Alternatives and similar repositories for kics:

Users that are interested in kics are comparing it to the libraries listed below

• aquasecurity / tfsec
  Tfsec is now part of Trivy
  ☆6,814Updated last week
• fugue / regula
  Regula checks infrastructure as code templates (Terraform, CloudFormation, k8s manifests) for AWS, Azure, Google Cloud, and Kubernetes se…
  ☆966Updated 8 months ago
• snyk / driftctl
  Detect, track and alert on infrastructure drift
  ☆2,533Updated last month
• ShiftLeftSecurity / sast-scan
  Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…
  ☆839Updated last year
• openclarity / openclarity
  OpenClarity is an open source tool built to enhance security and observability of cloud native applications and infrastructure
  ☆1,399Updated this week
• aquasecurity / starboard
  Superseded by https://github.com/aquasecurity/trivy-operator
  ☆1,367Updated 2 weeks ago
• aquasecurity / chain-bench
  An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchm…
  ☆747Updated 4 months ago
• slsa-framework / slsa
  Supply-chain Levels for Software Artifacts
  ☆1,663Updated this week
• krol3 / container-security-checklist
  Checklist for container security - devsecops practices
  ☆1,560Updated last year
• cyberark / KubiScan
  A tool to scan Kubernetes cluster for risky permissions
  ☆1,379Updated 5 months ago
• aquasecurity / kube-hunter
  Hunt for security weaknesses in Kubernetes clusters
  ☆4,853Updated last year
• controlplaneio / kubesec
  Security risk analysis for Kubernetes resources
  ☆1,317Updated 3 weeks ago
• tenable / terrascan
  Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
  ☆4,923Updated this week
• anchore / anchore-engine
  A service that analyzes docker images and scans for vulnerabilities
  ☆1,586Updated 2 years ago
• devsecopsmaturitymodel / DevSecOps-MaturityModel
  ☆524Updated this week
• goodwithtech / dockle
  Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
  ☆2,890Updated 4 months ago
• vchinnipilli / kubestriker
  A Blazing fast Security Auditing tool for Kubernetes
  ☆996Updated last year
• OWASP / DevSecOpsGuideline
  The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.
  ☆925Updated 2 months ago
• secureCodeBox / secureCodeBox
  secureCodeBox (SCB) - continuous secure delivery out of the box
  ☆886Updated this week
• open-policy-agent / conftest
  Write tests against structured configuration data using the Open Policy Agent Rego query language
  ☆2,966Updated this week
• JamesWoolfenden / pike
  Pike is a tool for determining the permissions or policy required for IAC code
  ☆709Updated this week
• Threagile / threagile
  Agile Threat Modeling Toolkit
  ☆664Updated 2 weeks ago
• aquasecurity / trivy-action
  Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities
  ☆945Updated last month
• cycloidio / inframap
  Read your tfstate or HCL to generate a graph specific for each provider, showing only the resources that are most important/relevant.
  ☆1,838Updated 3 months ago
• aquasecurity / trivy-operator
  Kubernetes-native security toolkit
  ☆1,496Updated this week
• project-copacetic / copacetic
  🧵 CLI tool for directly patching container images!
  ☆1,293Updated this week
• DataDog / stratus-red-team
  Granular, Actionable Adversary Emulation for the Cloud
  ☆1,997Updated last week
• terraform-compliance / cli
  a lightweight, security focused, BDD test framework against terraform.
  ☆1,385Updated 2 months ago
• magnologan / awesome-k8s-security
  A curated list for Awesome Kubernetes Security resources
  ☆1,948Updated last year
• guacsec / guac
  GUAC aggregates software security metadata into a high fidelity graph database.
  ☆1,355Updated this week