My main use case for Honeycomb Enterprise is alerting and full stack tracing. I use Honeycomb Enterprise for tracking our traces from the front end all the way to our back end in Kotlin, and through Kafka and into Elastic. This helps us to spot any bottlenecks and see where errors occurred in our data processing pipeline.

We primarily use Honeycomb Enterprise to power our alerting, so we get alerts based on throughput, based on spikes, anomalies, and any error rates in each service. The best features Honeycomb Enterprise offers are alerting, which is mainly what we use it for.

Visualization is fine for me, although our dashboards are a bit cluttered. Primarily, the alerts are the most useful thing. The querying is good, although sometimes a bit messy. I would appreciate a better way to store my queries, perhaps with some auto-fill functionality. The alerts are the best feature.

Honeycomb Enterprise has positively impacted our organization by providing live alerts. We have been able to get alerts when something may pop up and see any issues in the system. We get alerts into Slack, and they work great. We see a lot of metrics go through into Slack, and they are really useful for keeping our team focused on only seeing one place to see alerts.

Honeycomb Enterprise can be improved by having a cleaner dashboard and a nicer way to search between insights.

I have been using Honeycomb Enterprise for one and a half years.

I do not have the metrics for a return on investment, but it has been very useful.

Having those alerts and metrics in Slack helps with our SLAs. If we ever have downtime in a service, we can get back to it straight away. I rate Honeycomb Enterprise a seven out of ten because I feel a lot of the journeys could be made cleaner. Some of the dashboards and the insights could be a bit more well-refined. For example, Grafana has a lot better visualization tools, but it needs to be a bit more involved.

Honeycomb Enterprise is deployed in our organization in a public cloud and is hosted by Honeycomb, who is the provider.

My experience with pricing, setup cost, and licensing is that the number of samples would be good. The number of events, really, so we can pay less. I do not have the metrics for a return on investment, but it has been very useful. It is quite expensive, but I think we get value out of it. My overall rating for Honeycomb Enterprise is seven out of ten.

Although Grit is a tool code code migration and management of technical debt for large chunks of work, we reviewed Grit from the use case of assisting in faster remediation of vulnerable libraries. We examined 3 areas and how we could use the synergy of Grit.io along with Snyk.io that helps overcome Snyk's limitations:

1. Deep scanning and reachability analysis

2. Management of auto-generated Pull Requests (PRs)

3. Reduction of false positives

I'm connected and had interactions with the founder Mr. Morgante Pell, while I designed a comprehensive synergistic solution, and I wrote a 35+ page technical paper on this topic.

Large organizations with hundreds of development teams and tens of thousands of code repositories face challenges in efficiently identifying and remediating potential vulnerabilities within third-party libraries across numerous projects. Manual scanning and updating is time-consuming, error-prone, and can lead to delays in addressing security risks.

While Grit.io is not primarily a vulnerability scanner, its pattern-matching and code transformation capabilities can be adapted for mass identification and remediation of vulnerable libraries.

For each of these 3 areas listed above, we examined how Grit.io's unique features can complement Snyk.io's capabilities, resulting in a more robust and efficient security scanning process. We realize This synergistic approach addresses the limitations of relying solely on Snyk.io, resulting in improved code security and reduced risk of overlooking critical vulnerabilities.

The limitations of security scanning tools like Snyk.io represent real challenges faced by development teams on a daily basis. These limitations can lead to:

- Missed vulnerabilities in complex code structures

- Overwhelming numbers of auto-generated PRs, causing developer fatigue

- High rates of false positives, leading to wasted time and resources

We considered implementing Grit into our pipelines to address these specific scenarios for code security, though Grit isn't a security tool:

- Custom Rules and Pattern Creation

- Remediation Pattern Creation

- Automated Code Updates

- Custom Pattern Recognition

- Pull Request Generation

- and others

1. Grit.io's flexibility allows for custom rules and patterns to identify vulnerable libraries, extending its use beyond traditional refactoring tasks.

2. Automated pull requests streamline the remediation process, facilitating efficient mass updates across multiple repositories.

3. While not a replacement for dedicated security tools, Grit.io can be a valuable addition to a large organization's security toolkit for vulnerability identification and remediation.

4. The approach offers significant benefits in terms of efficiency, consistency, and proactive security management, particularly valuable for organizations with large, distributed development teams.

I asked very specific questions to Mr. Pell about consideration of code security scenarios in pattern design and rules, specifically that tuned with OWASP Top 10. I believe addition of code security focus can be a value-add, though the way Grit architecture is designed and how it works, it is and may not become an alternative choice of code security solutions. Rather, it must be treated as a powerful supplementary tool that augments the existing code security solutions (such as Snyk or Checkmarx) in a DevSecOps or Secure DevOps environment.

Anyone interested in learning more on this front or have queries, can get in touch with me for a consulting.

Our internal comprehensive evaluation of Grit spans over 6 months to a year since our client organization considered Grit under the Accelerator program of promising AI startups back in Sep 2023. Different phases of the implementation have been conducted by various development architects spanning several scenarios. Our scenario was very specific to how Grit's AI-powered capabilities could be leveraged on code security remediations for a large tech ecosystem.