KICS
complexity solved
Free, Fast, Scalable Open Source IaC Scanning
KICS automatically parses common IaC files of any type to detect insecure configurations that could expose your applications, data, or services to attack.
That means you can let anyone on your team write IaC files, and then vet the files to ensure they are secure before rolling them out. Instead of setting security guidelines in your IT governance policies and hoping engineers and developers follow them when creating IaC files, you can automatically enforce IaC security with KICS.
Plus, because KICS is an open source tool that supports all mainstream IaC platforms—Terraform, CloudFormation, Ansible, Helm, and more—and integrates with a variety of software development tools, it makes it possible to add IaC security scanning to your existing workflows without friction. Now, your developers don’t have to slow down to ensure IaC security.
ACCURACY AT DEVOPS SPEED
Enforce API Design Best Practices
KICS is not just a tool for securing individual IaC files. It goes further, assessing your overall API design for misconfigurations, allowing you to identify risks in path definitions, authentication schema, and transport encryption.
That means you can set API security standards for your organization and enforce them through IaC scanning. KICS runs scans automatically at application build time, so you can systematically review your APIs without slowing down your software delivery pipeline.
You can take full advantage of APIs and ensure they can evolve over time to meet changing needs without exposing your applications to API security flaws.
MAKE IT YOUR OWN
A Highly Extensible Solution
As an open source, platform-agnostic IaC scanning tool, KICS can grow seamlessly along with your development and deployment operations.
Developers can extend KICS with new checks using a simple, industry-standard query language. In addition, they can quickly onboard new items to automated scanning workflows while also extending IaC scanning capabilities into new parts of their application stack or new types of IaC resources by taking advantage of KICS’ modular design.
KICS offers a flexible, extensible solution for integrating IaC security scanning into your existing software delivery cycle. With KICS, you can keep moving fast and scaling up without worrying that IaC files are spreading security vulnerabilities across your environment.
KICS finds security vulnerabilities, compliance issues, and infrastructure misconfigurations in the following IaC solutions: Terraform, Kubernetes, Docker, AWS CloudFormation, Ansible, and Helm. We’ve recently expanded KICS’ functionality to include Open API 3.0 specifications through The OpenAPI Initiative (formerly Swagger), with over 1,500 editable queries available.
KICS is:
Complete
KICS finds security vulnerabilities, compliance issues, and infrastructure misconfigurations in popular IaC solutions and OpenAPI 3.0 specifications.
Open Source
KICS is open source and always will be. Both the scanning engine and the security queries are clear and open to the software development community.
Extensible
1,500+ fully customizable and adjustable heuristic rules, or queries, can be easily edited, extended, and added to. What’s more, our robust but simple architecture allows for support of new IaC solutions.
Contribute
KICS is an open source community project, and anyone can contribute. Start making a difference in minutes by sharing your expertise with our community of thousands of security experts and software developers.
Documentation
Explore our product documentation for installation and integration instructions to get you up and running quickly. You can also take the next step and explore our contribution options and roadmap.