KICS is 100% open source is written in Golang using Open Policy Agent (OPA).

Golang speed, simplicity, and reliability made it the perfect choice for writing KICS, while Rego as a query language, was a native choice to implement security queries.

So far have written 1000+ ready-to-use queries that cover a wide range of vulnerabilities checks for AWS, GCP, Azure and other cloud providers.

High-Level Architecture

KICS has a pluggable architecture with an extensible pipeline of parsing IaC languages, which allows easy integration of new IaC languages and queries.

At a high very level, KICS is composed of the following main components: a command-line interface, parser, queries execution engine, IaC providers, security queries, and results writer.

  • Command Line Interface => Provides CLI input to KICS.
  • Parser => responsible for parsing input IaC files (terraform and others)
  • IaC Providers => Converts IaC language into normalized JSON
  • Queries Execution Engine => applies REGO queries against normalized JSON
  • Security Queries => pre-built REGO queries for each security and misconfiguration
  • Writer => Writes results into JSON format

Execution Flow

The sequence diagram below depicts the interaction of the main KICS components:


Changelog v1.7.8

🚀 New features and improvements

feat(engine): added github workflows scan in #6664
feat(query): unpinned actions full length commit sha in #6698
feat(query): ansible hosts ansible tower exposed to internet in #6691
feat(query): ansible config allow unsafe lookups in #6626
feat(query): ansible playbooks communication over http in #6687
feat(panic): add panic handler to terraform parser by @liorj-orca in #6726

🐛 Bug fixes

fix(workflows): fixed action’s pin in #6689
fix(query): ca certificate identifier is outdated tf aws in #6683
fix(engine): added condition to check if gitignore is not empty to fix unit tests in #6706
fix(query): dockercompose Host Namespace is Shared in #6719
fix(test): e2e name in #6685

📦 Dependency updates bumps

ci(deps): bump golang from 1.20.7-alpine to 1.21.0-alpine in #6623

👻 Maintenance

update(docs): adding github icon into readme and docs website in #6722
update(comments): comments related to files extensions updated in #6696
docs(queries): update queries catalog in #6699

Install & Use

© 2021 Checkmarx Ltd. All Rights Reserved.