Checkmarx KICS Integrated into GitLab 14.5 as Default IaC Code Scanner

3 min.

December 14, 2021

Open-source KICS (Keeping Infrastructure as Code Secure) scanning tool can be seamlessly added to GitLab Secure pipelines to scan Ansible, AWS CloudFormation, Kubernetes and Terraform

RAMAT GAN, ISRAEL – December 14, 2021 – Checkmarx, the global leader in developer-centric application security testing (AST) solutions, announced today that its open-source KICS (Keeping Infrastructure as Code Secure) solution has been integrated into version 14.5 of the GitLab DevOps Platform as an infrastructure-as-code scanning tool.

Developed by Checkmarx and the open-source community, KICS automatically parses infrastructure-as-code files of any type to detect insecure configurations that could expose applications, data and services to attack. The KICS integration built and maintained by GitLab offers all GitLab customers support for IaC scanning with GitLab 14.5.

“Having our open-source KICS solution integrated into the GitLab DevOps platform represents a significant step toward our mission of securing applications everywhere,” said Emmanuel Benzaquen, CEO at Checkmarx. “We’re excited to extend the protection offered by our application security technology into the cloud-native development world through GitLab.”

“The fact that we now see infrastructure-as-code (IaC) integrated as part of any DevOps pipeline shows that application security must now extend far beyond application source code,” added Razi Sharir, CPO at Checkmarx. “The world runs on code, and we secure it, from source code to open source to infrastructure-as-code.”

With version 14.5 of the GitLab DevOps Platform, GitLab users in all tiers can begin scanning their IaC – whether Ansible, AWS CloudFormation, K8S or Terraform — using KICS. In addition, any GitLab Ultimate user can manage IaC vulnerabilities alongside other comprehensive security scan results with GitLab’s vulnerability management capabilities.

“GitLab is pleased to introduce security scanning for IaC, which joins our existing Kubernetes manifest SAST scanner,” says Taylor McCaslin, Principal Product Manager at GitLab. “GitLab values the contributions made by the open-source community, including KICS, and the advancements made possible by it.”

To learn more about the KICS open-source scanning solution, visit this page.

About Checkmarx

Checkmarx is constantly pushing the boundaries of Application Security Testing to make security seamless and simple for the world’s developers while giving CISOs the confidence and control they need. As the AppSec testing leader, we provide the industry’s most comprehensive solutions, giving development and security teams unparalleled accuracy, coverage, visibility, and guidance to reduce risk across all components of modern software—including proprietary code, open source, APIs, and infrastructure as code. Over 1,600 customers, including half of the Fortune 50, trust our security technology, expert research, and global services to securely optimize development at speed and scale. For more information, visit the Checkmarx website, check out the blog, or follow the company on LinkedIn.

Media Contacts

Cynthia Siemens

Head of Global PR, Checkmarx

cynthia.siemens@checkmarx.com    

Dani Kerby, Brands2Life on behalf of Checkmarx 

dani.kerby@brands2life.com 

+44 (0) 20 7592 1200 

Table of Contents

Read More

Want to learn more? Here are some additional pieces for you to read.