• Stars
    star
    2,004
  • Rank 23,109 (Top 0.5 %)
  • Language Open Policy Agent
  • License
    Apache License 2.0
  • Created over 4 years ago
  • Updated 3 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

Latest Release License Queries Docker Pulls Documentation GitHub Discussions Discord Server

checkmarx Codacy Badge Quality Gate Status Go Report Card Go Coverage

KICS - Keep Infrastructure as Code Secure

KICS - Keep Infrastructure as Code Secure


Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

KICS stands for Keeping Infrastructure as Code Secure, it is open source and is a must-have for any cloud native project.

Supported Platforms

Terraform    Kubernetes    Docker   

CloudFormation    Ansible    Helm   

OpenAPI    gRPC    Azure Resource Manager    Google Deployment Manager   

Cloud Deployment Kit    SAM    Docker Compose    Knative   

Crossplane    Pulumi    ServerlessFW   

Azure BluePrints   

Support of other solutions and additional cloud providers are on the roadmap.

Getting Started

Setting up and using KICS is super-easy.

Interested in more advanced stuff?

  • Deep dive into KICS queries.
  • Understand how to integrate KICS in your favourite CI/CD pipelines.

See KICS documentation for more details and topics.

How it Works

What makes KICS really powerful and popular is its built-in extensibility. This extensibility is achieved by:

  • Fully customizable and adjustable heuristics rules, called queries. These can be easily edited, extended and added.
  • Robust but yet simple architecture, which allows quick addition of support for new Infrastructure as Code solutions.

Contribution

KICS is a true community project. It's built as an open source from day one, and anyone can find his own way to contribute to the project. Check out how, within just minutes, you can start making a difference, by sharing your expertise with a community of thousands of security experts and software developers.

You're welcome to join our monthly community meetings, talk with us on GitHub discussions or contact KICS core team at [email protected].

Meet us at conferences

Keeping Infrastructure as Code Secure!


© 2023 Checkmarx Ltd. All Rights Reserved.

More Repositories

1

capital

A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Security vulnerabilities within your own API Security CTF.
CSS
268
star
2

JS-SCP

JavaScript Secure Coding Practices guide
173
star
3

2ms

Too many secrets (2MS) helps people protect their secrets on any file or on systems like CMS, chats and git
Go
76
star
4

chainjacking

Find which of your direct GitHub dependencies is susceptible to RepoJacking attacks
Python
55
star
5

kics-github-action

GitHub actions of KICS scan - Keeping Infrastructure as Code Secure
JavaScript
42
star
6

chainalert-github-action

scans popular packages and alerts in cases there is suspicion of an account takeover
JavaScript
40
star
7

ast-cli

A CLI project wrapping application security testing (AST) APIs
Go
37
star
8

dustilock

DustiLock is a tool to find which of your dependencies is susceptible to a Dependency Confusion attack.
Go
34
star
9

Goatlin

(aka Kotlin Goat) - an intentionally vulnerable Kotlin application
Kotlin
32
star
10

cuteboi

This open-source project tracks CuteBoi's activity over time as there are evidence the actor is still active. All information provided here is intended for research purposes.
Vue
28
star
11

Kotlin-SCP

Kotlin Secure Coding Practices is a guide written for anyone using Kotlin for mobile development.
Ruby
25
star
12

ast-github-action

Checkmarx application security testing (AST) GitHub action
Shell
15
star
13

WebViewGoat

A deliberately vulnerable Android application to demonstrate exfiltration scenarios
JavaScript
11
star
14

red-lili

This open-source project tracks RED-LILI's activity over time as there are evidence the actor is still active. All information provided here is intended for research purposes.
Vue
11
star
15

ast-vscode-extension

The Checkmarx One Visual Studio Code plugin (extension) enables you to import results from a Checkmarx One scan directly into your VS Code console. You can view the vulnerabilities that were identified in your source code and navigate directly to the vulnerable code in the editor.
Hack
11
star
16

kics-cdk-validator-plugin

A KICS plugin for AWS CDK
TypeScript
6
star
17

driffty

Cloud Infrastructure Security Drift Detection - for KICS
Open Policy Agent
6
star
18

ci-cd-integrations

If you are using a CI/CD platform that doesn’t yet have a dedicated Checkmarx plugin, please check this repository.
Groovy
6
star
19

swag

4
star
20

ast-azure-plugin

The CxAST Azure DevOps plugin enables you to trigger SAST, SCA, and KICS scans directly from an Azure DevOps pipeline.
TypeScript
4
star
21

sast-to-ast-export

CLI tool to export data from CxSAST and import into Checkmarx Application Security Testing Platform
Go
3
star
22

ast-teamcity-plugin

The CxAST TeamCity plugin enables you to trigger SAST, SCA, and KICS scans directly from a TeamCity project.
Java
3
star
23

ast-eclipse-plugin

The CxAST Eclipse plugin enables you to import results from a CxAST scan directly into your IDE. You can view the vulnerabilities that were identified in your source code and navigate directly to the vulnerable code in the editor.
Java
3
star
24

dast-github-action

Shell
2
star
25

API-Security-Top-10

2
star
26

ast-visual-studio-extension

The CxAST Visual Studio plugin enables you to import results from a CxAST scan directly into your IDE
C#
2
star
27

JobDeCrypter

A decryption tool for the JobCrypter ransomware
C#
2
star
28

homebrew-ast-cli

Ruby
2
star
29

NFCdrip

Java
2
star
30

solidity-ddenv

Containerized Solidity Decentralized App Development Environment
JavaScript
2
star
31

kics-codefresh-step

2
star
32

ast-jetbrains-plugin

The CxAST JetBrains plugin enables you to import results from a CxAST scan directly into your IDE.
Java
2
star
33

nexus-security-plugin

Java
2
star
34

SmartBulbExfil

Java
1
star
35

kics-orb

1
star
36

vorpal-reviewdog-github-action

Run Vorpal with reviewdog 🐶
Shell
1
star