Checkmarx, the global leader in developer-centric application security testing (AST) solutions, announced today that its open source KICS (Keeping Infrastructure as Code Secure) solution has been integrated into version 14.5 of the GitLab DevOps Platform as an infrastructure-as-code scanning tool.

Developed by Checkmarx and the open source community, KICS automatically parses infrastructure-as-code files of any type to detect insecure configurations that could expose applications, data and services to attack. The KICS integration built and maintained by GitLab offers all GitLab customers support for IaC scanning with GitLab 14.5.

“Having our open source KICS solution integrated into the GitLab DevOps platform represents a significant step toward our mission of securing applications everywhere,” said Emmanuel Benzaquen, CEO at Checkmarx. “We’re excited to extend the protection offered by our application security technology into the cloud-native development world through GitLab.”

“The fact that we now see infrastructure-as-code (IaC) integrated as part of any DevOps pipeline shows that application security must now extend far beyond application source code,” added Razi Sharir, CPO at Checkmarx. “The world runs on code, and we secure it, from source code to open source to infrastructure-as-code.”

With version 14.5 of the GitLab DevOps Platform, GitLab users in all tiers can begin scanning their IaC – whether Ansible, AWS CloudFormation, K8S or Terraform – using KICS. In addition, any GitLab Ultimate user can manage IaC vulnerabilities alongside other comprehensive security scan results with GitLab’s vulnerability management capabilities.

“GitLab is pleased to introduce security scanning for IaC, which joins our existing Kubernetes manifest SAST scanner,” says Taylor McCaslin, Principal Product Manager at GitLab. “GitLab values the contributions made by the open source community, including KICS, and the advancements made possible by it.”

To learn more about the KICS open source scanning solution, visit this page.

About Checkmarx

Checkmarx is constantly pushing the boundaries of Application Security Testing to make security seamless and simple for the world’s developers while giving CISOs the confidence and control they need. As the AppSec testing leader, Checkmarx provides the industry’s most comprehensive solutions, giving development and security teams unparalleled accuracy, coverage, visibility and guidance to reduce risk across all components of modern software—including proprietary code, open source, APIs and infrastructure as code. Over 1,675 customers, including nearly half of the Fortune 50, trust Checkmarx’ security technology, expert research and global services to securely optimize development at speed and scale. For more information, visit the Checkmarx website, check out the blog or follow the company on LinkedIn.

#