🗂️ Navigation
📁 GitOps
📋 GitOps Security
🔧 KICS

KICS

Keeping Infrastructure as Code Secure.

Visit Website →

Overview

KICS (Keeping Infrastructure as Code Secure) is an open-source static analysis tool developed by Checkmarx. It scans a wide variety of Infrastructure as Code formats, including Terraform, Kubernetes, Docker, CloudFormation, and Ansible, for security vulnerabilities, compliance issues, and misconfigurations. KICS has a large and extensible library of queries and is designed to be integrated into CI/CD pipelines to provide early feedback to developers.

✨ Key Features

  • Scans a wide range of IaC formats
  • Over 2000 built-in queries for security and compliance
  • Support for multiple cloud providers (AWS, Azure, GCP)
  • Extensible with custom queries
  • Fast and scalable scanning engine
  • CI/CD integration

🎯 Key Differentiators

  • Very broad support for a large number of IaC technologies
  • Large and comprehensive library of queries
  • Backed by a major application security vendor (Checkmarx)

Unique Value: Provides a highly extensible and comprehensive open-source solution for securing a wide array of Infrastructure as Code technologies from the start of the development lifecycle.

🎯 Use Cases (4)

Detecting security risks in Terraform configurations. Ensuring Kubernetes manifests adhere to security best practices. Auditing Ansible playbooks for insecure configurations. Automating IaC security scanning within CI/CD.

✅ Best For

  • Integrating into a GitHub Actions workflow to scan IaC on every pull request.
  • Running locally by developers to check their code before committing.

💡 Check With Vendor

Verify these considerations match your specific requirements:

  • Scanning for vulnerabilities in application code (SAST) or open-source dependencies (SCA).

🏆 Alternatives

Checkov Terrascan tfsec

Offers one of the largest and most comprehensive sets of pre-configured security queries out-of-the-box compared to other open-source IaC scanners.

💻 Platforms

CLI API

✅ Offline Mode Available

🔌 Integrations

Terraform Kubernetes Docker Ansible CloudFormation GitHub Actions Jenkins

💰 Pricing

Contact for pricing
Free Tier Available

Free tier: The open-source tool is completely free.

Visit KICS Website →

🔄 Similar Tools in GitOps Security

Snyk

A developer-first security platform for finding and fixing vulnerabilities in code, dependencies, co...

Contact

Checkov

An open-source static analysis tool for scanning infrastructure as code (IaC) to find misconfigurati...

Contact

Trivy

An open-source vulnerability scanner for containers, IaC, and more....

Contact

Terrascan

An open-source static code analyzer for Infrastructure as Code, scanning for security vulnerabilitie...

Contact

Open Policy Agent (OPA)

An open source, general-purpose policy engine that unifies policy enforcement across the stack....

Contact

Kyverno

A policy engine designed for Kubernetes that allows you to manage policies as Kubernetes resources....

Contact