Alternatives and similar repositories for kics:

Users that are interested in kics are comparing it to the libraries listed below

• aquasecurity / tfsec
  Tfsec is now part of Trivy
  ☆6,746Updated this week
• snyk / driftctl
  Detect, track and alert on infrastructure drift
  ☆2,495Updated last week
• tenable / terrascan
  Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
  ☆4,802Updated last month
• fugue / regula
  Regula checks infrastructure as code templates (Terraform, CloudFormation, k8s manifests) for AWS, Azure, Google Cloud, and Kubernetes se…
  ☆961Updated 4 months ago
• ShiftLeftSecurity / sast-scan
  Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…
  ☆822Updated last year
• openclarity / openclarity
  OpenClarity is an open source tool built to enhance security and observability of cloud native applications and infrastructure
  ☆1,367Updated this week
• controlplaneio / kubesec
  Security risk analysis for Kubernetes resources
  ☆1,265Updated this week
• aquasecurity / kube-hunter
  Hunt for security weaknesses in Kubernetes clusters
  ☆4,781Updated 9 months ago
• aquasecurity / starboard
  Moved to https://github.com/aquasecurity/trivy-operator
  ☆1,360Updated last month
• vchinnipilli / kubestriker
  A Blazing fast Security Auditing tool for Kubernetes
  ☆992Updated 9 months ago
• anchore / anchore-engine
  A service that analyzes docker images and scans for vulnerabilities
  ☆1,587Updated last year
• controlplaneio / simulator
  Kubernetes Security Training Platform - focusing on security mitigation
  ☆938Updated 4 months ago
• aquasecurity / kube-bench
  Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
  ☆7,186Updated this week
• aquasecurity / trivy-action
  Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities
  ☆861Updated last week
• cycloidio / inframap
  Read your tfstate or HCL to generate a graph specific for each provider, showing only the resources that are most important/relevant.
  ☆1,781Updated 7 months ago
• rung / threat-matrix-cicd
  Threat matrix for CI/CD Pipeline
  ☆743Updated 6 months ago
• open-policy-agent / conftest
  Write tests against structured configuration data using the Open Policy Agent Rego query language
  ☆2,902Updated this week
• aquasecurity / chain-bench
  An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchm…
  ☆735Updated last month
• ksoclabs / awesome-kubernetes-security
  A curated list of awesome Kubernetes security resources
  ☆907Updated last year
• cyberark / KubiScan
  A tool to scan Kubernetes cluster for risky permissions
  ☆1,340Updated last month
• devsecopsmaturitymodel / DevSecOps-MaturityModel
  ☆502Updated this week
• slsa-framework / slsa
  Supply-chain Levels for Software Artifacts
  ☆1,580Updated this week
• project-copacetic / copacetic
  🧵 CLI tool for directly patching container images!
  ☆1,110Updated this week
• jonrau1 / ElectricEye
  ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring su…
  ☆968Updated this week
• cycloidio / terracognita
  Reads from existing public and private cloud providers (reverse Terraform) and generates your infrastructure as code on Terraform configu…
  ☆2,229Updated 8 months ago
• aquasecurity / trivy-operator
  Kubernetes-native security toolkit
  ☆1,340Updated this week