Wiz Code Reviews

The main use case for Wiz Code is its unique selling proposition, which is the dashboarding. What you want is to see what is wrong within your environment, and that is where Wiz Code picks up the market value with a unified dashboard for all your code-to-cloud issues under a single umbrella, something missing in other products like Prisma Cloud or Aquasec. Aquasec does not have DAST and does not compete with the entire solution, while Prisma Cloud does DAST but lacks in dashboarding and recategorization of the vulnerabilities, which is the USP of Wiz Code.

The best features of Wiz Code that I appreciate the most include their entire dashboarding and the seamless integration with different DevOps tooling like GitHub or Azure DevOps. It seamlessly integrates, allowing you to run scanners directly onto the machines without consuming too many resources, and the recategorization of vulnerabilities is absolutely wonderful, giving you a complete attack path, which is something I love about Wiz Code because it details the entire lateral movement of the issue, whether it is a complete shift-left or shift-right, serving as the differentiators compared to other tools in the market.

When I talk about ROI with Wiz Code, it almost cuts you down to 20% to 25% of the daily effort needed in terms of FTE. If you are working with around 100 developers or engineers, you might come down to 60 to 70 engineers, with the rest completely automated by removing false positives, showcasing where the USP comes in.

The areas that have room for improvement in Wiz Code are their IaC policies, which require a little more maturity. When discussing IaC policies, you want to ensure engineers cannot merge anything non-compliant to your environment, and they need to streamline these with different cloud service providers, as every cloud has its own policies, such as Azure's policies. They need to mature their IaC policies and provide more custom policies for better integration.

Aside from the policies, that is the main area for improvement.

I started using Wiz Code as part of one of the client engagements where they wanted to do some market research around the SaaS, DAST, IaC, and container scanning tools. From that point in time, I have been using this for more than a year.

In terms of stability, I rate it a nine, as I did not observe any instability within the product. The best part is that their entire solution is built on APIs, allowing for easy integration without a codeless approach.

For scalability, I rate it nine.

I would rate the technical support of Wiz Code an eight. It is not bad, but the response time or RTO is longer than expected, indicating where they need to improve.

In terms of deployment, I would not say there were any challenges. The documentation is absolutely excellent and easy to follow, although they have locked the documentation, requiring minimum access called document reader, which is available only if you take a solution from them.

The deployment took just a day. You only need to be ready with your service principal to authenticate your environment, and then you can onboard the entire system, where results typically need at least 24 to 48 hours to start populating on the dashboard, but integration is quite seamless.

During my POC, I observed that the automated code reviews reduce human error by approximately 47%, which is the exact number we found out, reflecting a 50-50 ratio.

Regarding pricing, I would say that the pricing model is a little bit hefty on the pocket. For instance, Wiz Code scans your containers twice, first during runtime and then during shift-left when you build the Kubernetes manifest, which causes Wiz Code to charge separately for running the agent on the containers to give runtime posture, as well as for scanning images in the environment during shift-left, which I feel is not good for the client, although I understand it is a marketing strategy.

My thoughts on Wiz Code's error detection feature is that it is an add-on that makes life easier. Though I personally did not find it a path-breaking solution, it adds value where you are already getting the ROI of the product.

My thoughts on the real-time code tracking in Wiz Code is that it is very important because you cannot expect developers to use a repo on a daily basis, as there can be a release cycle for each application causing some days when the repo is dormant, making shift-left only applicable when you trigger the pipeline. That is where agentless scanning comes into play to ensure you have a continuous state of your repository, especially for picking up zero-day vulnerabilities which can pop up within 15 to 20 days.

If you ask me for advice regarding Wiz Code, I would definitely recommend it. Google already bought Wiz Code in a 32 billion dollar deal, improving it significantly, but it still depends on how customers choose to use it. If you want a single view of your entire code-to-cloud, then Wiz Code is the product, but for more mature needs in CSPM, CWPP, ASPM, or DSPM, you may need a POC to determine the best fit for your environment.

Approximately, we had a team strength of about 2,000 to 2,500 developers using Wiz Code.

Wiz Code does not require any maintenance unless it is an on-prem solution where you are managing the underlying machine within your environment.

I would rate this review overall a 9.5.

I have been using Wiz Code for the past one and a half years.

The main use case for Wiz Code is to write the security guardrails for our environment. For example, I need to write infrastructure guardrails such as S3 buckets must not be public, security groups must not allow 0.0.0.0 on SSH port 22, and RDS databases must have encryption enabled. These are examples for which we use Wiz Code to write these guardrails.

We also use Wiz Code to write Identity and Access Management guardrails such as detecting overly permissive permissions. For instance, no IAM policy should contain action star, and no role should have administrator access unless approved. Cross-account trust relationships must be justified.

Some of the best features Wiz Code offers is code-to-cloud mapping. Most tools will tell us that you have a vulnerable package, but Wiz tells us this vulnerable package is running in a production workload that is internet-facing and has access to sensitive data. This context dramatically improves the prioritization because I can focus on exploitable risk instead of thousands of theoretical findings. For AWS environments, this is extremely useful. Wiz Code can scan Terraform, CloudFormation, Kubernetes manifests, and can catch issues before deployment such as public S3 buckets, unencrypted databases, overly permissive security groups, containers running as root, and hardcoded secrets. This is where I can codify architecture standards into enforceable controls. The ability to define guardrails and fail builds is a major strength.

One of the best features I have been using day to day, which is the lowest effort win, is finding AWS keys, tokens, passwords, and certificates before they hit GitHub or production, which prevents many incidents. There is a unique capability in Wiz Code that instead of viewing cloud findings, vulnerability findings, IAM findings, and code findings in separate tools, Wiz Code correlates them through its security graph, allowing us to trace an issue from code all the way to the business impact. This is where I think Wiz Code is the strongest.

Wiz Code provides a unified developer experience where developers can see findings in IDEs, pull requests in GitHub, and in CI/CD pipelines, which reduces the back-and-forth effort. Wiz Code has impacted the organization positively by providing these features, the ease of work, and all these security graph correlation, unified developer experience, secrets detection, and security policies that block bad deployments. With all these, it has actually helped us prevent a lot of vulnerabilities in the environment, which has had a positive impact on the organization. The incident count has reduced almost 35 to 40 percent with the Wiz Code guardrails that we have been using for a long time now.

First, Wiz Code's areas of improvement can be better architecture-aware analysis. Today, most findings are resource-centric; for example, a security group is public, an IAM role is over-permissive, or an S3 bucket is exposed. What architects want is for Wiz Code to understand that this design violates the organization's reference architecture and to identify deviations from approved patterns such as hub-and-spoke networking and shared services. It would be beneficial to move from configuration review to architecture review.

Another improvement area is that many organizations struggle to translate security standards into policies, so Wiz Code could generate and validate the policy automatically. That would actually benefit the organization in faster guardrail creation and maintenance. Imagine uploading Terraform architecture diagrams and design documents and asking Wiz Code to review this architecture against enterprise security standards; the output could include risks, missing controls, compensating controls, and recommended guardrails, bridging architecture governance and automated security. This point needs to be worked on and improved by Wiz Code.

From Wiz Code's AI capabilities, I would say Wiz Code has been investing heavily in AI-driven workflows, security agents, remediation, guidance, and AI-powered investigation. I appreciate that AI recommendations are grounded in actual cloud context, and they can trace risk from code to cloud to resource to exposure. There are areas of improvement; more architecture-level reasoning is required, better explanations of why a design violates the enterprise standards, and more what-if analysis before deployment. Governance is the area where Wiz Code actually shines; for large enterprises, governance is not just finding vulnerabilities; it includes ownership, accountability, exceptions, policies, risk acceptance, and auditability. For a financial bank, the most valuable governance capabilities are mapping risk to business owners, consistent guardrails across cloud accounts, evidence for auditors, policy-driven enforcement, and risk prioritization based on context. Security is, again, Wiz Code's strongest area.

I rate the accuracy and reliability as good, but not yet at a level where I trust it without validation. It does well with security explanations; the AI is quite good at explaining why a finding matters, potential attack paths, impact to cloud resources, and security best practices. For example, if it finds a public S3 bucket, overly permissive IAM roles, or public security group, the explanations are usually accurate and aligned with security principles. The remediation suggestions for common issues such as restricting IAM permissions, enabling encryption, and removing public exposure save engineers time because they do not have to research the fix themselves. However, I am cautious with least privilege recommendations because the AI may suggest removing permissions or tightening IAM policies, but it does not always fully understand business requirements, operational dependencies, and future use cases. As an architect, I never approve IAM changes solely based on AI output. Additionally, complex architecture decisions such as shared VPC models can be problematic; AI often lacks the broader organizational context needed to judge whether a design is appropriate, and it might recommend practices that do not align with organization-approved patterns.

I have been using Wiz Code for the past one and a half years.

Wiz Code is really stable.

Wiz Code scales quite well from an enterprise perspective, and I would consider scalability one of its stronger attributes. When evaluating scalability, I look at repository scalability; Wiz Code is designed to integrate with major SCM platforms and can scan thousands of repositories across multiple business units and development teams. Secondly, in terms of cloud environment scalability, this is where Wiz Code generally excels, being built to handle thousands of AWS accounts, multi-cloud environments, and millions of cloud resources. The code-to-cloud correlation capability benefits from this large-scale architecture.

Customer support is really helpful with immediate responses and quick turnaround times.

Before Wiz Code, the security team manually correlated the cloud assets, vulnerabilities, IAM permissions, and internet exposure, with critical issues identified in five days. Now, with the security graph automatically correlating findings, critical issues are identified in 30 minutes, resulting in a 90 percent plus reduction in investigation effort. There is also a reduction in security review effort relevant to the architecture review role, where previously three hours were needed for security review and 20 manual checks; now, Wiz Code validates all this and does it for us.

I was not actively involved in the setup cost and licensing, but I definitely know the pricing was something good given the usage and benefits it provides. I would say the pricing is not too high.

My team evaluated Palo Alto Networks Prisma Cloud, Microsoft Defender for Cloud, Checkmarx One, and Snyk when choosing Wiz Code.

One must give some time to using Wiz Code initially, and they will definitely have a positive experience with using it. Wiz Code was purchased through the AWS Marketplace. Wiz Code is deployed in my organization on public cloud. AWS is our cloud provider. I rate this product 8 out of 10.

Wiz Code is used for vulnerability management by scheduling a scan for the entire infrastructure, then exporting the report and sharing it with the remediation team. Sometimes, zero-day vulnerabilities are discovered, and remediation steps are checked to see if they have been released. The scan status for scheduled or on-demand scans is monitored, and once a scan is complete, verification is performed to ensure correct data is being retrieved. The main use case for Wiz Code is vulnerability management for infrastructure.

Wiz Code offers minimum false positive vulnerabilities, which is the best feature and meets expectations for the tool. Another valuable feature is remediation, where remediation steps are provided and remediation status can be tracked.

The remediation tracking helps the workflow by making it faster to track and making remediation easier. For example, one report is created for everything, and then the steps for remediation are provided.

Scanning in Wiz Code takes a lot of time. When running 50, 100, or 1,000 assets at one time, it takes nine or ten hours, and the reason is unclear. If the scanning time could be improved, it would be helpful.

Slowness is sometimes experienced when accessing Wiz Code, which is on the cloud. Connection timeout errors occur sometimes, and sometimes it is not available, so that needs to be resolved. Feature-wise, compared to zero-day vulnerability remediation steps, remediation steps are received faster on Qualys and Tenable. In Wiz Code, it takes five, six, or seven days, and zero-day vulnerability remediation steps are not provided that quickly.

Wiz Code has been used for the last two years.

Wiz Code is stable now.

Wiz Code's scalability is good now.

Timely responses from customer support for Wiz Code are not being received. Service requests are raised, but proper responses are not provided. It takes 24 to 48 hours to get a response, even after asking for updates multiple times, so customer support needs to be improved.

Tenable was used previously, and the management decided to switch to Wiz Code because it was costly. The decision was made to go with Wiz Code as a more affordable alternative.

A return on investment has been seen with Wiz Code, as it is money-saving. Management provided the update that it is money-saving.

Before choosing Wiz Code, Tenable Security Center was evaluated, and the decision was made to go with Wiz Code.

Wiz Code's implementation positively impacted the organization, and the decision to go with it was made because of the billing. Feature-wise, it is not much different, but the billing is impacting. Tenable and Qualys are more costly compared to Wiz Code, which is why the organization decided to go with Wiz Code.

Wiz Code has a feature for the dashboard, and dashboards are created to give the status for business metrics. These metrics include what the critical assets are, how many worldwide spread vulnerabilities there are, how many assets per location, what the remediation is, how old the vulnerabilities are, and how many are end of life. The dashboard is very easy to create and creates a business metrics overview for everyone to see what the risk is in the organization. The metrics feature is very good.

Wiz Code's governance and security regarding AI capabilities are pretty good, and there is no issue with that.

The accuracy of Wiz Code is understood to be up to 95% or 96%.

If you are mostly on the cloud, Wiz Code is recommended. If you are mostly on-premises, it is not recommended.

This review receives a rating of 8.

My main use case for Wiz Code is to detect vulnerabilities, findings, and issues in our cloud environment. It detects our AWS account, Azure, and GCP as well, scanning all our cloud accounts and detecting misconfigurations. Based on severity—high, low, medium—we find those issues and solve them accordingly, identifying the root cause of those things.

In our cloud environment, we have detected issues with ECS services, where our main part is to develop code and policies. One thing we noticed in the ECS service was that a role had high permissions, meaning it had more than necessary access. We solved that issue by remediating it and sharing our information with the cloud team.

As part of these past six months, I have concentrated on my contribution to the team, focusing on Wiz Code policies and concurrently working on the forensics feature in Wiz Code. For the forensics feature, we create a cross-account IAM role. If we have 100 AWS accounts, there are many issues found at the snapshot level and in EC2 instances. Wiz Code has a feature called Wiz forensics, which copies the EC2 volumes from the source account to the forensic account, allowing us to investigate all the findings. To do this, we need to create a cross-account IAM role and think about following the least privilege policy. Recently, I worked on the Wiz Code forensics feature.

Wiz Code offers many benefits. It is a cloud security tool that is essential nowadays, helping significantly in my day-to-day activities. It detects misconfigurations and shows them in the Wiz Code UI, and it also provides features such as dashboards and widgets, allowing us to create customized dashboards for our requirements and set alerts as needed.

I have customized the dashboards. Recently, I'm doing some research and development on Wiz Code dashboards and reviewing videos on creating them.

Wiz Code has made things easier because whenever we write any cloud configuration rule, it detects issues across all AWS accounts. For example, if an employee creates an S3 bucket in public mode when it should be private, Wiz Code has a feature called Cloud Matcher in a cloud configuration rule that catches this misconfiguration. It provides details such as the account name, the S3 bucket name, when the issue was issued, and the IAM user involved, all of which are shown in the Wiz Code UI under the issues section.

Using Wiz Code has led to significant measurable improvements for our organization. For example, the graph controls feature allows us to create a security query that detects misconfigurations and indicates the stage at which issues occur. This feature shows everything end-to-end in a security graph, identifying what is affected and the root cause of the issue.

Wiz Code has many features, and I think they could continue to enhance customization according to our requirements.

I have been using Wiz Code for the past six to eight months.

Wiz Code is stable, and we can customize it according to our requirements.

For scalability, we can adapt Wiz Code based on our specific needs.

The customer support is good. Whenever we encounter any blockers or require information or permission issues in Wiz Code, they promptly address our tickets.

I did not use any other solution before Wiz Code. Previously, I was involved in another project that was a DevOps project.

I have used the AWS cloud provider with cloud connectors to connect our cloud with Wiz Code. Specific roles and permissions are needed to deploy the Wiz Code scanner role, and these roles are created in both our environment and the Wiz Code AWS account for integration.

There is a business relationship with the vendor, as there is a bond from our organization according to information I heard from my teammates.

Using Wiz Code has been a worthy investment. Manually checking all 100 AWS accounts for issues would take an immense amount of time, but Wiz Code allows us to scan all accounts within minutes and continuously monitors our cloud environment every 24 hours, displaying any changes in the Wiz Code UI under the issues and threats section.

I don't have any idea about the licensing and pricing specifics as I believe that is handled in the backend, but I suspect that acquiring a Wiz Code tenant subscription involves significant cost.

I did not evaluate other options before choosing Wiz Code, as I was switching to another project that used Wiz Code. I wanted to explore learning new skills in this field.

There is a business relationship with the vendor, as there is a bond from our organization according to information I heard from my teammates.

Wiz Code significantly aids in my day-to-day activities. I would rate this product eight out of ten, and I don't have any further additional thoughts on this session.

Folks deploying infrastructure with Terraform code need to verify that those deployments do not have vulnerability concerns, and if they do, they need to be remediated, which is the main use case for Wiz Code.

The best features with Wiz Code give you a reasonable picture when it comes to vulnerabilities, which means you see the usual severity levels. You also get to see references on how to remediate vulnerabilities. The fact that it has a visual dashboard helps all stakeholders, especially folks who need to remediate, to get that picture correctly and then take action. You know exactly how to track SLAs, which is another great feature. Those features make the tool useful for most people.

It has been quite easy to get visibility into the vulnerabilities and what steps need to be taken. The fact that you get something in real-time means you can plan to either remediate in real-time or put that as an action to remediate. Overall, Wiz Code improves your workflow efficiency to more than average.

I have a big improvement in mind for Wiz Code, not a small improvement. When I look at tools such as vulnerability detection tools, I focus on how the reporting could help fast-track risk mitigations. I don't want folks to just look at the severity rating, whether it's critical, high, or medium. I would love to see how that presents a risk. Meaning that if a particular vulnerability is compromised, it could be a low severity, but if it's compromised, what business impact does it have? With capabilities we have in AI and other technologies, I think we could do much more than just sharing vulnerability ratings or severity ratings for folks to act on. That approach is outdated. Something that communicates the value would make sense and could help drive or change habits. That's what I'm thinking, and that's why I say it's a big one, not just something small.

I have used Wiz Code for about three years now.

Wiz Code is reasonably cool in terms of stability overall.

Wiz Code is scalable.

The support from Wiz Code is incredible. I don't give anyone a 10 in the first place, frankly, but I think a nine will look good. Wiz has done incredibly well. They've set up regular connects with the team, they share new updates, and they want to get feedback in terms of what we think could be done differently. Those sessions actually help. If you need them to jump on a call to resolve an issue, they are always available. That's why I give them a nine.

Positive

I did use other solutions before choosing Wiz Code for this, specifically InsightVM. InsightVM has some capabilities I've used in the past as well. However, I wouldn't say I've used InsightVM the way I currently use Wiz Code. I can't really judge or compare the difference between the two. I'm sure InsightVM or Rapid7 has improved on its offerings since when I used it.

The metric regarding automated code reviews is something I have not captured, but it's a good metric.

I do use Wiz Code's real-time code tracking.

From my perspective, I think it's positive, but for folks who need to remediate and have old habits when it comes to software development, it might be a big concern. Ultimately, it helps everyone because you have that visibility and you can take action within a sprint because of that visibility. If you can act right away, you can capture that as part of your sprint planning and remediate promptly. It's a good feature. However, I speak from a security perspective. For a product team, it could be a lot to handle. With creating the right habits over time, it becomes an advantage for everyone.

I have never had to think about Wiz Code's error detection feature for improving code quality.

I do not use the analytics tools within Wiz Code. I may know this tool by a different term, but I need clarification on what the analytics tool encompasses.

I have no idea of the pricing for Wiz Code. I have no knowledge of current pricing.

To rate Wiz Code, I need to think of some baseline, but I don't really have any baseline. When I consider the support they offer, which is fantastic, and how reliable the tool is, I could give them a rating of eight.

I am an end user of Wiz Code and I use it for personal projects.

I use Wiz Code for Kubernetes baseline and for security CNAPP projects.

As a security engineer using Wiz Code, I can say that when running my Kubernetes on the AWS cloud and on Azure, I haven't had any errors, so my production teams operate smoothly with a zero failure rate.

From the Kubernetes baseline focus I have with Wiz Code, I think it's perfect, and from the CNAPP focus, it has been serving me exceptionally with zero failure rate since I've been using it.

I have strong models that I work with when setting up Wiz Code; I use AI to enhance my security projects, so most of the challenges I face, I fix from a security engineering perspective, and the installation process was smooth.

I use Wiz Code on-premises because I work with Active Directory, while I do have a cloud that I'm running on Azure, but I'm considering deploying most of my EC2 instances on AWS while thinking about the pricing.

Throughout my years of experience with Wiz Code, I've explored a wide range of resources, and I haven't had issues with the exploration resources, plus it's flexible. I have used Wiz Code for over two years now, and I haven't had any failures.

I appreciate how Wiz Code approaches insecure default detection, IAC, and runtime visibility, as well as Kubernetes misconfiguration analysis, and I value the developer-focused remediation guidance and integration into broader cloud security operations; these are my honest technical feedback based on a practitioner's perspective.

The pricing of Wiz Code is a bit high for some beginner's level and intermediate users, but I think it's quite affordable for now.

I haven't really explored the scalability of Wiz Code yet, but I'm looking to explore it on the production side for my DevSec project scheduled to start in about two weeks from now.

The pricing of Wiz Code is a little bit higher for small enterprises that I run, but it's something that I can manage.

I have been using Wiz Code for about two years now.

I have used Wiz Code for over two years now, and I haven't had any failures.

From the CNAPP focus, it has been serving me exceptionally with zero failure rate since I've been using it.

I haven't really explored the scalability of Wiz Code yet, but I'm looking to explore it on the production side for my DevSec project scheduled to start in about two weeks from now.

This is my first time communicating with the technical support of Wiz Code.

I haven't used a different solution for the same use cases before Wiz Code; it came to me highly recommended, and I am comfortable and satisfied with the services I receive.

I have strong models that I work with when setting up Wiz Code; I use AI to enhance my security projects, so most of the challenges I face, I fix from a security engineering perspective, and the installation process was smooth.

I haven't used any official documentation, guides, or manuals for Wiz Code.

For now, I haven't considered a second choice other than Wiz Code; I am satisfied with the services I am getting, with my only challenge being the pricing.

When I researched options, Wiz Code came at the top of my list, and I haven't looked elsewhere ever since then.

I have projects scheduled for production with Wiz Code that I will be exploring this month, specifically in two weeks' time.

When I explore more on my upcoming project with Wiz Code, I will always provide feedback on whatever I notice.

The flexibility of Wiz Code made me choose it over other options; for a small enterprise such as myself, the pricing was flexible and affordable, and the user interface fits well with the project I am working on. I give this review a rating of 8.5 out of 10.

Wiz Code is designed for scanning code repositories for vulnerabilities, whether through static scans, dynamic security scans, or by identifying vulnerabilities in third-party libraries. Overall, it's a complete package that can help scan code repositories and code bases while flagging findings that are not beneficial for organizations.

We have integrated Wiz Code with our GitHub repositories and have been tracking the findings. With real-time code tracking, developers and security engineers from our team are able to see findings and misconfigurations within the code in real-time, and they can reach out to specific developers for remediation of those findings.

Automated code reviews are something we have in process. We have developed a CI/CD pipeline automation that can be integrated with the code repository and utilize Wiz Code for this purpose, so that pull requests can be triggered to lead to automatic remediation. However, this is specific to organizational needs. Some teams do require prior review before implementing any changes, whether minor or major, and they do require proper peer review for those pull requests. As far as automations are concerned, we have tested this within our environment, but it is specific to developer and team needs.

Wiz Code is itself a feature. Apart from Wiz, these are the specific features that Wiz Code has introduced. Earlier it was a single bundle package, but once Wiz was acquired by Google, they have separate SKUs, and Wiz Code is one of them. The feature itself is for code repositories.

As far as innovations are concerned, getting security on a single platform with respect to all findings, whether static findings, dynamic findings, secrets findings, or third-party library dependency findings, helps at a broader level when it comes to innovation. As a developer, I do not need to use different tools. Earlier in a traditional method, I used to rely on different tools for third-party library dependency findings, static findings, and dynamic findings. Wiz Code is a platform that serves most of these features as a single entity, which has definitely reduced the time for triaging the security aspects of vulnerabilities and helps in overall innovation for the team.

Every tool has some sort of improvement required. No tool can be said to be one hundred percent secure, so there's always a scope for improvement. When it comes to Wiz Code, how they are ingesting the metadata with respect to the integrated platform is something they can improve upon. In fact, they have already started working on this and are continuously improving those data ingestion parts with the integrated platform, whether GitHub, Bitbucket, or GitLab. Whatever information the platform is ingesting can be further used for automation as well. If I want to create some sort of policy by ingesting those data, I can do that. However, that requires visibility to the API that can support these integrations. In summary, there is a good scope for improvement for this platform.

Metadata ingestion and probably the integration of Wiz Code platform is something which is missing. They are already working on that. With the advancement of GenAI and AI, most vendors are in the AI race, and they want to make sure they are supportable for other platforms that are currently used in vibe coding. This is something I think Wiz Code can work on, making those integrations accessible for vendors available in the market.

I have been working with Wiz Code for approximately one year.

I haven't used much technical support specific to Wiz Code, but overall, as far as technical support and customer success interaction are concerned, I would say it is good. I do not have a very bad experience with those folks.

The initial setup for Wiz Code is most straightforward.

The topic of their pricing is confidential, which I'm not authorized to share. However, it is a bit expensive, but that depends on how broad your organization is and what your use case is. If you are a small scale enterprise organization, you probably would not pay such a hefty amount of money to protect your organization. However, if you're a big organization, if the organization is a large-scale enterprise organization and it's a reputable organization, then probably if you get most of the things in a single platform, then you do some trade-offs. In summary, it depends on where or what organization you're from and what your use case is.

I'm working with Wiz Code as well, but I just wanted to understand why you are asking these specific questions. Do you want a review on a certain product?

There are some Check Point products still used in my company, but that would be specific.

I would rate this review at eight point five out of ten.

We are using Wiz Code for cloud security across AWS, Google Cloud Platform, and Azure. We utilize Wiz Code for vulnerability scanning and misconfiguration issue detection across all three cloud platforms.

For vulnerability management with Wiz Code, we perform daily checks for vulnerabilities and receive CVEs, which we then provide to appropriate teams for remediation guidance. Regarding misconfigurations, we primarily focus on IAMs. If any extra privileges exist with any users, we work with the team to fix these issues.

Wiz Code is very useful for us because it is agentless, so it does not require attention for storage issues on VMs or Kubernetes. It is very useful and supports cloud environments such as Amazon Web Services, Microsoft Azure, and Google Cloud. We use this for identity management, misconfiguration issues, and CSPM security posture management.

CSPM is a cloud security posture management feature in Wiz Code. We review the percentage metrics in Wiz Code, and when we identify anomalies or vulnerabilities and fix them, we follow the score on Wiz Code.

Previously, we identified over 500,000 vulnerabilities before Wiz Code. After implementing Wiz Code, we identified more vulnerabilities and misconfiguration issues but reduced the score significantly. Now we identify only 200,000 vulnerabilities, which means Wiz Code helped us reduce 300,000 vulnerabilities in our organization.

First of all, Wiz Code has given us more accurate results. When we identify vulnerabilities, we review that vulnerability and CVE, check publicly affected vulnerabilities in our organization, and determine which VMs are affected. We segregate the data based on CVE codes and work with other teams to remediate these vulnerabilities or address OS upgrades and end-of-life issues.

The AI capabilities in Wiz Code are a very good feature. Employees working on this will get more remediations and detailed remediation guidance. If some tools provide a vulnerability list without remediation guidance, Wiz Code reduces the load of searching for remediation information. For governance and security, Wiz Code is very helpful. It scans everything and provides really deep scans, identifying more vulnerabilities than other tools can find. Vulnerability management is my primary focus, and Wiz Code is a very good tool for this.

There are many improvements that could be made to Wiz Code, but I would point out that sometimes it gives false results, though not every time. We know that Wiz Code scans our environment once a day. If it scanned twice a day, that would be more accurate. This is a suggestion from my side.

I have been using Wiz Code for the past two and a half years.

I did not participate in the integration part as my senior handled those tasks, but I heard that the integration was very easy for any organization.

It is very easy to use, especially the dashboards and everything. We have created many dashboards in Wiz Code for our utilization. We use Wiz Code dashboards and queries daily to identify vulnerabilities.

I would say that they are very responsive. When we initiate a case for Wiz Code customer support, they immediately respond and contact us to help reduce that issue and address any possibilities. It is very good.

Previously we used Rapid7, and now we are using Defender. Wiz Code is better than both Defender and Rapid7 and gives more accurate results.

It is very easy to pick up on this new tool, and Wiz Code is very useful and easy to learn and apply in our day-to-day work. We plan to keep Wiz Code for a long time with our subscription through 2030. Wiz Code is a good tool that gives accurate results for our environment and is very useful and user-friendly for employees. Overall, Wiz Code is a very good tool to use in any organization, whether mid-level or high-level. Wiz Code fits any organization. I have given this tool a rating of nine out of ten.

My main use case for Wiz Code is for application security, to scan vulnerabilities and prioritize the vulnerabilities based on results.

When a new vulnerability is published, I review the findings from Wiz Code and see if we are exposed with our versions we are using, and if we need to upgrade, what version, and what priority it needs to be based on the risk there.

The best features Wiz Code offers are the threat vulnerability picture and view by repository.

I value the vulnerability picture and the repository view because they help me to see all the vulnerabilities we have and to prioritize them.

Wiz Code has positively impacted our organization as it helped us to maintain a healthy application security side of the company and to remediate our vulnerabilities. Since using Wiz Code, we have reduced the number of our vulnerabilities by 50%, criticals by 90%, so we are very satisfied with it.

Wiz Code could be improved by showing us the dependencies that are affecting us; if we are upgrading one dependency, it would be helpful to know if down the road that's going to cause any problems with other dependencies.

I have been using Wiz Code for more than six months.

Regarding Wiz Code's AI capabilities, I think its governance and security are very good; we are satisfied with the green and red events.

I think the accuracy and reliability of output from Wiz Code is approximately 95% accurate. I would rate this review a 9.

My main use case for Wiz Code is for vulnerabilities. I receive a specific vulnerability from some assets, and I analyze and try to verify if they are positives or false positives. In general, all of my work regarding Wiz Code involves vulnerabilities.

Wiz Code's cloud part is good; I am able to see the IDs, the assets, and the information, which in general makes it easier to find where the vulnerability is. The organization of the data helps me find where the vulnerability is; I don't really use the dashboard much.

The AI feature is the other part that I like most with Wiz Code; it helps a lot and makes it easier to search for something. For example, if I need to do some query to look up a specific vulnerability or assets, it is easier.

Wiz Code has positively impacted my organization because it is better on a daily basis. We receive new cases, and it is easy to analyze and take care of them. It made things easier in that we receive a specific vulnerability, and if I select that one, we are able to see everything regarding the vulnerability, the asset, and the owners, for example.

The dashboards can be better; we have dashboards, but they are really complex and have a lot of information.

I have been working in my current field for almost three years.

Wiz Code is stable with no downtime or reliability issues.

Wiz Code's scalability can handle growth or increased workload well.

I have never reached out to Wiz Code's customer support, so I don't have experience with that.

I did not previously use a different solution before Wiz Code.

I don't have much experience with pricing, setup cost, and licensing because my company bought it, so I just use it for free.

I didn't evaluate other options before choosing Wiz Code.

I think Wiz Code is pretty much better right now. I only use it for what is already specified. I don't know what advice I would give to others looking into using Wiz Code because I think we use it more for company work and I don't know how much I would use it privately since this is more a company tool. I would rate my overall experience with Wiz Code as a nine out of ten.