Checkmarx Launches Infrastructure as Code Scanning Solution
February 25, 2021

Checkmarx announced the launch of KICS (Keeping Infrastructure as Code Secure), an open source static analysis solution that enables developers to write more secure infrastructure as code (IaC).

With KICS, Checkmarx expands its AST product line, providing a single platform for securing proprietary code, open source components, and critical infrastructure for both traditional and cloud-native applications.

KICS automatically detects vulnerabilities, hard-coded keys and passwords, compliance issues, and misconfigurations from the very start of the IaC build cycle, allowing developers to easily remediate these flaws before reaching production. As the most comprehensive IaC scanning engine available, KICS supports the top IaC technologies including Terraform, Kubernetes, Docker, AWS CloudFormation, and Ansible. Additionally, KICS offers more than 1,200 fully customizable and adjustable queries, which cover more than 12 categories ranging from encryption and key management to network ports security.

“As development processes evolve and organizations accelerate their cloud adoption, developers are taking on more security responsibility while also delivering software faster than ever before. This is an impossible balance to strike by solely relying on manual, time-consuming code reviews,” said Maty Siman, CTO and Founder, Checkmarx. “KICS was built with this in mind, enabling development teams to automatically identify IaC issues when fixing is quickest, cheapest, and easiest. As the newest addition to the Checkmarx product portfolio, developers now have a single destination for securing all components that make up today’s complex applications.”

Additional key features and benefits of KICS include:

- Built-in extensibility: KICS provides the largest ‘library’ of queries of any IaC scanning solution, all of which are fully customizable and adjustable. Additionally, KICS’ robust, yet simple, architecture allows for the quick addition of support for new IaC tools.

- Community-sourced: As an open source project, both the scanning engine and queries for KICS are clear and open to a community of thousands of security and DevOps experts and software developers. Coupled with Checkmarx’s dedicated team that is constantly adding new features and vetting contributions, KICS is able to scale at a rapid pace.

- Seamless CI/CD integration: KICS can easily be integrated with any CI/CD pipeline, including GitHub Actions and GitLab CI, applying vulnerability and misconfiguration checks to IaC while keeping developers within their preferred tools.

Siman continued, “Checkmarx is a strong advocate of open source projects, and creating KICS in this manner gives the community the opportunity to steer its direction and foster innovation across the industry. We’re excited to watch this passionate community embrace and contribute to KICS as it becomes an essential addition to every developer’s cloud-native security toolkit.”

“I’m proud to welcome Checkmarx to the open source ecosystem with the release of KICS, as the company brings its vast AST experience to the community,” said Lior Kaplan, open source advisor and evangelist. “KICS is already seeing significant interest from the DevOps and security experts who take part in open source, and this will continue to grow as the project scales and expands to more infrastructure as code platforms.”

KICS is available for free today.

Share this

Industry News

March 18, 2024

Kubiya.ai announces the launch of its DevOps Digital Agents.

March 18, 2024

Aviatrix® introduced Aviatrix Distributed Cloud Firewall for Kubernetes, a distributed cloud networking and network security solution for containerized enterprise applications and workloads.

March 18, 2024

Stride announces the general availability of Stride Conductor, its new autonomous coding product that transforms the software development landscape.

March 14, 2024

CircleCI unveiled CircleCI releases, which enables developers to automate the release orchestration process directly from the CircleCI UI.

March 13, 2024

Fermyon™ Technologies announces Fermyon Platform for Kubernetes, a WebAssembly platform for Kubernetes.

March 13, 2024

Akuity announced a new offer targeted at Enterprises and businesses where security and compliance are key.

March 13, 2024

New Relic launched new capabilities for New Relic IAST (Interactive Application Security Testing), including proof-of-exploit reporting for application security testing.

March 12, 2024

OutSystems announced AI Agent Builder, a new solution in the OutSystems Developer Cloud platform that makes it easy for IT leaders to incorporate generative AI (GenAI) powered applications into their digital transformation strategy, as well as govern the use of AI to ensure standardization and security.

March 12, 2024

Mirantis announced significant updates to Lens Desktop that makes working with Kubernetes easier by simplifying operations, improving efficiency, and increasing productivity. Lens 2024 Early Access is now available to Lens users.

March 12, 2024

Codezero announced a $3.5 million seed-funding round led by Ballistic Ventures, the venture capital firm dedicated exclusively to funding entrepreneurs and innovations in cybersecurity.

March 11, 2024

Prismatic launched a code-native integration building experience.

March 07, 2024

Check Point® Software Technologies Ltd. announced its Check Point Infinity Platform has been ranked as the #1 Zero Trust Platform in the latest Miercom Zero Trust Platform Assessment.

March 07, 2024

Tricentis announced the launch and availability of SAP Test Automation by Tricentis as an SAP Solution Extension.

March 07, 2024

Netlify announced the general availability of the AI-enabled deploy assist.

March 07, 2024

DataStax announced a new integration with Airbyte that simplifies the process of building production-ready GenAI applications with structured and unstructured data.