🗂️ Navigation
📁 GitOps
📋 GitOps Security
🔧 KICS

KICS

Keeping Infrastructure as Code Secure.

Visit Website →

Overview

KICS (Keeping Infrastructure as Code Secure) is an open-source project by Checkmarx. It performs static code analysis on Infrastructure as Code files to detect security vulnerabilities, compliance violations, and misconfigurations early in the development cycle. It supports a wide range of IaC solutions and has a large library of queries.

✨ Key Features

  • Scans Terraform, Kubernetes, Docker, CloudFormation, Ansible, and more
  • Over 2000 ready-to-use queries
  • Extensible and customizable queries
  • Multiple output formats (JSON, SARIF, etc.)
  • Integration with CI/CD pipelines
  • Open source

🎯 Key Differentiators

  • Extensive library of pre-built queries
  • Broad support for a large number of IaC platforms
  • Highly extensible architecture for creating custom rules
  • Backed by a leading application security vendor (Checkmarx)

Unique Value: Provides a highly extensible and comprehensive open-source solution for securing a wide array of Infrastructure as Code technologies from the start of the development lifecycle.

🎯 Use Cases (4)

Detecting security risks in Terraform configurations. Ensuring Kubernetes manifests adhere to security best practices. Auditing Ansible playbooks for insecure configurations. Automating IaC security scanning within CI/CD.

✅ Best For

  • Integrating into a GitHub Actions workflow to scan IaC on every pull request.
  • Running locally by developers to check their code before committing.

💡 Check With Vendor

Verify these considerations match your specific requirements:

  • Scanning for vulnerabilities in application code (SAST) or open-source dependencies (SCA).

🏆 Alternatives

Checkov Terrascan tfsec Trivy

Offers one of the largest and most comprehensive sets of pre-configured security queries out-of-the-box compared to other open-source IaC scanners.

💻 Platforms

CLI API

✅ Offline Mode Available

🔌 Integrations

Jenkins GitHub Actions GitLab CI Azure DevOps VS Code SonarQube

💰 Pricing

Contact for pricing
Free Tier Available

Free tier: The open-source tool is completely free.

Visit KICS Website →

🔄 Similar Tools in GitOps Security

Snyk

A developer-first security platform for finding and fixing vulnerabilities in code, dependencies, co...

Contact

Checkov

An open-source static analysis tool for scanning infrastructure as code (IaC) files for misconfigura...

Contact

Trivy

An open-source security scanner for vulnerabilities in container images, filesystems, and Git reposi...

Contact

Terrascan

An open-source static code analyzer for IaC that helps detect security and compliance issues....

Contact

Open Policy Agent (OPA)

An open-source, general-purpose policy engine that enables unified, context-aware policy enforcement...

Contact

Kyverno

A policy engine designed specifically for Kubernetes, allowing you to manage and enforce policies as...

Contact