Static analysis for infrastructure as code that finds security, compliance, and misconfiguration issues
- Stars2.6k
- Forks373
- Open Issues319
Apache-2.0
- Open Policy Agent
- HCL
- Go
About KICS
KICS performs static analysis of infrastructure as code to find security vulnerabilities, compliance issues, and misconfigurations early in development, before they reach deployment. It scans Terraform, Kubernetes, Dockerfiles, Docker Compose, CloudFormation, Ansible, Helm, OpenAPI, and more.
Scanning is driven by customizable queries and adjustable heuristics rules, so teams can edit, extend, and add their own checks. Detected issues are presented in a results format built for quick review and fixing, and KICS plugs into CI/CD pipelines.
Its architecture is designed to make adding support for new infrastructure as code platforms straightforward. KICS runs locally in development and CI environments rather than as a hosted service, and it is open source under the Apache 2.0 license.
Key features
- Static analysis for infrastructure as code
- Scans Terraform, Kubernetes, Dockerfiles, Helm, and more
- Customizable queries and adjustable heuristics rules
- CI/CD pipeline integration
- Extensible architecture for new IaC platforms
Details
- First released
- 2020
- Latest release
- v2.1.20
- Platforms
- CLI · Docker
- Scan targets
- Terraform · K8s · Dockerfiles · Helm
- Publisher
- Checkmarx