KICS

Infrastructure as Code

An open‑source scanner that finds security vulnerabilities, compliance issues, and misconfigurations in infrastructure‑as‑code files

Track releases GitHub Website

Open Policy Agent Latest v2.1.20 · 3mo ago Security brief →

Features

Detects security vulnerabilities in IaC definitions
Identifies compliance violations across multiple platforms
Reports configuration drifts early in the development cycle

Recent releases

View all 2 releases →

v2.1.20 New feature 3mo

Notable features

Azure Container Registry permissions query
Storage Account CMK encryption query
AKS audit logs query

View release on GitHub

v2.1.19 New feature 4mo

Security fixes

containerd v1.7.30
helm v3.19.4
buildkit v0.26.3

Notable features

Azure private virtual network query
Improved CloudFormation query coverage

View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Releases

View all →

Releases per month

Cadence 0.0 / wk

Last release 92d

Tracked 2

Security

Full profile →

Security score 5.6/10

OpenSSF —

Open CVEs 0

SBOM Active maintainer

Community

GitHub stars 2,644

Forks 368

Open issues 314

Open PRs 200

Stars/wk velocity 0.0

About

Stars

2,644

Forks

368

Languages

Open Policy Agent HCL Go

View on GitHub Homepage Documentation

Similar tools

Checkov

OSSEC

kastelldev/kastell

girste/mcp-cybersec-watchdog

gebalamariusz/cloud-audit