Checkmarx / kics
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
☆2,266Updated this week
Alternatives and similar repositories for kics:
Users that are interested in kics are comparing it to the libraries listed below
- Tfsec is now part of Trivy☆6,805Updated 2 months ago
- Detect, track and alert on infrastructure drift☆2,529Updated last week
- Regula checks infrastructure as code templates (Terraform, CloudFormation, k8s manifests) for AWS, Azure, Google Cloud, and Kubernetes se…☆966Updated 7 months ago
- OpenClarity is an open source tool built to enhance security and observability of cloud native applications and infrastructure☆1,393Updated this week
- Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities☆931Updated last week
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆837Updated last year
- Superseded by https://github.com/aquasecurity/trivy-operator☆1,366Updated this week
- Security risk analysis for Kubernetes resources☆1,305Updated this week
- Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.☆4,895Updated 4 months ago
- A service that analyzes docker images and scans for vulnerabilities☆1,587Updated 2 years ago
- 🧵 CLI tool for directly patching container images!☆1,245Updated last week
- A tool to scan Kubernetes cluster for risky permissions☆1,372Updated 4 months ago
- A Blazing fast Security Auditing tool for Kubernetes☆996Updated last year
- Code signing and transparency for containers and binaries☆4,858Updated this week
- Write tests against structured configuration data using the Open Policy Agent Rego query language☆2,951Updated this week
- Hunt for security weaknesses in Kubernetes clusters☆4,845Updated last year
- Reads from existing public and private cloud providers (reverse Terraform) and generates your infrastructure as code on Terraform configu…☆2,268Updated 11 months ago
- Kubernetes-native security toolkit☆1,472Updated this week
- a lightweight, security focused, BDD test framework against terraform.☆1,383Updated last month
- Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…☆2,982Updated this week
- OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for …☆1,087Updated last week
- ☆522Updated last month
- Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start☆2,876Updated 3 months ago
- Read your tfstate or HCL to generate a graph specific for each provider, showing only the resources that are most important/relevant.☆1,833Updated 2 months ago
- The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.☆915Updated 2 months ago
- CLI tool and library for generating a Software Bill of Materials from container images and filesystems☆6,835Updated this week
- Kubernetes Security Training Platform - focusing on security mitigation☆947Updated 7 months ago
- 🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!☆2,169Updated last week
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆561Updated 2 weeks ago
- An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchm…☆745Updated 4 months ago