Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Checkmarx/kics
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
https://github.com/Checkmarx/kics
appsec cloudnative devsecops golang hacktoberfest iac infrastructure-as-code open-policy-agent security security-tools vulnerability-detection vulnerability-scanners
Last synced: 9 days ago
JSON representation
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
- Host: GitHub
- URL: https://github.com/Checkmarx/kics
- Owner: Checkmarx
- License: apache-2.0
- Created: 2020-07-08T21:46:15.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2024-04-17T15:22:48.000Z (7 months ago)
- Last Synced: 2024-04-17T16:11:29.522Z (7 months ago)
- Topics: appsec, cloudnative, devsecops, golang, hacktoberfest, iac, infrastructure-as-code, open-policy-agent, security, security-tools, vulnerability-detection, vulnerability-scanners
- Language: Open Policy Agent
- Homepage: https://kics.io
- Size: 613 MB
- Stars: 1,886
- Watchers: 25
- Forks: 286
- Open Issues: 151
-
Metadata Files:
- Readme: README.md
- Contributing: docs/CONTRIBUTING.md
- License: LICENSE
- Code of conduct: docs/code-of-conduct.md
- Roadmap: docs/roadmap.md
Awesome Lists containing this project
- awesome-policy-as-code - kics - Find security vulnerabilities, compliance issues, and infrastructure misconfigurations earlier (Tools / Others)
- awesome-devsecops - KICS - _Checkmarx_ - Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle. (Tools / Infrastructure as Code Analysis)
- DevSecOps - https://github.com/Checkmarx/kics - the-badge) | (Infrastructure as code security)
- awesome-repositories - Checkmarx/kics - Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx. (Open Policy Agent)
- awesome-platform-engineering - KICS by Checkmarx- detect security vulnerabilities, compliance issues, and infrastructure misconfigurations
- awesome-cloud-security - kics - as-code. (Infrastructure)
- awesome-k8s-security - KICS - Keeping Infrastructure as Code Secure
- awesome-cloud-sec - kics - - Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx. (Other Awesome Lists / Terraform)
- awesome-opa - KICS - Keeping Infrastructure as Code Secure or KICS scans IaC projects for security vulnerabilities, compliance issues, and infrastructure misconfiguration. Currently working with Terraform projects, Kubernetes manifests, Dockerfiles, AWS CloudFormation Templates, and Ansible playbooks. (Infrastructure as Code / Datasource Integrations Blogs and Articles)
- awesome-tf - KICS - Scans IaC projects for security vulnerabilities, compliance issues, and infrastructure misconfiguration. Currently working with Terraform projects, Kubernetes manifests, Dockerfiles, AWS CloudFormation Templates, and Ansible playbooks. (Tools / Community providers)
- awesome-hacking-lists - Checkmarx/kics - Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx. (Open Policy Agent)
- awesome-software-supply-chain-security - kics -  - Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code. (Infrastructure as Code Secure)
- awesome-ansible - kics - SAST Tool that scans your ansible infrastructure as code playbooks for security vulnerabilities, compliance issues and misconfigurations. (Tools)
- awesome-devsecops - KICS - _Checkmarx_ - Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle. (Tools / Infrastructure as Code Analysis)
README
[](https://github.com/checkmarx/kics/releases)
[](https://opensource.org/licenses/Apache-2.0)
[](https://docs.kics.io/develop/queries/all-queries/)
[](https://hub.docker.com/r/checkmarx/kics)
[](https://docs.kics.io/)
[](https://github.com/Checkmarx/kics/discussions)
[](https://sast.checkmarx.net/cxwebclient/portal#/projectState/702/Summary)
[](https://www.codacy.com/gh/Checkmarx/kics/dashboard?utm_source=github.com&utm_medium=referral&utm_content=Checkmarx/kics&utm_campaign=Badge_Grade)
[](https://sonarcloud.io/dashboard?id=Checkmarx_kics)
[](https://goreportcard.com/report/github.com/Checkmarx/kics)
[](https://docs.kics.io/coverage.html)
---
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with **KICS** by Checkmarx.
**KICS** stands for **K**eeping **I**nfrastructure as **C**ode **S**ecure, it is open source and is a must-have for any cloud native project.
### Supported Platforms
### Beta Features
By default, Databricks, NIFCloud, and TencentCloud queries run when you scan Terraform files using KICS.
The `Severity` and `Description` of these queries are still under review.
## Getting Started
Setting up and using KICS is super-easy.
- First, see how to [install and get KICS running](docs/getting-started.md).
- Then explore KICS [output results format](docs/results.md) and quickly fix the issues detected.
Interested in more advanced stuff?
- Deep dive into KICS [queries](docs/queries.md).
- Understand how to [integrate](docs/integrations.md) KICS in your favourite CI/CD pipelines.
See [KICS documentation](https://docs.kics.io/) for more details and topics.
## How it Works
What makes KICS really powerful and popular is its built-in extensibility. This extensibility is achieved by:
- Fully customizable and adjustable heuristics rules, called [queries](docs/queries.md). These can be easily edited, extended and added.
- Robust but yet simple [architecture](docs/architecture.md), which allows quick addition of support for new Infrastructure as Code solutions.
## Community
You're welcome to join our [community](docs/community.md), talk with us on GitHub discussions or contact KICS core team at [[email protected]](mailto:[email protected]).
### KICS Contributors
See our individual contributors in the [community](docs/community.md) page. You're welcome to join them by [contributing](docs/CONTRIBUTING.md) to KICS.
We also like to thank the following organizations for their ongoing contribution:
- [Checkmarx](https://checkmarx.com/)
- [Bedrock Streaming](https://bedrockstreaming.com/) (since v1.4.8)
- [Dynatrace](https://www.dynatrace.com/) (since v1.5.1)
- [Orca Security](https://orca.security/) (since v1.5.10)
### KICS Users
KICS is used by various companies and organizations, some are listed below. If you would like to be included here please open a PR.
- [Checkmarx](https://checkmarx.com/) ([IaC Security](https://checkmarx.com/product/iac-security/))
- [GitLab](https://gitlab.com/) ([Infrastructure as Code scanning](https://docs.gitlab.com/ee/user/application_security/iac_scanning/))
- [Bedrock Streaming](https://bedrockstreaming.com/)
- [Cisco](https://www.panoptica.app/) ([CI/CD Securitry](https://docs.panoptica.app/docs/ci-cd-security))
- [Orca Security](https://orca.security/)
- [JIT](https://www.jit.io/) ([SAST for IaC](https://www.jit.io/security-tools/kics))
- [Firefly](https://www.firefly.ai/) ([Firefly Integrates With Checkmarx's KICS](https://www.firefly.ai/blog/firefly-integrates-with-checkmarxs-kics-to-enable-seamless-cloud-governance-from-code-to-cloud))
- [Redpanda](https://redpanda.com/)
- [Keptn](https://github.com/keptn) / [Keptn Lifecycle Toolkit](https://keptn.sh)
**Keeping Infrastructure as Code Secure!**
---
© 2024 Checkmarx Ltd. All Rights Reserved.