TMCnet News
Checkmarx Launches Infrastructure as Code Scanning Solution to Secure Cloud-Native ApplicationsCheckmarx, the global leader in software security solutions for DevOps, today announced the launch of KICS (Keeping Infrastructure as Code Secure), an open source static analysis solution that enables developers to write more secure infrastructure as code (IaC). With KICS, Checkmarx expands its AST product line, providing a single platform for securing proprietary code, open source components, and critical infrastructure for both traditional and cloud-native applications. The adoption of IaC has risen considerably in recent years as organizations transition to the cloud and seek ways to make the provisioning of infrastructure faster and more scalable. However, with all the benefits of IaC comes a multitude of security, compliance, and configuration risks that developers are struggling to address. This is realized when considering that error-related issues (e.g. misconfigurations and misdeliveries) are now the second biggest cause of data breaches. KICS automatically detects vulnerabilities, hard-coded keys and passwords, compliance issues, and misconfigurations from the very start of the IaC build cycle, allowing developers to easily remediate these flaws before reaching production. As the most comprehensive IaC scanning engine available, KICS supports the top IaC technologie including Terraform, Kubernetes, Docker, AWS CloudFormation, and Ansible. Additionally, KICS offers more than 1,200 fully customizable and adjustable queries, which cover more than 12 categories ranging from encryption and key management to network ports security. "As development processes evolve and organizations accelerate their cloud adoption, developers are taking on more security responsibility while also delivering software faster than ever before. This is an impossible balance to strike by solely relying on manual, time-consuming code reviews," said Maty Siman, CTO and Founder, Checkmarx. "KICS was built with this in mind, enabling development teams to automatically identify IaC issues when fixing is quickest, cheapest, and easiest. As the newest addition to the Checkmarx product portfolio, developers now have a single destination for securing all components that make up today's complex applications." Additional key features and benefits of KICS include:
Siman continued, "Checkmarx is a strong advocate of open source projects, and creating KICS in this manner gives the community the opportunity to steer its direction and foster innovation across the industry. We're excited to watch this passionate community embrace and contribute to KICS as it becomes an essential addition to every developer's cloud-native security toolkit." "I'm proud to welcome Checkmarx to the open source ecosystem with the release of KICS, as the company brings its vast AST experience to the community," said Lior Kaplan, open source advisor and evangelist. "KICS is already seeing significant interest from the DevOps and security experts who take part in open source, and this will continue to grow as the project scales and expands to more infrastructure as code platforms." KICS is available for free today. To learn more, visit kics.io.
About Checkmarx
View source version on businesswire.com: https://www.businesswire.com/news/home/20210225005052/en/ |