Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
☆2,574Updated this week
Alternatives and similar repositories for kics
Users that are interested in kics are comparing it to the libraries listed below
Sorting:
- Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.☆5,200Nov 20, 2025Updated 3 months ago
- Tfsec is now part of Trivy☆6,956Nov 10, 2025Updated 3 months ago
- Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more☆32,280Updated this week
- Detect, track and alert on infrastructure drift☆2,619Jan 30, 2026Updated last month
- Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security…☆11,204Feb 18, 2026Updated last week
- Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud envir…☆13,103Updated this week
- A vulnerability scanner for container images and filesystems☆11,602Updated this week
- OpenClarity is an open source platform built to enhance security and observability of cloud native applications and infrastructure☆1,449Updated this week
- Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark☆7,943Feb 20, 2026Updated last week
- Security risk analysis for Kubernetes resources☆1,439Feb 16, 2026Updated last week
- CLI tool and library for generating a Software Bill of Materials from container images and filesystems☆8,416Updated this week
- Cloud Native Runtime Security☆8,690Updated this week
- Open Source Cloud Native Application Protection Platform (CNAPP)☆5,234Jan 8, 2026Updated last month
- Code signing and transparency for containers and binaries☆5,683Updated this week
- Hunt for security weaknesses in Kubernetes clusters☆5,004Mar 19, 2024Updated last year
- Regula checks infrastructure as code templates (Terraform, CloudFormation, k8s manifests) for AWS, Azure, Google Cloud, and Kubernetes se…☆963Sep 3, 2024Updated last year
- Superseded by https://github.com/aquasecurity/trivy-operator☆1,371Feb 3, 2026Updated 3 weeks ago
- Cloud cost estimates for Terraform in pull requests💰📉 Shift FinOps Left!☆12,177Feb 20, 2026Updated last week
- KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adh…☆3,400Feb 18, 2026Updated last week
- Vulnerability Static Analysis for Containers☆10,932Updated this week
- Cloud Security Posture Management (CSPM)☆3,704Feb 20, 2026Updated last week
- Write tests against structured configuration data using the Open Policy Agent Rego query language☆3,129Updated this week
- Read your tfstate or HCL to generate a graph specific for each provider, showing only the resources that are most important/relevant.☆1,987Aug 13, 2025Updated 6 months ago
- OpenSSF Scorecard - Security health metrics for Open Source☆5,272Feb 16, 2026Updated last week
- ☆284Dec 1, 2022Updated 3 years ago
- 🐊 Policy Controller for Kubernetes☆4,150Updated this week
- Cloud Native Policy Management☆7,427Updated this week
- Cost monitoring for Kubernetes workloads and cloud costs☆6,388Updated this week
- Open-Source Unified Vulnerability Management, DevSecOps & ASPM☆4,532Updated this week
- A Pluggable Terraform Linter☆5,630Updated this week
- a lightweight, security focused, BDD test framework against terraform.☆1,439Dec 8, 2025Updated 2 months ago
- Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on p…☆5,416Nov 18, 2025Updated 3 months ago
- A Blazing fast Security Auditing tool for Kubernetes☆1,006Apr 6, 2024Updated last year
- A cli tool to help discover deprecated apiVersions in Kubernetes☆2,442Feb 2, 2026Updated 3 weeks ago
- Multi-Cloud Security Auditing Tool☆7,551Sep 23, 2025Updated 5 months ago
- Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resour…☆5,936Feb 20, 2026Updated last week
- Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.☆14,193Feb 20, 2026Updated last week
- Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start☆3,220Jan 6, 2025Updated last year
- Find secrets with Gitleaks 🔑☆25,103Feb 21, 2026Updated last week