KICs - Checkmarx

Experience the Power of Agentic AI With Checkmarx One Assist

See the Future

By Checkmarx

Open Source IaC:
Free, Fast, Scalable

KICS (Keeping Infrastructure as Code Secure) is a free, open source solution for static code analysis of IaC.

Download KICS Discover More
kics_heroo_image

#1 Rated IaC Security Tool

KICS help you find vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle.

M+

Docker Pulls (Downloads)

+

Fully Customizable Rules and Queries

+

IaC Platforms Supported

+

Languages and Formats Supported

Find Out More

Download KICS and protect your entire organization from flaws and misconfigurations.

Download KICS

Platforms

KICS identifies security vulnerabilities, compliance issues, and misconfigurations in IaC solutions
like Terraform, Kubernetes, Docker, AWS CloudFormation, Ansible, and Helm. It also supports OpenAPI 3.0 with over 2,400 editable queries.

01 – Teraform
02 – Kubernetes
03 – Docker
04 – AWS CLOUD
05 – ANSIBLE
06 – HELM
07 – OPENAPI

Checkmarx’ KICS: Easy to Install, Run, and Integrate

Checkmarx’ KICS is an open-source tool for scanning Infrastructure as Code (IaC) to detect misconfigurations and vulnerabilities before deployment. KICS is free, and simple to integrate.

Automate, Detect, and Protect

automate_detect_and_protect__2x

KICS, is an open source community powered tool that protects your cloud infrastructure. It scans IaC files for misconfigurations and security risks before deployment.

Free, Fast, Scalable Open Source Scanning

free_fast_scalable_open_source_scanning__2x

Integrate and protect your apps, data, and services effortlessly. KICS enforces IaC security automatically, reducing risk and ensuring secure configurations.

Enforcing API Design Best Practices

enforcing_api_design_best_practices__2x

KICS secures APIs by spotting misconfigurations in paths, authentication, and encryption. It automatically scans during builds, safeguarding your apps without slowing down development.

Built for Scale

built_for_scale__2x

KICS scales with your development, extending IaC security scans easily. Its modular design lets you add new checks, expand operations, and protect your stack—all without slowing down delivery.

  • Automate, Detect, and Protect

    KICS, is an open source community powered tool that protects your cloud infrastructure. It scans IaC files for misconfigurations and security risks before deployment.

  • Free, Fast, Scalable Open Source Scanning

    Integrate and protect your apps, data, and services effortlessly. KICS enforces IaC security automatically, reducing risk and ensuring secure configurations.

  • Enforcing API Design Best Practices

    KICS secures APIs by spotting misconfigurations in paths, authentication, and encryption. It automatically scans during builds, safeguarding your apps without slowing down development.

  • Built for Scale

    KICS scales with your development, extending IaC security scans easily. Its modular design lets you add new checks, expand operations, and protect your stack—all without slowing down delivery.

automate_detect_and_protect__2x
free_fast_scalable_open_source_scanning__2x
enforcing_api_design_best_practices__2x
built_for_scale__2x

Get Started with KICS Today

Developed by Checkmarx and the open source community, KICS is simple to install, run, and integrate into your CI, and understanding your results is straightforward.

Download KICS

Additional Resources

KICS is powered by Checkmarx—the leader in application security — in partnership with the open source community.

Documentation

Read Now

Contribute

Read Now

Solution Brief

Learn More

KICS Roadmap

Learn More

GitHub Source

Download KICS

Find Out More

Download KICS and protect your IaC, your APIs, and your entire organization from flaws and misconfigurations.

Download KICS