README
¶
KICS
KICS is a scanner application that uses Checkmarx KICS (Keeping Infrastructure as Code Secure) to scan your Infrastructure as Code (IaC) files for misconfigurations. It's designed to be used as a plugin for the VMClarity platform.
Usage
Make a POST request with config below to the VMClarity API /assetScans endpoint to initiate a KICS scan.
The body of the POST request should include a JSON object with the configuration for the scan.
NOTE: Below is a minimal example. Your actual configuration should have additional properties.
{
"name": "scan-name",
"scanTemplate": {
"scope": "contains(assetInfo.labels, '{\"key\":\"scanconfig\",\"value\":\"test\"}')",
"assetScanTemplate": {
"scanFamiliesConfig": {
"plugins": {
// TODO(ramizpolic): Update with request data once decided in plugin integrations work
}
}
}
}
}
Usage notes
-
The KICS scanner is designed to be started by VMClarity, therefore running it as a standalone tool is not recommended.
-
The value of the
scannerConfigproperty in the POST request should contain the parameters that the KICS client will use. -
Please note that not all scan parameters are currently supported by the scanner.
When the scan is done, the output can be found at the <specified output JSON file>.
KICS scan findings are exported via Result model defined in Scanner Plugin OpenAPI specs.
They are saved to the specified output file in JSON format.
KICS outputs all its findings as
Misconfigurationmodels underResult.vmclarity.misconfigurationsproperty. See Scanner Plugin OpenAPI specs.
Documentation
¶
There is no documentation for this package.
Source Files
Directories