Checkmarx KICS Integrated Into GitLab 14.5 as Default IaC Code Scanner
December 14, 2021

Checkmarx announced today that its open source KICS (Keeping Infrastructure as Code Secure) solution has been integrated into version 14.5 of the GitLab DevOps Platform as an infrastructure-as-code scanning tool.

Developed by Checkmarx and the open source community, KICS automatically parses infrastructure-as-code files of any type to detect insecure configurations that could expose applications, data and services to attack. The KICS integration built and maintained by GitLab offers all GitLab customers support for IaC scanning with GitLab 14.5.

“Having our open source KICS solution integrated into the GitLab DevOps platform represents a significant step toward our mission of securing applications everywhere,” said Emmanuel Benzaquen, CEO at Checkmarx. “We’re excited to extend the protection offered by our application security technology into the cloud-native development world through GitLab.”

“The fact that we now see infrastructure-as-code (IaC) integrated as part of any DevOps pipeline shows that application security must now extend far beyond application source code,” added Razi Sharir, CPO at Checkmarx. “The world runs on code, and we secure it, from source code to open source to infrastructure-as-code.”

With version 14.5 of the GitLab DevOps Platform, GitLab users in all tiers can begin scanning their IaC – whether Ansible, AWS CloudFormation, K8S or Terraform – using KICS. In addition, any GitLab Ultimate user can manage IaC vulnerabilities alongside other comprehensive security scan results with GitLab’s vulnerability management capabilities.

“GitLab is pleased to introduce security scanning for IaC, which joins our existing Kubernetes manifest SAST scanner,” says Taylor McCaslin, Principal Product Manager at GitLab. “GitLab values the contributions made by the open source community, including KICS, and the advancements made possible by it.”

Share this

Industry News

November 07, 2024

Broadcom announced the general availability of VMware Tanzu Platform 10 that establishes a new layer of abstraction across Cloud Foundry infrastructure foundations to make it easier, faster, and less expensive to bring new applications, including GenAI applications, to production.

November 07, 2024

Tricentis announced the expansion of its test management and analytics platform, Tricentis qTest, with the launch of Tricentis qTest Copilot.

November 07, 2024

Redgate is introducing two new machine learning (ML) and artificial intelligence (AI) powered capabilities in its test data management and database monitoring solutions.

November 07, 2024

Upbound announced significant advancements to its platform, targeting enterprises building self-service cloud environments for their developers and machine learning engineers.

November 07, 2024

Edera announced the availability of Am I Isolated, an open source container security benchmark that probes users runtime environments and tests for container isolation.

November 06, 2024

Progress announced 10 years of partnership with emt Distribution — a leading cybersecurity distributor in the Middle East and Africa.

November 06, 2024

Port announced $35 million in Series B funding, bringing its total funding to $58M to date.

November 05, 2024

Parasoft has made another step in strategically integrating AI and ML quality enhancements where development teams need them most, such as using natural language for troubleshooting or checking code in real time.

November 05, 2024

MuleSoft announced the general availability of full lifecycle AsyncAPI support, enabling organizations to power AI agents with real-time data through seamless integration with event-driven architectures (EDAs).

November 05, 2024

Numecent announced they have expanded their Microsoft collaboration with the launch of Cloudpager's new integration to App attach in Azure Virtual Desktop.

November 04, 2024

Progress announced the completion of the acquisition of ShareFile, a business unit of Cloud Software Group, providing a SaaS-native, AI-powered, document-centric collaboration platform, focusing on industry segments including business and professional services, financial services, industrial and healthcare.

November 04, 2024

Incredibuild announced the acquisition of Garden, a provider of DevOps pipeline acceleration solutions.

October 31, 2024

The Open Source Security Foundation (OpenSSF) announced an expansion of its free course “Developing Secure Software” (LFD121).

October 31, 2024

Redgate announced that its core solutions are listed in Amazon Web Services (AWS) Marketplace.

October 30, 2024

LambdaTest introduced a suite of new features to its AI-powered Test Manager, designed to simplify and enhance the test management experience for software development and QA teams.