Recently, Checkmarx, a software security solution provider, has launched a new open source static analysis tool KICS, which aims to allow developers to write more secure IaC (infrastructure-as-code). The new KICS (Keeping Infrastructure as Code Secure) solution expands Checkmarx’s AST (application security testing) product line to provide proprietary code, open source components and components for traditional and cloud-native applications. Provide a single platform for the security of critical infrastructure.
IaC is the manager of the infrastructure in the "descriptive model", and the same environment is generated every time it is applied. It emerged to solve the problem of environmental drift in the release pipeline, and has become a key DevOps practice to support continuous delivery.
The KICS tool is designed to automatically detect vulnerabilities, hard-coded keys and passwords, compliance issues, and misconfigurations from the beginning of the IaC build cycle, so that developers can fix these defects before their code reaches production. This version of the KICS tool supports a series of IaC technologies, including Terraform, Kubernetes, Docker, AWS CloudFormation, and Ansible. KICS also provides more than 1,200 customizable and adjustable queries, covering more than ten categories from encryption and key management to network port security.
Checkmarx is a strong advocate of open source, and it hopes that KICS can become an important addition to every developer's cloud-native security toolkit.