KICS is 100% open source is written in Golang using Open Policy Agent (OPA).

Golang speed, simplicity, and reliability made it the perfect choice for writing KICS, while Rego as a query language, was a native choice to implement security queries.

So far have written 1000+ ready-to-use queries that cover a wide range of vulnerabilities checks for AWS, GCP, Azure and other cloud providers.

High-Level Architecture

KICS has a pluggable architecture with an extensible pipeline of parsing IaC languages, which allows easy integration of new IaC languages and queries.

At a high very level, KICS is composed of the following main components: a command-line interface, parser, queries execution engine, IaC providers, security queries, and results writer.

  • Command Line Interface => Provides CLI input to KICS.
  • Parser => responsible for parsing input IaC files (terraform and others)
  • IaC Providers => Converts IaC language into normalized JSON
  • Queries Execution Engine => applies REGO queries against normalized JSON
  • Security Queries => pre-built REGO queries for each security and misconfiguration
  • Writer => Writes results into JSON format

Execution Flow

The sequence diagram below depicts the interaction of the main KICS components:

 

Changelog v1.4.8

🚀 Added

added 30 new queries (Terraform, Ansible and Cloudformation)
feat(report): added sonarqube report (#4418) (#4539)
feat(report): added expected value to PDF report (#4552)
feat(docs & passwords and secrets): consideration of kics-scan ignore command and LinesIgnore (#4485) (#4419) (#4503)
feat(ci): add pre-commit hook (#4520)

✨ Changed

refactor(core): changed tests to use a constants platforms (#4534)

🔧 Fixed

increased results accuracy
fix(scan): not reporting error when progress bar fails to close (#4551)
fix(parser): fixed YAML parser panic with wrong type for interface (#4536)
fix(password and secrets): fixed MS Teams regex hardcoded team_name (#4537)

💪 For The Bolder

build(deps): bump github.com/open-policy-agent/opa from 0.33.0 to 0.34.2 (#4469) (#4506)
build(deps): bump github.com/moby/buildkit from 0.9.2 to 0.9.3 (#4538)

Install & Use

© 2021 Checkmarx Ltd. All Rights Reserved.