Checkmarx’s open-source KICS (Keeping Infrastructure as Code Secure) solution has been integrated into version 14.5 of the GitLab DevOps Platform as an infrastructure-as-code scanning tool.
KICS automatically parses infrastructure-as-code files of any type to detect insecure configurations which could expose applications, data, and services to cyberattack.
Everyone using Ansible, AWS CloudFormation, K8S, or Terraform can now scan their IaC and manage IaC vulnerabilities alongside other comprehensive security scan results with GitLab’s vulnerability management capabilities. Razi Sharir, CPO at Checkmarx, commented:
“The fact that we now see infrastructure-as-code (IaC) integrated as part of any DevOps pipeline shows that application security must now extend far beyond application source code. The world runs on code, and we secure it, from source code to open source to infrastructure-as-code.”
Additional details on KICS are available here.