IaC OPEN SOURCERY
Free, Fast, Scalable Open Source IaC Scanning
ACCURACY AT DEVOPS SPEED
Enforce API Design Best Practices
KICS is not just a tool for securing individual IaC files. It goes further, assessing your overall API design for misconfigurations, allowing you to identify risks in path definitions, authentication schema, and transport encryption.
That means you can set API security standards for your organization and enforce them through IaC scanning. KICS runs scans automatically at application build time, so you can systematically review your APIs without slowing down your software delivery pipeline.
You can take full advantage of APIs and ensure they can evolve over time to meet changing needs without exposing your applications to API security flaws.
MAKE IT YOUR OWN
A Highly Extensible Solution
As an open source, platform-agnostic IaC scanning tool, KICS can grow seamlessly along with your development and deployment operations.
Developers can extend KICS with new checks using a simple, industry-standard query language. In addition, they can quickly onboard new items to automated scanning workflows while also extending IaC scanning capabilities into new parts of their application stack or new types of IaC resources by taking advantage of KICS’ modular design.
KICS offers a flexible, extensible solution for integrating IaC security scanning into your existing software delivery cycle. With KICS, you can keep moving fast and scaling up without worrying that IaC files are spreading security vulnerabilities across your environment.
KICS finds security vulnerabilities, compliance issues, and infrastructure misconfigurations in the following IaC solutions: Terraform, Kubernetes, Docker, AWS CloudFormation, Ansible, and Helm. We’ve recently expanded KICS’ functionality to include Open API 3.0 specifications through The OpenAPI Initiative (formerly Swagger), with over 1,500 editable queries available.
KICS is an open source community project, and anyone can contribute. Start making a difference in minutes by sharing your expertise with our community of thousands of security experts and software developers.
Explore our product documentation for installation and integration instructions to get you up and running quickly. You can also take the next step and explore our contribution options and roadmap.