Wiz uses various API's via read access in your accounts/orgs/subscriptions to assess risk of configuration.

They also snapshot your disks, cloning them to Wiz accounts to provide secrets scanning / vuln scanning / etc against your infra.

These resulting risks / findings are scored and provided in their SAAS Wiz console via dashboards / APIs / integrations with remediation guidance.