Supported Platforms & Frameworks
KICS finds security vulnerabilities, compliance issues, and infrastructure misconfigurations in the following Infrastructure as Code solutions: Terraform, Kubernetes, Docker, AWS CloudFormation, Ansible, Helm, Google Deployment Manager, AWS SAM, Microsoft ARM, Microsoft Azure Blueprints, OpenAPI 2.0 and 3.0, Pulumi, Crossplane, Knative and Serverless Framework.
Over 2400 queries are available.
Complete
KICS finds security vulnerabilities, compliance issues, and infrastructure misconfigurations in the following Infrastructure as Code solutions: Terraform, Kubernetes, Docker, AWS CloudFormation, Ansible, Microsoft ARM. 2000+ queries are available.
KICS is easy to install and run, easy to understand results, and easy to integrate into CI.
Open Source
KICS is open and will always stay such. Both the scanning engine and the security queries are clear and open for the software development community.
Extensible
From day one KICS is built for extensibility.
First, it includes over 2000 fully customizable and adjustable heuristics rules, called queries. These can be easily edited, extended, and added. Second, its robust but yet simple architecture allows quick addition of support for new Infrastructure as Code solutions.
Documentation
Explore the project documentation for quick installation and integration instructions. Or take the next step and explore the contribution options.
Contribute
KICS is a community project. It’s built as an open source from day one, and anyone can find their own way to contribute to the project.
Within just minutes, you can start making a difference, by sharing your expertise with a community of thousands of security experts and software developers.
Spread the love:
The KICS project is powered by Checkmarx, global leader of Application Security Testing.