Tools like Lovable have made it possible for anyone on your team, not just engineers, to go from idea to deployed product or internal tool in a matter of hours. Describe what you want, watch it take shape in real time, and ship it to the world in a single click.
Today, we're announcing a native integration that brings Wiz security scanning directly into the Lovable build experience. When connected, Wiz scans run automatically as part of Lovable's security suite, and findings surface right in the Security view, alongside Lovable's existing built-in scanners for dependencies, secrets, database security, and code vulnerabilities.
No new dashboards or extra pipeline steps — your Wiz policies follow your team into Lovable.
Your Wiz policies, extended into every Lovable project
Lovable already ships with built-in security scanning: dependency auditing, AI-powered code security review, RLS analysis, and database configuration checks. Wiz extends that foundation with software composition analysis across your full dependency tree, sensitive data and secrets detection, and environment configuration scanning. Results are checked against Wiz's continuously updated vulnerability database and the CI/CD policies your security team has already defined in the Wiz platform.
When a scan runs, Lovable mounts your project code into a secure, isolated sandbox and runs the Wiz CLI scanner against it. Findings are classified by severity, mapped to your Wiz policies, and displayed in Lovable's Security view with the Wiz badge, so your team knows exactly where each finding comes from.
Critically, results also flow into Wiz's Code and Build scans page. Your security team sees Lovable-built applications right next to everything else they monitor in Wiz, with the same context — exposure, reachability, remediation guidance — they rely on everywhere else.
Our enterprise customers wanted their existing Wiz policies to apply to everything they build in Lovable — so we made that happen. Lovable was designed with security built in, and Wiz deepens that for teams that have standardized on it across their stack.
— Igor Andriushchenko, CISO, Lovable
AI-assisted development is changing how software gets built, and security has to evolve with it. Our integration with Lovable brings code-to-cloud context into the build process, allowing teams to see how issues impact real environments and prioritize what matters — without slowing down how they create.
— Oron Noah, VP of Product, Extensibility & Partnerships, Wiz
How the integration works for your team
For developers building in Lovable: Wiz scanning runs automatically alongside Lovable's built-in security checks. If a dependency in your project has a known CVE, Wiz flags it in the Security view with severity, affected package, fixed version, and remediation steps. Fix the issue in Lovable, rescan, and confirm the resolution — all without leaving the platform. For more complex findings, jump directly into Wiz to follow Mika's guided remediation.
For security teams: Applications built in Lovable now appear in your Wiz Code and Build scans alongside everything else you monitor. You get the same context you rely on — exposure, reachability, supply chain risk — applied to Lovable projects automatically. Define your CI/CD policies in Wiz once, and they apply consistently whether code comes from a traditional repo or a Lovable project.
For platform and engineering leaders: Your teams can use Lovable for rapid development, and your existing Wiz investment ensures governance follows. No shadow IT blind spots, no separate tooling to manage. Applications are scanned against your organization's security standards from the moment they're built.
Get connected
If your organization already uses Wiz, connecting to Lovable takes a few minutes. Read the full documentation here.
Once connected, Wiz scans every project in the workspace. Findings appear in each project's Security view and flow into your Wiz Code and Build scans page.
