Sold by: Dazz
The Dazz Unified Remediation Platform is a SaaS platform that accelerates remediation and risk reduction for security and development teams. Dazz automates the manual, time-consuming remediation process, allowing organizations to quickly uncover blind spots, shrink vulnerability backlog into root causes, and streamline fixes in existing customer workflows.
4.3
Overview
The Dazz Unified Remediation Platform gives security and development teams one remediation solution for everything developed and run in code, clouds, applications, and infrastructure. The Dazz Unified Remediation Platform aggregates data from a plethora of detection technologies, correlates and prioritizes related issues, traces back to root causes, and delivers a contextual remediation plan in order to measurably reduce exposure.
For more information visit: https://www.dazz.io/ . For custom pricing, EULA, or a private contract, please contact AWS-Marketplace@dazz.io , for a private offer.
Highlights
- Prioritize Risk - Dazz unifies and contextualizes all security findings with exposure analysis, exploitability, business impact, and root causes. The result is that customers know the few issues to fix first out of thousands of security findings.
- Reduce Remediation Time - Dazz helps customers remediate faster by automatically identifying root causes, correlating many alerts into one single fix, and generating actionable remediation guidance with generative AI. Engineers, infrastructure, and IT teams that leverage Dazz gain complete context on what needs to be fixed, the impact of any issue, and how best to fix it.
- Secure CI/CD Pipelines - By connecting to your development platforms and security tooling, Dazz helps strengthen the CI/CD by identifying security coverage gaps, authentication and access issues, misconfigurations, and exposure issues.
Details
Sold by
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Dazz Platform - 1000 | Dazz platform for environments with up to 1000 cloud resources | $400,000.00 |
Vendor refund policy
All fees are non-cancellable and non-refundable except as required by law.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Email support is offered Monday - Friday during normal business hours (EST) support@dazz.io
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Rapid7
By Orca Security CNAPP
Top
100
In Infrastructure as Code
Top
10
In Vulnerability and Patch Management, Data Governance
Top
10
In Monitoring, Application Development
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Multi-Source Security Data Aggregation
Aggregates data from multiple detection technologies and correlates related issues to provide unified visibility across code, clouds, applications, and infrastructure
Root Cause Analysis and Tracing
Traces security findings back to root causes and correlates multiple alerts into single actionable issues for streamlined remediation
Risk Prioritization and Contextualization
Prioritizes security findings using exposure analysis, exploitability assessment, and business impact evaluation to identify critical issues requiring immediate attention
Generative AI-Powered Remediation Guidance
Generates contextual remediation plans and actionable guidance using generative AI to accelerate the remediation process
CI/CD Pipeline Security Integration
Integrates with development platforms and security tooling to identify security coverage gaps, authentication issues, misconfigurations, and exposure vulnerabilities within CI/CD pipelines
Attack Surface Management
Aggregates comprehensive attack surface visibility across hybrid environments with external attack surface scans to provide 360-degree view of entire attack surface
Vulnerability Management
Delivers complete visibility across on-premise and remote endpoints to identify, communicate, and remediate vulnerabilities, misconfigurations, and risks
Cloud Security
Provides code-to-cloud protection for cloud-native applications with seamless CI/CD pipeline integration and agentless risk assessment based on reachability, exploitability, and potential impact
Next-Generation SIEM and XDR
Delivers accelerated detection and response with SaaS deployment, intuitive interface, out-of-the-box detections informed by MDR SOC, and built-in automation capabilities
Threat Intelligence
Delivers high-fidelity actionable threat intelligence infused with proprietary threat and vulnerability research from Rapid7 Labs and community-driven tools
Agentless Cloud Security Architecture
Agentless-first approach using patented SideScanning technology that provides deep visibility into cloud environments without requiring agent deployment
Risk Prioritization and Attack Path Analysis
Granular risk scoring applied to each alert with capability to identify and correlate seemingly unrelated issues into dangerous attack paths
Unified Cloud Security Platform
Single platform consolidating multiple security functions including CSPM, CWPP, CIEM, DSPM, Container security, and API security
CI/CD Integration for Application Security
Seamless integration into CI/CD process to secure applications from code to cloud deployment
AI-Powered Investigation and Remediation
Generative AI capabilities for simplified security investigations and accelerated remediation workflows
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
No security profile
No security profile
-
-
-
-
-
Standard contract
No
No
No
Customer reviews
Naina Bhartia
Guardrails have reduced incidents and automate secure cloud deployments across our environments
Reviewed on Jun 04, 2026
Review from a verified AWS customer
What is our primary use case?
I have been using Wiz Code for the past one and a half years.
The main use case for Wiz Code is to write the security guardrails for our environment. For example, I need to write infrastructure guardrails such as S3 buckets must not be public, security groups must not allow 0.0.0.0 on SSH port 22, and RDS databases must have encryption enabled. These are examples for which we use Wiz Code to write these guardrails.
We also use Wiz Code to write Identity and Access Management guardrails such as detecting overly permissive permissions. For instance, no IAM policy should contain action star, and no role should have administrator access unless approved. Cross-account trust relationships must be justified.
What is most valuable?
Some of the best features Wiz Code offers is code-to-cloud mapping. Most tools will tell us that you have a vulnerable package, but Wiz tells us this vulnerable package is running in a production workload that is internet-facing and has access to sensitive data. This context dramatically improves the prioritization because I can focus on exploitable risk instead of thousands of theoretical findings. For AWS environments, this is extremely useful. Wiz Code can scan Terraform , CloudFormation , Kubernetes manifests, and can catch issues before deployment such as public S3 buckets, unencrypted databases, overly permissive security groups, containers running as root, and hardcoded secrets. This is where I can codify architecture standards into enforceable controls. The ability to define guardrails and fail builds is a major strength.
One of the best features I have been using day to day, which is the lowest effort win, is finding AWS keys, tokens, passwords, and certificates before they hit GitHub or production, which prevents many incidents. There is a unique capability in Wiz Code that instead of viewing cloud findings, vulnerability findings, IAM findings, and code findings in separate tools, Wiz Code correlates them through its security graph, allowing us to trace an issue from code all the way to the business impact. This is where I think Wiz Code is the strongest.
Wiz Code provides a unified developer experience where developers can see findings in IDEs, pull requests in GitHub , and in CI/CD pipelines, which reduces the back-and-forth effort. Wiz Code has impacted the organization positively by providing these features, the ease of work, and all these security graph correlation, unified developer experience, secrets detection, and security policies that block bad deployments. With all these, it has actually helped us prevent a lot of vulnerabilities in the environment, which has had a positive impact on the organization. The incident count has reduced almost 35 to 40 percent with the Wiz Code guardrails that we have been using for a long time now.
What needs improvement?
First, Wiz Code's areas of improvement can be better architecture-aware analysis. Today, most findings are resource-centric; for example, a security group is public, an IAM role is over-permissive, or an S3 bucket is exposed. What architects want is for Wiz Code to understand that this design violates the organization's reference architecture and to identify deviations from approved patterns such as hub-and-spoke networking and shared services. It would be beneficial to move from configuration review to architecture review.
Another improvement area is that many organizations struggle to translate security standards into policies, so Wiz Code could generate and validate the policy automatically. That would actually benefit the organization in faster guardrail creation and maintenance. Imagine uploading Terraform architecture diagrams and design documents and asking Wiz Code to review this architecture against enterprise security standards; the output could include risks, missing controls, compensating controls, and recommended guardrails, bridging architecture governance and automated security. This point needs to be worked on and improved by Wiz Code.
From Wiz Code's AI capabilities, I would say Wiz Code has been investing heavily in AI-driven workflows, security agents, remediation, guidance, and AI-powered investigation. I appreciate that AI recommendations are grounded in actual cloud context, and they can trace risk from code to cloud to resource to exposure. There are areas of improvement; more architecture-level reasoning is required, better explanations of why a design violates the enterprise standards, and more what-if analysis before deployment. Governance is the area where Wiz Code actually shines; for large enterprises, governance is not just finding vulnerabilities; it includes ownership, accountability, exceptions, policies, risk acceptance, and auditability. For a financial bank, the most valuable governance capabilities are mapping risk to business owners, consistent guardrails across cloud accounts, evidence for auditors, policy-driven enforcement, and risk prioritization based on context. Security is, again, Wiz Code's strongest area.
I rate the accuracy and reliability as good, but not yet at a level where I trust it without validation. It does well with security explanations; the AI is quite good at explaining why a finding matters, potential attack paths, impact to cloud resources, and security best practices. For example, if it finds a public S3 bucket, overly permissive IAM roles, or public security group, the explanations are usually accurate and aligned with security principles. The remediation suggestions for common issues such as restricting IAM permissions, enabling encryption, and removing public exposure save engineers time because they do not have to research the fix themselves. However, I am cautious with least privilege recommendations because the AI may suggest removing permissions or tightening IAM policies, but it does not always fully understand business requirements, operational dependencies, and future use cases. As an architect, I never approve IAM changes solely based on AI output. Additionally, complex architecture decisions such as shared VPC models can be problematic; AI often lacks the broader organizational context needed to judge whether a design is appropriate, and it might recommend practices that do not align with organization-approved patterns.
For how long have I used the solution?
I have been using Wiz Code for the past one and a half years.
What do I think about the stability of the solution?
Wiz Code is really stable.
What do I think about the scalability of the solution?
Wiz Code scales quite well from an enterprise perspective, and I would consider scalability one of its stronger attributes. When evaluating scalability, I look at repository scalability; Wiz Code is designed to integrate with major SCM platforms and can scan thousands of repositories across multiple business units and development teams. Secondly, in terms of cloud environment scalability, this is where Wiz Code generally excels, being built to handle thousands of AWS accounts, multi-cloud environments, and millions of cloud resources. The code-to-cloud correlation capability benefits from this large-scale architecture.
How are customer service and support?
Customer support is really helpful with immediate responses and quick turnaround times.
What was our ROI?
Before Wiz Code, the security team manually correlated the cloud assets, vulnerabilities, IAM permissions, and internet exposure, with critical issues identified in five days. Now, with the security graph automatically correlating findings, critical issues are identified in 30 minutes, resulting in a 90 percent plus reduction in investigation effort. There is also a reduction in security review effort relevant to the architecture review role, where previously three hours were needed for security review and 20 manual checks; now, Wiz Code validates all this and does it for us.
What's my experience with pricing, setup cost, and licensing?
I was not actively involved in the setup cost and licensing, but I definitely know the pricing was something good given the usage and benefits it provides. I would say the pricing is not too high.
Which other solutions did I evaluate?
My team evaluated Palo Alto Networks Prisma Cloud, Microsoft Defender for Cloud , Checkmarx One , and Snyk when choosing Wiz Code.
What other advice do I have?
One must give some time to using Wiz Code initially, and they will definitely have a positive experience with using it. Wiz Code was purchased through the AWS Marketplace . Wiz Code is deployed in my organization on public cloud. AWS is our cloud provider. I rate this product 8 out of 10.
reviewer2846637
Cloud insights and AI have streamlined how I identify and verify daily vulnerabilities
Reviewed on May 30, 2026
Review from a verified AWS customer
What is our primary use case?
My main use case for Wiz Code is for vulnerabilities. I receive a specific vulnerability from some assets, and I analyze and try to verify if they are positives or false positives. In general, all of my work regarding Wiz Code involves vulnerabilities.
What is most valuable?
Wiz Code's cloud part is good; I am able to see the IDs, the assets, and the information, which in general makes it easier to find where the vulnerability is. The organization of the data helps me find where the vulnerability is; I don't really use the dashboard much.
The AI feature is the other part that I like most with Wiz Code; it helps a lot and makes it easier to search for something. For example, if I need to do some query to look up a specific vulnerability or assets, it is easier.
Wiz Code has positively impacted my organization because it is better on a daily basis. We receive new cases, and it is easy to analyze and take care of them. It made things easier in that we receive a specific vulnerability, and if I select that one, we are able to see everything regarding the vulnerability, the asset, and the owners, for example.
What needs improvement?
The dashboards can be better; we have dashboards, but they are really complex and have a lot of information.
For how long have I used the solution?
I have been working in my current field for almost three years.
What do I think about the stability of the solution?
Wiz Code is stable with no downtime or reliability issues.
What do I think about the scalability of the solution?
Wiz Code's scalability can handle growth or increased workload well.
How are customer service and support?
I have never reached out to Wiz Code's customer support, so I don't have experience with that.
Which solution did I use previously and why did I switch?
I did not previously use a different solution before Wiz Code.
What's my experience with pricing, setup cost, and licensing?
I don't have much experience with pricing, setup cost, and licensing because my company bought it, so I just use it for free.
Which other solutions did I evaluate?
I didn't evaluate other options before choosing Wiz Code.
What other advice do I have?
I think Wiz Code is pretty much better right now. I only use it for what is already specified. I don't know what advice I would give to others looking into using Wiz Code because I think we use it more for company work and I don't know how much I would use it privately since this is more a company tool. I would rate my overall experience with Wiz Code as a nine out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Jaiashish K
Improved vulnerability management has reduced costs and provides accurate risk visibility
Reviewed on May 30, 2026
Review from a verified AWS customer
What is our primary use case?
Wiz Code is used for vulnerability management by scheduling a scan for the entire infrastructure, then exporting the report and sharing it with the remediation team. Sometimes, zero-day vulnerabilities are discovered, and remediation steps are checked to see if they have been released. The scan status for scheduled or on-demand scans is monitored, and once a scan is complete, verification is performed to ensure correct data is being retrieved. The main use case for Wiz Code is vulnerability management for infrastructure.
What is most valuable?
Wiz Code offers minimum false positive vulnerabilities, which is the best feature and meets expectations for the tool. Another valuable feature is remediation, where remediation steps are provided and remediation status can be tracked.
The remediation tracking helps the workflow by making it faster to track and making remediation easier. For example, one report is created for everything, and then the steps for remediation are provided.
What needs improvement?
Scanning in Wiz Code takes a lot of time. When running 50, 100, or 1,000 assets at one time, it takes nine or ten hours, and the reason is unclear. If the scanning time could be improved, it would be helpful.
Slowness is sometimes experienced when accessing Wiz Code, which is on the cloud. Connection timeout errors occur sometimes, and sometimes it is not available, so that needs to be resolved. Feature-wise, compared to zero-day vulnerability remediation steps, remediation steps are received faster on Qualys and Tenable. In Wiz Code, it takes five, six, or seven days, and zero-day vulnerability remediation steps are not provided that quickly.
For how long have I used the solution?
Wiz Code has been used for the last two years.
What do I think about the stability of the solution?
Wiz Code is stable now.
What do I think about the scalability of the solution?
Wiz Code's scalability is good now.
How are customer service and support?
Timely responses from customer support for Wiz Code are not being received. Service requests are raised, but proper responses are not provided. It takes 24 to 48 hours to get a response, even after asking for updates multiple times, so customer support needs to be improved.
Which solution did I use previously and why did I switch?
Tenable was used previously, and the management decided to switch to Wiz Code because it was costly. The decision was made to go with Wiz Code as a more affordable alternative.
What was our ROI?
A return on investment has been seen with Wiz Code, as it is money-saving. Management provided the update that it is money-saving.
Which other solutions did I evaluate?
Before choosing Wiz Code, Tenable Security Center was evaluated, and the decision was made to go with Wiz Code.
What other advice do I have?
Wiz Code's implementation positively impacted the organization, and the decision to go with it was made because of the billing. Feature-wise, it is not much different, but the billing is impacting. Tenable and Qualys are more costly compared to Wiz Code, which is why the organization decided to go with Wiz Code.
Wiz Code has a feature for the dashboard, and dashboards are created to give the status for business metrics. These metrics include what the critical assets are, how many worldwide spread vulnerabilities there are, how many assets per location, what the remediation is, how old the vulnerabilities are, and how many are end of life. The dashboard is very easy to create and creates a business metrics overview for everyone to see what the risk is in the organization. The metrics feature is very good.
Wiz Code's governance and security regarding AI capabilities are pretty good, and there is no issue with that.
The accuracy of Wiz Code is understood to be up to 95% or 96%.
If you are mostly on the cloud, Wiz Code is recommended. If you are mostly on-premises, it is not recommended.
This review receives a rating of 8.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Santhoshgullapudi Santos
Automated cloud scans have improved threat detection and streamline forensic investigations
Reviewed on May 28, 2026
Review from a verified AWS customer
What is our primary use case?
My main use case for Wiz Code is to detect vulnerabilities, findings, and issues in our cloud environment. It detects our AWS account, Azure , and GCP as well, scanning all our cloud accounts and detecting misconfigurations. Based on severity—high, low, medium��—we find those issues and solve them accordingly, identifying the root cause of those things.
In our cloud environment, we have detected issues with ECS services, where our main part is to develop code and policies. One thing we noticed in the ECS service was that a role had high permissions, meaning it had more than necessary access. We solved that issue by remediating it and sharing our information with the cloud team.
As part of these past six months, I have concentrated on my contribution to the team, focusing on Wiz Code policies and concurrently working on the forensics feature in Wiz Code. For the forensics feature, we create a cross-account IAM role. If we have 100 AWS accounts, there are many issues found at the snapshot level and in EC2 instances. Wiz Code has a feature called Wiz forensics, which copies the EC2 volumes from the source account to the forensic account, allowing us to investigate all the findings. To do this, we need to create a cross-account IAM role and think about following the least privilege policy. Recently, I worked on the Wiz Code forensics feature.
What is most valuable?
Wiz Code offers many benefits. It is a cloud security tool that is essential nowadays, helping significantly in my day-to-day activities. It detects misconfigurations and shows them in the Wiz Code UI, and it also provides features such as dashboards and widgets, allowing us to create customized dashboards for our requirements and set alerts as needed.
I have customized the dashboards. Recently, I'm doing some research and development on Wiz Code dashboards and reviewing videos on creating them.
Wiz Code has made things easier because whenever we write any cloud configuration rule, it detects issues across all AWS accounts. For example, if an employee creates an S3 bucket in public mode when it should be private, Wiz Code has a feature called Cloud Matcher in a cloud configuration rule that catches this misconfiguration. It provides details such as the account name, the S3 bucket name, when the issue was issued, and the IAM user involved, all of which are shown in the Wiz Code UI under the issues section.
Using Wiz Code has led to significant measurable improvements for our organization. For example, the graph controls feature allows us to create a security query that detects misconfigurations and indicates the stage at which issues occur. This feature shows everything end-to-end in a security graph, identifying what is affected and the root cause of the issue.
What needs improvement?
Wiz Code has many features, and I think they could continue to enhance customization according to our requirements.
For how long have I used the solution?
I have been using Wiz Code for the past six to eight months.
What do I think about the stability of the solution?
Wiz Code is stable, and we can customize it according to our requirements.
What do I think about the scalability of the solution?
For scalability, we can adapt Wiz Code based on our specific needs.
How are customer service and support?
The customer support is good. Whenever we encounter any blockers or require information or permission issues in Wiz Code, they promptly address our tickets.
Which solution did I use previously and why did I switch?
I did not use any other solution before Wiz Code. Previously, I was involved in another project that was a DevOps project.
How was the initial setup?
I have used the AWS cloud provider with cloud connectors to connect our cloud with Wiz Code. Specific roles and permissions are needed to deploy the Wiz Code scanner role, and these roles are created in both our environment and the Wiz Code AWS account for integration.
What about the implementation team?
There is a business relationship with the vendor, as there is a bond from our organization according to information I heard from my teammates.
What was our ROI?
Using Wiz Code has been a worthy investment. Manually checking all 100 AWS accounts for issues would take an immense amount of time, but Wiz Code allows us to scan all accounts within minutes and continuously monitors our cloud environment every 24 hours, displaying any changes in the Wiz Code UI under the issues and threats section.
What's my experience with pricing, setup cost, and licensing?
I don't have any idea about the licensing and pricing specifics as I believe that is handled in the backend, but I suspect that acquiring a Wiz Code tenant subscription involves significant cost.
Which other solutions did I evaluate?
I did not evaluate other options before choosing Wiz Code, as I was switching to another project that used Wiz Code. I wanted to explore learning new skills in this field.
What other advice do I have?
There is a business relationship with the vendor, as there is a bond from our organization according to information I heard from my teammates.
Wiz Code significantly aids in my day-to-day activities. I would rate this product eight out of ten, and I don't have any further additional thoughts on this session.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Mihajlo Jankovic
Improved vulnerability visibility has reduced critical risks and maintains healthier app security
Reviewed on May 27, 2026
Review from a verified AWS customer
What is our primary use case?
My main use case for Wiz Code is for application security, to scan vulnerabilities and prioritize the vulnerabilities based on results.
When a new vulnerability is published, I review the findings from Wiz Code and see if we are exposed with our versions we are using, and if we need to upgrade, what version, and what priority it needs to be based on the risk there.
What is most valuable?
The best features Wiz Code offers are the threat vulnerability picture and view by repository.
I value the vulnerability picture and the repository view because they help me to see all the vulnerabilities we have and to prioritize them.
Wiz Code has positively impacted our organization as it helped us to maintain a healthy application security side of the company and to remediate our vulnerabilities. Since using Wiz Code, we have reduced the number of our vulnerabilities by 50%, criticals by 90%, so we are very satisfied with it.
What needs improvement?
Wiz Code could be improved by showing us the dependencies that are affecting us; if we are upgrading one dependency, it would be helpful to know if down the road that's going to cause any problems with other dependencies.
For how long have I used the solution?
I have been using Wiz Code for more than six months.
How are customer service and support?
5
What other advice do I have?
Regarding Wiz Code's AI capabilities, I think its governance and security are very good; we are satisfied with the green and red events.
I think the accuracy and reliability of output from Wiz Code is approximately 95% accurate. I would rate this review a 9.