KICS (Keeping Infrastructure as Code Secure) is a free, open source solution for static code analysis of IaC. It’s like magic.
KICS automatically parses common IaC files of any type to detect insecure configurations that could expose your applications, data, or services to attack.
That means you can let anyone on your team write IaC files, and then vet the files to ensure they are secure before rolling them out. Instead of setting security guidelines in your IT governance policies and hoping engineers and developers follow them when creating IaC files, you can automatically enforce IaC security with KICS.
Plus, because KICS is an open source tool that supports all mainstream IaC platforms—Terraform, CloudFormation, Ansible, Helm, and more—and integrates with a variety of software development tools, it makes it possible to add IaC security scanning to your existing workflows without friction. Now, your developers don’t have to slow down to ensure IaC security.
KICS is not just a tool for securing individual IaC files. It goes further, assessing your overall API design for misconfigurations, allowing you to identify risks in path definitions, authentication schema, and transport encryption.
That means you can set API security standards for your organization and enforce them through IaC scanning. KICS runs scans automatically at application build time, so you can systematically review your APIs without slowing down your software delivery pipeline.
You can take full advantage of APIs and ensure they can evolve over time to meet changing needs without exposing your applications to API security flaws.
As an open source, platform-agnostic IaC scanning tool, KICS can grow seamlessly along with your development and deployment operations.
Developers can extend KICS with new checks using a simple, industry-standard query language. In addition, they can quickly onboard new items to automated scanning workflows while also extending IaC scanning capabilities into new parts of their application stack or new types of IaC resources by taking advantage of KICS’ modular design.
KICS offers a flexible, extensible solution for integrating IaC security scanning into your existing software delivery cycle. With KICS, you can keep moving fast and scaling up without worrying that IaC files are spreading security vulnerabilities across your environment.
KICS finds security vulnerabilities, compliance issues, and infrastructure misconfigurations in the following IaC solutions: Terraform, Kubernetes, Docker, AWS CloudFormation, Ansible, and Helm. We’ve recently expanded KICS’ functionality to include Open API 3.0 specifications through The OpenAPI Initiative (formerly Swagger), with over 1,500 editable queries available.
KICS is an open source community project, and anyone can contribute. Start making a difference in minutes by sharing your expertise with our community of thousands of security experts and software developers.
Explore our product documentation for installation and integration instructions to get you up and running quickly. You can also take the next step and explore our contribution options and roadmap.
Download KICS and protect your IaC, your APIs, and your entire organization from flaws and misconfigurations.