Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
KICS stands for K eeping I nfrastructure as C ode S ecure, it is open source and is a must-have for any cloud native project.
Supported Platforms
Beta Features
By default, Databricks, NIFCloud, and TencentCloud queries run when you scan Terraform files using KICS.
The `Severity` and `Description` of these queries are still under review.
## Getting Started
Setting up and using KICS is super-easy.
- First, see how to [install and get KICS running](docs/getting-started.md).
- Then explore KICS [output results format](docs/results.md) and quickly fix the issues detected.
Interested in more advanced stuff?
- Deep dive into KICS [queries](docs/queries.md).
- Understand how to [integrate](docs/integrations.md) KICS in your favourite CI/CD pipelines.
See [KICS documentation](https://docs.kics.io/) for more details and topics.
## How it Works
What makes KICS really powerful and popular is its built-in extensibility. This extensibility is achieved by:
- Fully customizable and adjustable heuristics rules, called [queries](docs/queries.md). These can be easily edited, extended and added.
- Robust but yet simple [architecture](docs/architecture.md), which allows quick addition of support for new Infrastructure as Code solutions.
## Community
You're welcome to join our [community](docs/community.md), talk with us on
GitHub discussions or contact KICS core team at [kics@checkmarx.com](mailto:kics@checkmarx.com).
### KICS Contributors
See our individual contributors in the [community](docs/community.md) page. You're welcome to join them by [contributing](docs/CONTRIBUTING.md) to KICS.
We also like to thank the following organizations for their ongoing contribution:
- [Checkmarx](https://checkmarx.com/)
- [Bedrock Streaming](https://bedrockstreaming.com/) (since v1.4.8)
- [Dynatrace](https://www.dynatrace.com/) (since v1.5.1)
- [Orca Security](https://orca.security/) (since v1.5.10)
### KICS Users
KICS is used by various companies and organizations, some are listed below. If you would like to be included here please open a PR.
- [Checkmarx](https://checkmarx.com/) ([IaC Security](https://checkmarx.com/product/iac-security/))
- [GitLab](https://gitlab.com/) ([Infrastructure as Code scanning](https://docs.gitlab.com/ee/user/application_security/iac_scanning/))
- [Bedrock Streaming](https://bedrockstreaming.com/)
- [Cisco](https://www.panoptica.app/) ([CI/CD Securitry](https://docs.panoptica.app/docs/ci-cd-security))
- [Orca Security](https://orca.security/)
- [JIT](https://www.jit.io/) ([SAST for IaC](https://www.jit.io/security-tools/kics))
- [Firefly](https://www.firefly.ai/) ([Firefly Integrates With Checkmarx's KICS](https://www.firefly.ai/blog/firefly-integrates-with-checkmarxs-kics-to-enable-seamless-cloud-governance-from-code-to-cloud))
- [Redpanda](https://redpanda.com/)
- [Keptn](https://github.com/keptn) / [Keptn Lifecycle Toolkit](https://keptn.sh)
**Keeping Infrastructure as Code Secure!**
---
© 2024 Checkmarx Ltd. All Rights Reserved.