build.

Get vulnerability-free layers for your current images.

Pull vulnerability free code now

Book a demo

Fix CVEs without changing how you build.

Get vulnerability-free layers for your current images.

Pull vulnerability free code now

Book a demo