Checkmarx announced the launch of KICS (Keeping Infrastructure as Code Secure), an open source static analysis solution that enables developers to write more secure infrastructure as code (IaC).
KICS expands Checkmarx's Application Security Testing product line, providing a single platform for securing proprietary code, open source components, and critical infrastructure for both traditional and cloud-native applications.
KICS automatically detects vulnerabilities, hard-coded keys and passwords, compliance issues, and misconfigurations from the very start of the IaC build cycle, allowing developers to easily remediate these flaws before reaching production. As a comprehensive IaC scanning engine, KICS supports the leading IaC technologies including AWS CloudFormation, Docker, Kubernetes, Terraform, and Ansible. Additionally, KICS offers more than 1,200 fully customizable and adjustable queries, which cover more than 12 categories ranging from encryption and key management to network ports security.
"As development processes evolve and organizations accelerate their cloud adoption, developers are taking on more security responsibility while also delivering software faster than ever before. This is an impossible balance to strike by solely relying on manual, time-consuming code reviews," said Maty Siman, CTO and founder of Checkmarx.
"KICS was built with this in mind, enabling development teams to automatically identify IaC issues when fixing is quickest, cheapest, and easiest. As the newest addition to the Checkmarx product portfolio, developers now have a single destination for securing all components that make up today’s complex applications."
KICS is available for free. For more information, visit kics.io.