¶ Checkmarx Kics
https://github.com/Checkmarx/kics
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
KICS stands for Keeping Infrastructure as Code Secure, it is open source and is a must-have for any cloud native project.
¶ Specification
KICS finds security vulnerabilities, compliance issues, and infrastructure misconfigurations in the following Infrastructure as Code solutions: Terraform, Kubernetes, Docker, AWS CloudFormation, Ansible, Microsoft ARM. 2000+ queries are available.
KICS is open and will always stay such. Both the scanning engine and the security queries are clear and open for the software development community.
First, it includes over 2000 fully customizable and adjustable heuristics rules, called queries. These can be easily edited, extended, and added. Second, its robust but yet simple architecture allows quick addition of support for new Infrastructure as Code solutions.
¶ How it Works
What makes KICS really powerful and popular is its built-in extensibility. This extensibility is achieved by:
- Fully customizable and adjustable heuristics rules, called queries. These can be easily edited, extended and added.
- Robust but yet simple architecture, which allows quick addition of support for new Infrastructure as Code solutions.
¶ Release process
KICS release process is quite simple. We have nightly builds that will pack and pre-release all changes merged into master. The nightly release will have a "nightly" prefix with the last commit hash code. We have binaries available for Windows, Linux and MacOS, as well as a Docker image in DockerHub