Folks deploying infrastructure with Terraform code need to verify that those deployments do not have vulnerability concerns, and if they do, they need to be remediated, which is the main use case for Wiz Code.

The best features with Wiz Code give you a reasonable picture when it comes to vulnerabilities, which means you see the usual severity levels. You also get to see references on how to remediate vulnerabilities. The fact that it has a visual dashboard helps all stakeholders, especially folks who need to remediate, to get that picture correctly and then take action. You know exactly how to track SLAs, which is another great feature. Those features make the tool useful for most people.

It has been quite easy to get visibility into the vulnerabilities and what steps need to be taken. The fact that you get something in real-time means you can plan to either remediate in real-time or put that as an action to remediate. Overall, Wiz Code improves your workflow efficiency to more than average.

I have a big improvement in mind for Wiz Code, not a small improvement. When I look at tools such as vulnerability detection tools, I focus on how the reporting could help fast-track risk mitigations. I don't want folks to just look at the severity rating, whether it's critical, high, or medium. I would love to see how that presents a risk. Meaning that if a particular vulnerability is compromised, it could be a low severity, but if it's compromised, what business impact does it have? With capabilities we have in AI and other technologies, I think we could do much more than just sharing vulnerability ratings or severity ratings for folks to act on. That approach is outdated. Something that communicates the value would make sense and could help drive or change habits. That's what I'm thinking, and that's why I say it's a big one, not just something small.

I have used Wiz Code for about three years now.

Wiz Code is reasonably cool in terms of stability overall.

Wiz Code is scalable.

The support from Wiz Code is incredible. I don't give anyone a 10 in the first place, frankly, but I think a nine will look good. Wiz has done incredibly well. They've set up regular connects with the team, they share new updates, and they want to get feedback in terms of what we think could be done differently. Those sessions actually help. If you need them to jump on a call to resolve an issue, they are always available. That's why I give them a nine.

Positive

I did use other solutions before choosing Wiz Code for this, specifically InsightVM. InsightVM has some capabilities I've used in the past as well. However, I wouldn't say I've used InsightVM the way I currently use Wiz Code. I can't really judge or compare the difference between the two. I'm sure InsightVM or Rapid7 has improved on its offerings since when I used it.

The metric regarding automated code reviews is something I have not captured, but it's a good metric.

I do use Wiz Code's real-time code tracking.

From my perspective, I think it's positive, but for folks who need to remediate and have old habits when it comes to software development, it might be a big concern. Ultimately, it helps everyone because you have that visibility and you can take action within a sprint because of that visibility. If you can act right away, you can capture that as part of your sprint planning and remediate promptly. It's a good feature. However, I speak from a security perspective. For a product team, it could be a lot to handle. With creating the right habits over time, it becomes an advantage for everyone.

I have never had to think about Wiz Code's error detection feature for improving code quality.

I do not use the analytics tools within Wiz Code. I may know this tool by a different term, but I need clarification on what the analytics tool encompasses.

I have no idea of the pricing for Wiz Code. I have no knowledge of current pricing.

To rate Wiz Code, I need to think of some baseline, but I don't really have any baseline. When I consider the support they offer, which is fantastic, and how reliable the tool is, I could give them a rating of eight.

I mainly use Wiz Code to evaluate the codebase on AWS.

Wiz Code is used to run security scans on registry images as a specific example of how I evaluate my AWS codebase.

Wiz Code offers great features by providing vulnerabilities that it can detect within code.

Wiz Code detects vulnerabilities effectively through integration with the workflow while being fast and accurate.

Wiz Code takes CNAPP to the next level by offering AppSec capabilities on top of CSPM functionality.

Wiz Code has positively impacted my organization through the unified platform that gives the ability to shift left in security and detect issues before they go into production.

Wiz Code provides the ability to detect vulnerabilities within infrastructure code or the CI/CD pipeline early so that issues can be fixed before going into production.

Integration with more scans would be great, though Wiz Code is currently pretty solid as it is.

I have been using Wiz Code for about a year now.

My advice for others looking into using Wiz Code is that it is a great product if you are looking for a CNAPP solution that includes CSPM and AppSec along with CWP, providing a unified platform to see your whole code to deployment. I would rate this product an 8 out of 10.