KICS is 100% open source is written in Golang using Open Policy Agent (OPA).

Golang speed, simplicity, and reliability made it the perfect choice for writing KICS, while Rego as a query language, was a native choice to implement security queries.

So far have written 1000+ ready-to-use queries that cover a wide range of vulnerabilities checks for AWS, GCP, Azure and other cloud providers.

High-Level Architecture

KICS has a pluggable architecture with an extensible pipeline of parsing IaC languages, which allows easy integration of new IaC languages and queries.

At a high very level, KICS is composed of the following main components: a command-line interface, parser, queries execution engine, IaC providers, security queries, and results writer.

  • Command Line Interface => Provides CLI input to KICS.
  • Parser => responsible for parsing input IaC files (terraform and others)
  • IaC Providers => Converts IaC language into normalized JSON
  • Queries Execution Engine => applies REGO queries against normalized JSON
  • Security Queries => pre-built REGO queries for each security and misconfiguration
  • Writer => Writes results into JSON format

Execution Flow

The sequence diagram below depicts the interaction of the main KICS components:


Changelog v1.6.9

🚀 New features and improvements

feat(query): add aws sso security queries support in #6096
feat(query): add password and secrets detection for sendgrid api key in #6118

🐛 Bug fixes

fix(e2e): update e2e test 44 description in #6114
fix(query): update query searchline to avoid duplicate similarity id in #6111
fix(dep): fix git version on dockerfile in #6092

📦 Dependency updates bumps

build(deps): bump from 3.10.3 to 3.11.0 in #6094
build(deps): bump from 0.14.0 to 0.17.0 in #6082
build(deps): bump from 0.4.0 to 0.5.0 in #6073
build(deps): bump from 1.11.0 to 1.11.1 in #6074
ci(deps): bump golang from 1.19.4-alpine to 1.19.5-alpine in #6080
ci(deps): bump docker/build-push-action from 3.2.0 to 3.3.0 in #6089

👻 Maintenance

docs(queries): update queries catalog in #6120
Update community meetings in #6117
community dates update in #6119

Install & Use

© 2021 Checkmarx Ltd. All Rights Reserved.