Blog

Checkmarx KICS: Redefining Infrastructure as Code (IAC) Security with 3 million downloads milestone

4 min.

January 11, 2024

In the rapidly evolving landscape of software development, where innovation goes hand in hand with cloud adoption, the ongoing issue of security continues to be a top priority for businesses. Gartner’s projections indicate that by 2025, around 70% of workloads within enterprises will migrate to cloud environments. Nonetheless, a worrisome forecast emerges alongside this growth – it’s anticipated that over 99% of security breaches in the cloud will arise from avoidable misconfigurations or errors made by end-users within the same timeframe. This highlights a critical need for robust security measures and continuous risk mitigation strategies across cloud infrastructures.

Checkmarx KICS (Keeping Infrastructure as Code Secure) emerges as a beacon of reliability and robustness. Developed collaboratively by Checkmarx and the open-source community, KICS stands tall as a revolutionary open-source tool designed to streamline Infrastructure as Code (IaC) security. Its journey from inception to reaching the significant milestone of 3 million downloads which is a realization of 200% YoY adoption showcases its relevance, impact, and the community’s trust. 

Empowering Secure Development: The KICS Promise

Detecting misconfigurations before deployment proves pivotal, not just in bolstering security postures but also in cost savings. Identifying and rectifying misconfigurations during the development phase significantly reduces the potential impact and costs associated with security breaches in production environments. By implementing robust scanning tools like Checkmarx KICS earlier in the development lifecycle, organizations can preemptively address vulnerabilities, mitigate risks, and avoid costly security incidents that could arise post-deployment.

The appeal of KICS lies in its simplicity. Installation is effortless, integration into Continuous Integration (CI) pipelines is seamless, and comprehending results is straightforward. This accessibility and its comprehensive functionality have garnered KICS a considerable following within the developer community.

Furthermore, its impact on diverse organizations emphasizes its ease of use and the pivotal role it plays in securing IaC, regardless of an organization’s scale or industry. Looking ahead, the vision for KICS encompasses both open-source evolution and Checkmarx Enterprise IaC Security as part of Checkmarx One ensuring accessibility and functionality for a broader user base.

Expansive Coverage and Forward Momentum

KICS doesn’t merely scratch the surface of IaC security—it delves deep into various IaC solutions, identifying vulnerabilities, compliance issues, and misconfigurations across tools like Terraform, Kubernetes, Docker, AWS CloudFormation, Ansible, and Helm. Furthermore, its recent expansion into Open API 3.0 specifications via The OpenAPI Initiative has magnified its capabilities with over 2,500 editable queries, enhancing its usability and versatility.

Moreover, Checkmarx’s commitment to continual improvement is evident in the KICS roadmap. Upcoming features, support Bicep Language for deploying Azure resources, extend the Pulumi support to handle json extensions, support terraform Plans in full, promise an even more robust tool tailored to evolving needs.

Celebrating 3 million downloads: A milestone unmatched

Perhaps the most telling testament to KICS’ relevance and impact is the recent achievement of surpassing 3 million downloads. This milestone signifies not just a number but a resounding vote of confidence from developers, security professionals, and enterprises globally.

The community’s adoption of KICS as a preferred solution for IaC security echoes its effectiveness, ease of use, and steadfast commitment to evolving alongside the ever-changing technological landscape. KICS’s journey began over two years ago, evolving from a beta version with 48 queries to a robust solution encompassing various IaC solutions like Terraform, Kubernetes, Docker, AWS CloudFormation, Ansible, and Helm.

“OPA / Rego is a good way of creating validation rules for IaC. However, the learning curve is enormous.  KICS is probably one of the best ways of overcoming these difficulties, thanks to the huge quantity of rules already in the project and Checkmarx’s highly responsive core team. KICS proves how the open source is powerful.”

Jean-Yves CAMIER
, Engineering Manager – Bedrock Streaming

Moving Forward: Empowering Secure Development

As we celebrate this monumental achievement, the journey of Checkmarx KICS doesn’t halt at this milestone. It’s a testament to our dedication to empowering developers and enterprises with a tool that simplifies and fortifies IaC security, ensuring robustness without impeding progress.

More exciting news for infrastructure security! Checkmarx KICS now extends its support to OpenTofu, an open-source infrastructure-as-code tool offering human-readable configuration files for cloud and on-prem resources. With this latest update, KICS seamlessly scans OpenTofu’s .tf files, ensuring comprehensive vulnerability and misconfiguration checks. Leveraging all available terraform queries, KICS addresses these findings in the scan results, reinforcing its commitment to a community-driven and inclusive security approach.”

Future enhancements include support for Bicep Language for deploying Azure resources, extending the Pulumi support to handle json extensions and Supporting terraform Plans in full. These advancements promise a more robust and versatile tool tailored to evolving security needs.

Join us in pursuing secure, innovative, and progressive software development with Checkmarx KICS—a tool that evolves with you.

Join the KICS Revolution: Secure Your Cloud Infrastructure

KICS stands as a testament to Checkmarx’s dedication to empowering developers, enterprises, and the broader community with a tool that fortifies IaC security while ensuring simplicity and adaptability. The milestone of 3 million downloads represents more than a mere number; it mirrors the trust and confidence of users worldwide in KICS’ capabilities. Aided by contributors like Bedrock Streaming, Dynatrace, and Orca Security, its journey fosters continuous improvement and community involvement. Companies like GitLab, Cisco, JIT, and Firefly embrace KICS, underscoring its role in strengthening IaC security.

The journey of KICS continues, with a commitment to continual enhancement, community collaboration, and a shared vision of a more secure cloud environment. As KICS evolves, its impact on secure development practices remains pivotal, transforming the IaC security paradigm in tangible ways.

Read More

Want to learn more? Here are some additional pieces for you to read.