🗂️ Navigation
📁 Infrastructure as Code
📋 IaC SAST
🔧 Checkmarx KICS

Checkmarx KICS

Keeping Infrastructure as Code Secure.

Visit Website →

Overview

KICS (Keeping Infrastructure as Code Secure) is an open-source project by Checkmarx. It is a static analysis tool that scans IaC files from a variety of platforms like Terraform, Kubernetes, Docker, CloudFormation, and Ansible. With over 2000 built-in queries, KICS identifies security vulnerabilities, compliance issues, and misconfigurations early in the development cycle.

✨ Key Features

  • Open source
  • Broad IaC platform support
  • Over 2000 configurable queries
  • Integration with CI/CD pipelines
  • Extensible and customizable
  • Multiple output formats (JSON, SARIF, etc.)

🎯 Key Differentiators

  • Very broad support for different IaC technologies
  • Large and extensible library of queries
  • Backed by a major application security vendor (Checkmarx)

Unique Value: Provides a free, powerful, and highly extensible tool for finding security issues in a wide range of IaC platforms.

🎯 Use Cases (4)

Static analysis of IaC files for security Enforcing compliance in CI/CD Finding misconfigurations in container definitions Custom security policy enforcement

✅ Best For

  • Automated security scanning in Git workflows

💡 Check With Vendor

Verify these considerations match your specific requirements:

  • Organizations needing a fully managed platform with support and dashboards (better suited for Checkmarx One)

🏆 Alternatives

Checkov Terrascan tfsec

Offers broader platform support out-of-the-box compared to more specialized tools like tfsec.

💻 Platforms

CLI API

✅ Offline Mode Available

🔌 Integrations

Terraform Kubernetes Docker AWS CloudFormation Azure Resource Manager Ansible Helm GitHub Actions Jenkins

🛟 Support Options

  • ✓ Email Support
  • ✓ Dedicated Support (Checkmarx One tier)

🔒 Compliance & Security

✓ SOC 2 ✓ GDPR ✓ ISO 27001 ✓ SSO ✓ SOC 2 Type II (for Checkmarx One)

💰 Pricing

Contact for pricing
Free Tier Available

Free tier: Fully open source and free.

Visit Checkmarx KICS Website →

🔄 Similar Tools in IaC SAST

Snyk IaC

Finds and fixes security issues in Terraform, CloudFormation, Kubernetes, and ARM templates....

$25.00/mo

Prisma Cloud (Checkov)

Secures applications from code to cloud, including IaC scanning with the open-source engine Checkov....

Contact

Tenable Cloud Security (Terrascan)

A CNAPP solution that includes IaC scanning, CSPM, and workload protection, utilizing the open-sourc...

Contact

Aqua Security (tfsec, Trivy)

A full-lifecycle CNAPP that secures applications from development to production, featuring IaC scann...

Contact

Orca Security

A comprehensive, agentless CNAPP that provides full-stack visibility into cloud environments, includ...

Contact

Wiz

An agentless CNAPP that provides full-stack visibility of cloud risks, connecting IaC issues to runt...

Contact