Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
☆2,587Mar 16, 2026Updated this week
Alternatives and similar repositories for kics
Users that are interested in kics are comparing it to the libraries listed below
Sorting:
- Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.☆5,201Nov 20, 2025Updated 4 months ago
- Tfsec is now part of Trivy☆6,965Nov 10, 2025Updated 4 months ago
- Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more☆33,205Updated this week
- Detect, track and alert on infrastructure drift☆2,623Jan 30, 2026Updated last month
- Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security…☆11,240Mar 3, 2026Updated 2 weeks ago
- A vulnerability scanner for container images and filesystems☆11,733Mar 13, 2026Updated last week
- Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud envir…☆13,344Updated this week
- Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark☆7,976Mar 13, 2026Updated last week
- OpenClarity is an open source platform built to enhance security and observability of cloud native applications and infrastructure☆1,453Updated this week
- Security risk analysis for Kubernetes resources☆1,445Feb 16, 2026Updated last month
- CLI tool and library for generating a Software Bill of Materials from container images and filesystems☆8,510Updated this week
- Cloud Native Runtime Security☆8,743Updated this week
- Code signing and transparency for containers and binaries☆5,734Updated this week
- ☆284Dec 1, 2022Updated 3 years ago
- Hunt for security weaknesses in Kubernetes clusters☆5,020Mar 19, 2024Updated 2 years ago
- Cloud cost estimates for Terraform in pull requests💰📉 Shift FinOps Left!☆12,206Mar 12, 2026Updated last week
- Regula checks infrastructure as code templates (Terraform, CloudFormation, k8s manifests) for AWS, Azure, Google Cloud, and Kubernetes se…☆964Sep 3, 2024Updated last year
- Superseded by https://github.com/aquasecurity/trivy-operator☆1,372Feb 3, 2026Updated last month
- Write tests against structured configuration data using the Open Policy Agent Rego query language☆3,142Updated this week
- KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adh…☆3,413Mar 11, 2026Updated last week
- Read your tfstate or HCL to generate a graph specific for each provider, showing only the resources that are most important/relevant.☆2,001Aug 13, 2025Updated 7 months ago
- Vulnerability Static Analysis for Containers☆10,945Updated this week
- Cloud Security Posture Management (CSPM)☆3,717Feb 23, 2026Updated 3 weeks ago
- Cost monitoring for Kubernetes workloads and cloud costs☆6,419Mar 13, 2026Updated last week
- Open Source Cloud Native Application Protection Platform (CNAPP)☆5,236Mar 8, 2026Updated last week
- A Pluggable Terraform Linter☆5,650Updated this week
- OpenSSF Scorecard - Security health metrics for Open Source☆5,315Updated this week
- Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.☆14,504Updated this week
- A cli tool to help discover deprecated apiVersions in Kubernetes☆2,473Mar 10, 2026Updated last week
- Open-Source Unified Vulnerability Management, DevSecOps & ASPM☆4,573Updated this week
- Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start☆3,227Jan 6, 2025Updated last year
- 🐊 Policy Controller for Kubernetes☆4,168Updated this week
- Find secrets with Gitleaks 🔑☆25,446Mar 12, 2026Updated last week
- Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on p…☆5,437Nov 18, 2025Updated 4 months ago
- A Blazing fast Security Auditing tool for Kubernetes☆1,005Apr 6, 2024Updated last year
- Unified Policy as Code☆7,498Updated this week
- Validation of best practices in your Kubernetes clusters☆3,354Mar 9, 2026Updated last week
- A tool to scan Kubernetes cluster for risky permissions☆1,418May 25, 2025Updated 9 months ago
- Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized repo…☆2,195Mar 4, 2026Updated 2 weeks ago