We are happy to announce that KICS reached the incredible milestone of 500,000 downloads on Docker Hub –
less than one year from the official launch!
KICS is an open-source project powered by Checkmarx that finds security vulnerabilities, compliance issues, and infrastructure misconfigurations in popular IaC solutions and OpenAPI 3.0 specifications.
What does 500K downloads really mean?
Besides being an impressively large number in a short period of time, this milestone shows the extensive adoption of KICS by the developer community. Following GitLab’s announcement, we now see KICS in more places, used by new personas and new users, and this achievement proves that Checkmarx is focused on the needs of both developers and CISOs.
This high level of adoption is the final stamp of approval needed to demonstrate what Checkmarx and the open source community is capable of achieving. As said by Razi Sharir, Chief Product Officer, Checkmarx, “The world runs code, and we secure it – from application source code to infrastructure code.”
How did we get where we are today?
The 1st KICS release was a year ago, with a beta version consisting of only of 48 queries and support for Terraform. Working with the open source community, we continued to develop the solution and officially launched KICS in February 2021. Since then, the team hasn’t stopped pushing and promoting KICS in every possible way.
We presented KICS in Black Hat, GISEC, DevSecOpsCon, OWASP meetups, and over 30 different events throughout the year. We presented KICS to analysts and were ranked as the best IaC scanning tool in the 2021 Gartner MQ. We integrated and collaborated with our partners including GitLab, Terraform, BlackHat, and Solvo, plus we listened closely to the community requests to ensure KICS is always up-to-date.
Finally, KICS is the first open source project to achieve CIS Level 2 certification. Checkmarx is a CIS SecureSuite® Product Vendor Member, and KICS was recently awarded CIS AWS foundation benchmark level 1 and 2.
Many thanks to the community
Based on feedback from developers and the open-source community, we were able to make KICS a much better solution. We worked closely with the open source community, our customers, and the rest of the DevSecOps community and listened carefully to their feedback. We had over 60 issues coming from the community, and multiple contributions from them as well—making KICS better with every request and fix. We had over 800 stars on GitHub and over 100 forks. We couldn’t have done that without the community as a whole.
So, what’s next for KICS?
In 2022, this is what we have planned so far:
- Deliver an enterprise version of KICS to be fully incorporated into the Checkmarx Application Security Platform.
- Obtain 1,000,000 downloads by end of 2022.
- Provide new IaC capabilities like drift, add more query and vulnerability coverage, and make it available for more cloud vendors.
The world runs on code – we developed KICS with true passion.