Checkmarx’s open-source KICS (Keeping Infrastructure as Code Secure) solution has been integrated into version 14.5 of the GitLab DevOps Platform as an infrastructure-as-code scanning tool.
KICS automatically parses infrastructure-as-code files of any type to detect insecure configurations that could expose applications, data and services to attack.
Users of Ansible, AWS CloudFormation, K8S or Terraform can now scan their IaC and manage IaC vulnerabilities alongside other comprehensive security scan results with GitLab’s vulnerability management capabilities.
“The fact that we now see infrastructure-as-code (IaC) integrated as part of any DevOps pipeline shows that application security must now extend far beyond application source code,” added Razi Sharir, CPO at Checkmarx. “The world runs on code, and we secure it, from source code to open source to infrastructure-as-code.”
Additional details on KICS are available here.