DEVOPSdigest

Checkmarx announced today that its open source KICS (Keeping Infrastructure as Code Secure) solution has been integrated into version 14.5 of the GitLab DevOps Platform as an infrastructure-as-code scanning tool.

Developed by Checkmarx and the open source community, KICS automatically parses infrastructure-as-code files of any type to detect insecure configurations that could expose applications, data and services to attack. The KICS integration built and maintained by GitLab offers all GitLab customers support for IaC scanning with GitLab 14.5.

“Having our open source KICS solution integrated into the GitLab DevOps platform represents a significant step toward our mission of securing applications everywhere,” said Emmanuel Benzaquen, CEO at Checkmarx. “We’re excited to extend the protection offered by our application security technology into the cloud-native development world through GitLab.”

“The fact that we now see infrastructure-as-code (IaC) integrated as part of any DevOps pipeline shows that application security must now extend far beyond application source code,” added Razi Sharir, CPO at Checkmarx. “The world runs on code, and we secure it, from source code to open source to infrastructure-as-code.”

With version 14.5 of the GitLab DevOps Platform, GitLab users in all tiers can begin scanning their IaC – whether Ansible, AWS CloudFormation, K8S or Terraform – using KICS. In addition, any GitLab Ultimate user can manage IaC vulnerabilities alongside other comprehensive security scan results with GitLab’s vulnerability management capabilities.

“GitLab is pleased to introduce security scanning for IaC, which joins our existing Kubernetes manifest SAST scanner,” says Taylor McCaslin, Principal Product Manager at GitLab. “GitLab values the contributions made by the open source community, including KICS, and the advancements made possible by it.”