KICS

KICS (Keeping Infrastructure as Code Secure) is an open-source static analysis tool by Checkmarx that scans Infrastructure-as-Code files for security vulnerabilities, compliance violations, and misconfigurations. It supports Terraform, CloudFormation, Kubernetes manifests, Dockerfiles, Ansible playbooks, Helm charts, OpenAPI specs, and more. KICS includes 2000+ detection queries covering CIS benchmarks, NIST, PCI-DSS, and HIPAA compliance frameworks. It runs in CI/CD pipelines, produces SARIF output for IDE integration, and provides remediation guidance for each finding. Zero dependencies beyond the single binary.