Checkmarx Launches Infrastructure as Code Scanning Solution
February 25, 2021

Checkmarx announced the launch of KICS (Keeping Infrastructure as Code Secure), an open source static analysis solution that enables developers to write more secure infrastructure as code (IaC).

With KICS, Checkmarx expands its AST product line, providing a single platform for securing proprietary code, open source components, and critical infrastructure for both traditional and cloud-native applications.

KICS automatically detects vulnerabilities, hard-coded keys and passwords, compliance issues, and misconfigurations from the very start of the IaC build cycle, allowing developers to easily remediate these flaws before reaching production. As the most comprehensive IaC scanning engine available, KICS supports the top IaC technologies including Terraform, Kubernetes, Docker, AWS CloudFormation, and Ansible. Additionally, KICS offers more than 1,200 fully customizable and adjustable queries, which cover more than 12 categories ranging from encryption and key management to network ports security.

“As development processes evolve and organizations accelerate their cloud adoption, developers are taking on more security responsibility while also delivering software faster than ever before. This is an impossible balance to strike by solely relying on manual, time-consuming code reviews,” said Maty Siman, CTO and Founder, Checkmarx. “KICS was built with this in mind, enabling development teams to automatically identify IaC issues when fixing is quickest, cheapest, and easiest. As the newest addition to the Checkmarx product portfolio, developers now have a single destination for securing all components that make up today’s complex applications.”

Additional key features and benefits of KICS include:

- Built-in extensibility: KICS provides the largest ‘library’ of queries of any IaC scanning solution, all of which are fully customizable and adjustable. Additionally, KICS’ robust, yet simple, architecture allows for the quick addition of support for new IaC tools.

- Community-sourced: As an open source project, both the scanning engine and queries for KICS are clear and open to a community of thousands of security and DevOps experts and software developers. Coupled with Checkmarx’s dedicated team that is constantly adding new features and vetting contributions, KICS is able to scale at a rapid pace.

- Seamless CI/CD integration: KICS can easily be integrated with any CI/CD pipeline, including GitHub Actions and GitLab CI, applying vulnerability and misconfiguration checks to IaC while keeping developers within their preferred tools.

Siman continued, “Checkmarx is a strong advocate of open source projects, and creating KICS in this manner gives the community the opportunity to steer its direction and foster innovation across the industry. We’re excited to watch this passionate community embrace and contribute to KICS as it becomes an essential addition to every developer’s cloud-native security toolkit.”

“I’m proud to welcome Checkmarx to the open source ecosystem with the release of KICS, as the company brings its vast AST experience to the community,” said Lior Kaplan, open source advisor and evangelist. “KICS is already seeing significant interest from the DevOps and security experts who take part in open source, and this will continue to grow as the project scales and expands to more infrastructure as code platforms.”

KICS is available for free today.

Share this

Industry News

April 15, 2021

Docker announced general availability of the Docker Desktop for Mac [Apple Silicon], enabling developers to leverage the advantages of the latest Macs powered by the M1 chip and extending the reach of their Docker collaborative application development platform to a new architecture.

April 15, 2021

Software AG announced new innovations of its webMethods platform for APIs, Integration and Microservices. With this release, companies can simplify and accelerate their digital transformation initiatives while also speeding their adoption of cloud.

April 15, 2021

Skuid, a toolkit for creating unique and adopted Salesforce experiences, introduced the Skuid Chicago release, a set of features and enhancements providing more declarative support to app designers and builders.

April 14, 2021

SmartBear has integrated TestComplete, its UI test automation tool, with BitBar, its native mobile device cloud.

April 14, 2021

Elastic announced an expanded strategic partnership with Confluent to deliver the best integrated product experience to the Apache Kafka and Elasticsearch community.

April 14, 2021

Threat Stack announced its ability to support AWS Graviton2-based instances through the Threat Stack Cloud Security Platform.

April 13, 2021

Broadcom and Google Cloud announced a strategic collaboration to accelerate innovation and strengthen cloud services integration within the core software franchises of Broadcom.

April 13, 2021

Nylas announced the launch of Components, JavaScript UI/UX solutions that allow developers to bring productivity features to market faster without needing to design front-end elements from scratch.

April 13, 2021

Perforce Software announces its new version control desktop client — Helix Sync — enabling non-coders such as artists and designers to version digital assets, with a simple drag-and-drop UI.

April 12, 2021

ShiftLeft introduced ShiftLeft CORE, a unified code security platform.

April 12, 2021

GrammaTech announced a new version of its CodeSonar SAST (static application security testing) product that helps developers build safer and more secure code without disrupting workflows.

April 12, 2021

Panaya announced a strategic partnership with Being Guided, a Salesforce Consulting Partner, specializing in the CRM and Salesforce ecosystem, to bring Panaya's ForeSight solution to a wider audience.

April 08, 2021

Palo Alto Networks announced the second generation of Checkov, the static analysis tool for infrastructure as code (IaC).

April 08, 2021

Postman now allows any team with up to three members to collaborate in Postman with unlimited shared workspaces and unlimited shared requests at no cost.

April 08, 2021

Taos, an IBM company, has announced 24x5 managed service availability.