KICS by Checkmarx
Keeping Infrastructure as Code Secure
Overview
KICS (Keeping Infrastructure as Code Secure) is an open-source static analysis tool that finds security vulnerabilities, compliance issues, and misconfigurations in Infrastructure as Code. It supports a wide variety of IaC platforms and has a large and growing library of queries.
✨ Key Features
- Scans Terraform, Kubernetes, Docker, Ansible, and more
- Over 2000 ready-to-use queries
- Extensible and customizable with new queries
- Integration with CI/CD pipelines
- Multiple output formats (JSON, SARIF, etc.)
- Open-source and community-supported
🎯 Key Differentiators
- Large number of built-in queries
- Broad support for different IaC platforms
- Extensibility and customization
Unique Value: Offers a comprehensive and extensible open-source solution for securing a wide range of IaC.
🎯 Use Cases (4)
✅ Best For
- Finding hardcoded secrets in Dockerfiles
- Ensuring Terraform configurations adhere to security best practices
💡 Check With Vendor
Verify these considerations match your specific requirements:
- Runtime security analysis
- Intrusion detection
🏆 Alternatives
Its extensive query library covers a wide array of potential security issues out of the box.
💻 Platforms
✅ Offline Mode Available
🔌 Integrations
💰 Pricing
Free tier: Full open-source version is free.
🔄 Similar Tools in IaC Compliance
Snyk IaC
A tool that helps developers find and fix security issues in IaC files like Terraform, CloudFormatio...
Checkov
An open-source static analysis tool for scanning Infrastructure as Code (IaC) files for misconfigura...
Terrascan
An open-source static code analyzer for IaC that helps detect security vulnerabilities and complianc...
tfsec
An open-source static analysis tool for finding security misconfigurations in Terraform templates....
Open Policy Agent
An open-source, general-purpose policy engine....
Prisma Cloud by Palo Alto Networks
A comprehensive cloud security platform that includes IaC scanning and compliance....