KICS



complexity solved
Free, Fast, Scalable Open Source IaC Scanning
ACCURACY AT DEVOPS SPEED
Enforce API Design Best Practices
KICS is not just a tool for securing individual IaC files. It goes further, assessing your overall API design for misconfigurations, allowing you to identify risks in path definitions, authentication schema, and transport encryption.
That means you can set API security standards for your organization and enforce them through IaC scanning. KICS runs scans automatically at application build time, so you can systematically review your APIs without slowing down your software delivery pipeline.
You can take full advantage of APIs and ensure they can evolve over time to meet changing needs without exposing your applications to API security flaws.


MAKE IT YOUR OWN
A Highly Extensible Solution
As an open source, platform-agnostic IaC scanning tool, KICS can grow seamlessly along with your development and deployment operations.
Developers can extend KICS with new checks using a simple, industry-standard query language. In addition, they can quickly onboard new items to automated scanning workflows while also extending IaC scanning capabilities into new parts of their application stack or new types of IaC resources by taking advantage of KICS’ modular design.
KICS offers a flexible, extensible solution for integrating IaC security scanning into your existing software delivery cycle. With KICS, you can keep moving fast and scaling up without worrying that IaC files are spreading security vulnerabilities across your environment.
KICS finds security vulnerabilities, compliance issues, and infrastructure misconfigurations in the following IaC solutions: Terraform, Kubernetes, Docker, AWS CloudFormation, Ansible, and Helm. We’ve recently expanded KICS’ functionality to include Open API 3.0 specifications through The OpenAPI Initiative (formerly Swagger), with over 1,500 editable queries available.







KICS is:
Complete
KICS finds security vulnerabilities, compliance issues, and infrastructure misconfigurations in popular IaC solutions and OpenAPI 3.0 specifications.
Open Source
KICS is open source and always will be. Both the scanning engine and the security queries are clear and open to the software development community.
Extensible
1,500+ fully customizable and adjustable heuristic rules, or queries, can be easily edited, extended, and added to. What’s more, our robust but simple architecture allows for support of new IaC solutions.


Contribute
KICS is an open source community project, and anyone can contribute. Start making a difference in minutes by sharing your expertise with our community of thousands of security experts and software developers.
Documentation
Explore our product documentation for installation and integration instructions to get you up and running quickly. You can also take the next step and explore our contribution options and roadmap.