What is our primary use case?
Our primary use case is for scanning. We have Bamboo, Nexus and Artifactory and we are able to make snapshots. When we get a pull request we're able to make another snapshot and we compare the two snapshots together and can see what is new in the pull request. We can see which libraries are there and that enables us to see the vulnerabilities. I'm an embedded software engineer.
What is most valuable?
I would say that the automatic update is a very valuable feature because we are able to update our internal data base. The pull request analysis is also very good.
What needs improvement?
The product is somewhat complicated and could be improved by simplifying it because you don't want to have to allocate one person to maintain the solution full time. We'd like to be able to deploy it and have it work. Ideally we'd like to be able to get a pull request analysis and the analysis of repositories.
I think they could definitely work on a more simplified deployment. That would improve the product. The issues are not necessarily related to the solution but possibly connected to how it was initially set up.
For how long have I used the solution?
We've been using this solution for three or four years.
What do I think about the stability of the solution?
Regarding stability, we have some issues in our product and we need to work on it. Something is wrong in the architecture, perhaps it's a bug.
How was the initial setup?
The initial setup was done before I came to the company. There are five people on our security team who discuss maintenance issues and try to solve problems.
What other advice do I have?
I would recommend this product to people although I think it is very difficult to deploy and we also have issues with maintenance.
I would rate this solution a six out of 10 in our environment. I don't think deployment was done very well in our company and that has affected the quality of the product. Perhaps if things had been done differently I would rate it an eight out of 10.