keeping infrastructure as code secure is an open source solution for static code analysis of Infrastructure as Code.

Supported Platforms & Frameworks

KICS finds security vulnerabilities, compliance issues, and infrastructure misconfigurations in the following Infrastructure as Code solutions: Terraform, Kubernetes, Docker, AWS CloudFormation, Ansible, Helm, Google Deployment Manager, AWS SAM, Microsoft ARM, Microsoft Azure Blueprints, OpenAPI 2.0 and 3.0, Pulumi, Crossplane, Knative and Serverless Framework.

Over 2400 queries are available.

HELM

Complete

KICS finds security vulnerabilities, compliance issues, and infrastructure misconfigurations in the following Infrastructure as Code solutions: Terraform, Kubernetes, Docker, AWS CloudFormation, Ansible, Microsoft ARM. 2000+ queries are available.

KICS is easy to install and run, easy to understand results, and easy to integrate into CI.

Open Source

KICS is open and will always stay such. Both the scanning engine and the security queries are clear and open for the software development community.

Extensible

From day one KICS is built for extensibility.

First, it includes over 2000 fully customizable and adjustable heuristics rules, called queries. These can be easily edited, extended, and added. Second, its robust but yet simple architecture allows quick addition of support for new Infrastructure as Code solutions.

Documentation

Explore the project documentation for quick installation and integration instructions. Or take the next step and explore the contribution options.

Contribute

KICS is a community project. It’s built as an open source from day one, and anyone can find their own way to contribute to the project.

Within just minutes, you can start making a difference, by sharing your expertise with a community of thousands of security experts and software developers.

Spread the love:

The KICS project is powered by Checkmarx, global leader of Application Security Testing.