Gartner® Checkmarx Named a Leader in the 2026 Gartner® Magic Quadrant™ for Software Supply Chain Security Get the Report
Outlook Report The Future of Application Security in the Era of AI Download Now
Latest Innovations
Checkmarx for Developers
Partners
Blog
Research

KICS

application security cover image

The Checkmarx infrastructure-as-code engine (aptly named KICS for Keeping Infrastructure as Code Secure) finds security vulnerabilities, compliance issues, and infrastructure misconfigurations in following Infrastructure as Code technologies: Terraform, Kubernetes, Docker, AWS CloudFormation, and Ansible. As the engine is capable of analyzing any JSON, XML and YML files, support of new configurations requires adding queries, and do not require any engine modification. From day one the KICS has been built for extensibility. First, it includes over 1000 fully customizable and adjustable heuristics rules, called queries. These can be easily edited, extended, and added. Second, its robust but yet simple architecture allows quick addition of support for new Infrastructure as Code solutions.