---

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

KICS stands for Keeping Infrastructure as Code Secure, it is open source and is a must-have for any cloud native project.

Supported Platforms

Beta Features

                            

By default, Databricks, NIFCloud, and TencentCloud queries run when you scan Terraform files using KICS. The `Severity` and `Description` of these queries are still under review. ## Getting Started Setting up and using KICS is super-easy. - First, see how to [install and get KICS running](docs/getting-started.md). - Then explore KICS [output results format](docs/results.md) and quickly fix the issues detected. Interested in more advanced stuff? - Deep dive into KICS [queries](docs/queries.md). - Understand how to [integrate](docs/integrations.md) KICS in your favourite CI/CD pipelines. See [KICS documentation](https://docs.kics.io/) for more details and topics. ## How it Works What makes KICS really powerful and popular is its built-in extensibility. This extensibility is achieved by: - Fully customizable and adjustable heuristics rules, called [queries](docs/queries.md). These can be easily edited, extended and added. - Robust but yet simple [architecture](docs/architecture.md), which allows quick addition of support for new Infrastructure as Code solutions. ## Community You're welcome to join our [community](docs/community.md), talk with us on GitHub discussions or contact KICS core team at [kics@checkmarx.com](mailto:kics@checkmarx.com). ### KICS Contributors See our individual contributors in the [community](docs/community.md) page. You're welcome to join them by [contributing](docs/CONTRIBUTING.md) to KICS. We also like to thank the following organizations for their ongoing contribution: - [Checkmarx](https://checkmarx.com/) - [Bedrock Streaming](https://bedrockstreaming.com/) (since v1.4.8) - [Dynatrace](https://www.dynatrace.com/) (since v1.5.1) - [Orca Security](https://orca.security/) (since v1.5.10) ### KICS Users KICS is used by various companies and organizations, some are listed below. If you would like to be included here please open a PR. - [Checkmarx](https://checkmarx.com/) ([IaC Security](https://checkmarx.com/product/iac-security/)) - [GitLab](https://gitlab.com/) ([Infrastructure as Code scanning](https://docs.gitlab.com/ee/user/application_security/iac_scanning/)) - [Bedrock Streaming](https://bedrockstreaming.com/) - [Cisco](https://www.panoptica.app/) ([CI/CD Securitry](https://docs.panoptica.app/docs/ci-cd-security)) - [Orca Security](https://orca.security/) - [JIT](https://www.jit.io/) ([SAST for IaC](https://www.jit.io/security-tools/kics)) - [Firefly](https://www.firefly.ai/) ([Firefly Integrates With Checkmarx's KICS](https://www.firefly.ai/blog/firefly-integrates-with-checkmarxs-kics-to-enable-seamless-cloud-governance-from-code-to-cloud)) - [Redpanda](https://redpanda.com/) - [Keptn](https://github.com/keptn) / [Keptn Lifecycle Toolkit](https://keptn.sh) **Keeping Infrastructure as Code Secure!** --- © 2024 Checkmarx Ltd. All Rights Reserved.