Wiz has entered the hardened Linux distribution game with WizOS - their answer to vulnerability-riddled container base images. Jeremy breaks down what this means for the secure development ecosystem.
This blog recaps Jeremy's short video on WizOS. |
Watch or listen to Jeremy's full video above or continue below for a short, high-level summary.
What is WizOS?
A hardened, lightweight Linux distribution that's designed to be near CVE-free. Think Alpine, but with security baked in from the ground up rather than patched after the fact.
Current State
- Focused on Golang architectures (narrow but growing)
- Already in production use at Wiz (they've replaced Alpine internally)
- Integrates with Wiz's platform to recommend secure base image alternatives
- Shows critical vulnerabilities alongside WizOS remediation options
The Bigger Picture
This isn't just about Wiz. Chainguard pioneered this approach with Wolfi and their "start left, don't shift left" philosophy. Their recent $3.5B valuation (up from $1.1B last year) shows the market appetite for supply chain security tools.
What's Coming
Wiz plans to expand beyond Golang to support broader base images and common application layers. Expect to see WizOS variants for ASP.NET, databases, and other popular development stacks.
Why This Matters
Supply chain attacks have made vulnerable base images a critical risk. Rather than constantly patching vulnerabilities post-deployment, teams can start with foundations that are secure by design.
The shift from reactive security to proactive prevention is accelerating - and container base images are ground zero for this transformation.

24 May 2025