Introducing: the Wiz plugin for Backstage
By Jian Reis • March 4th, 2025
Platform engineering has changed how teams build and deliver software, yet security checks often remain siloed in their own dashboards or require context switching that slows everyone down. Roadie’s new Wiz Plugin for Backstage tackles this issue head-on by bringing Wiz’s cloud security insights directly into the Backstage interface.
It’s no secret that identifying misconfigurations or vulnerabilities early can save engineering teams huge amounts of time and risk. But doing that efficiently means centralizing actionable security data in the same place developers already work. That’s where this new plugin comes into play.
According to Roadie Software Engineer Irma Solakovic (who built the plugin), it’s all about speed and clarity, and a single pane of glass:
“As an engineer, you want to shorten the time it takes to spot issues - whether that’s a misconfiguration or a vulnerability. Save time and stop hopping between different platforms - if you’re already looking at your services in Backstage, why not see what’s wrong there, too? Now teams can see Wiz issues alongside their services, documentation, and CI/CD pipelines.”
What Does the Plugin Do?
The plugin surfaces Wiz’s prioritized security findings - such as vulnerabilities, compliance risks and misconfigurations - right inside Backstage, giving teams a unified overview of their software landscape and its security posture. Key highlights include:
- Single Pane of Glass: No need to jump between separate tools. Check your critical Wiz findings the moment you inspect a service in Backstage.
- Contextual Threat Prioritization: Wiz assesses vulnerabilities and misconfigurations in the context of your specific environment, ensuring that the most pressing threats are highlighted first.
- Real-Time Risk Insight: Access up-to-date, Wiz-scanned data so you can focus on the most pressing issues first.
- Open Source & Managed: The plugin is open source for self-hosted Backstage users, and Roadie customers benefit from automated token renewal and streamlined setup.
See your Wiz issues by status, from inside Backstage
Certified by Wiz
This plugin has been certified by Wiz, so it meets Wiz’s standards for reliability and quality. Organizations using Wiz can be confident that their data is displayed accurately in Backstage - letting them act on the right information at the right time.
According to Irma, the Wiz team provided valuable support during the development process:
“We got great feedback from the Wiz engineers, especially around handling API usage guidelines. Their insights were really helpful in making this plugin both accurate and efficient.”
Why Choose Roadie for Wiz + Backstage?
While anyone can adopt the open-source plugin, Roadie offers a managed solution and we can assist with initial setup and ongoing usage of the plugin. Additionally, Roadie allows for managing Wiz secrets via the UI, while open-source users will need to add these to their configuration file (app-config.yaml). With Roadie, you spend less time fiddling with integrations and plugins, and more time actually fixing issues.
Get Started
Ready to give it a spin? Check out our resources:
- Roadie users: Roadie Wiz Plugin Docs
- Self-hosted users: Install via NPM (
@roadiehq/plugin-wiz-backend) and follow our guide.
We’re excited to hear your feedback, and look forward to seeing how the open community continues to improve and enhance this plugin.