We've been using Wiz at least from Oct22 (And we do things with Wix API too, so the naming creates plenty of confusion). Cloud Engineer with Google Cloud and AWS.

It can scan a lot of stuff and give you pretty interesting insights and alerts.

And do you know what managers like? It creates Jira tickets automatically with all the findings, and they can assign them to people and say they've done their thing. We hate that because tickets appear and disappear magically in hundreds each time Wiz scans, sometimes with no obvious explanations.

But here come some of the bad things:

  - UI/UX: Terrible. It's so difficult and confusing reaching from one place to the other and finding stuff that you had open just instants ago. Slow too. I've seen the security people do nice filters and search queries but it's not intuitive at all.
  - Doesn't support very basic features. For example, in Docker Hub they don't support scanning full organizations or using organizational tokens for scanning individual repositories. They personally told me in our support channel that they were looking into it... in April 2023. Still waiting. (The API is slightly different than a regular Docker Hub public repo but, come on, an enterprise security tool that doesn't support connecting to a Docker Hub org... that's just silly)
  - Closed docs. You can only check the docs if logged in. I hate that and also limits the work with people that's not a Wiz user.
  - Terraform provider:
    It's quite limited, that means you need A LOT of manual work to integrate stuff with their scanners
    It's changelog URL doesn't work, so good luck with knowing when features appear or when you get breaking changes
    No source AFAIK, you just get a binary. Good luck.
  - Pricing. Can't remember the specifics but I hear a lot of complaints about how expensive they are. Also, no public pricing.