Checkmarx announced the launch of Keeping Infrastructure as Code Secure (KICS), an open source static analysis solution that enables developers to write more secure infrastructure as code (IaC).
KICS extends Checkmarx’s application security testing product line, providing a single platform to secure proprietary code, open source components and critical infrastructure for traditional and cloud native applications.
KICS automatically detects vulnerabilities, hard-coded keys and passwords, compliance issues, and misconfigurations early on in the IaC build cycle, making it easy for developers to fix these flaws before they reach production. As a complete IaC analytics engine, KICS supports major IaC technologies, including AWS CloudFormation, Docker, Kubernetes, Terraform, and Ansible. In addition, KICS offers over 1,200 fully customizable and adjustable queries, which cover over 12 categories ranging from encryption and key management to network port security.
âAs development processes evolve and organizations accelerate their adoption of the cloud, developers are taking more responsibility for security while delivering software faster than ever before. This is a balance that cannot be achieved by relying solely on manual and tedious code reviews, âsaid Maty Siman, CTO and founder of Checkmarx.
âKICS was designed with this in mind, enabling development teams to automatically identify IaC issues when resolution is fastest, cheapest, and easiest. As the latest addition to the Checkmarx product portfolio, developers now have a single destination to secure all the components that make up today’s complex applications. “
KICS is available free of charge. For more information, visit kics.io.