kics
kics copied to clipboard
Checkmarx
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
Here's an simple query which valide the existance of a `bucket` tag in a ressource `aws_s3_bucket` ```rego package Cx import data.generic.common as common_lib CxPolicy[result] { resource := input.document[i].resource.aws_s3_bucket[name] not common_lib.valid_key(resource.tags,...
Closes #5689 **Proposed Changes** - Change approach in api_gateway_with_cloudwatch_logging_disabled Terraform AWS to recommended naming convention in the documentation I submit this contribution under the Apache-2.0 license.
**Proposed Changes** - add serverless framework queries I submit this contribution under the Apache-2.0 license.
Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.9.2 to 3.9.3. Release notes Sourced from helm.sh/helm/v3's releases. Helm 3.9.3 Helm v3.9.3 is a patch release. Users are encouraged to upgrade for the best experience. Users...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Looking at the [terraform/aws/api_gateway_with_cloudwatch_logging_disabled](https://github.com/Checkmarx/kics/blob/34973e9dbabce8dfe65aa2287431ce6be9808222/assets/queries/terraform/aws/api_gateway_with_cloudwatch_logging_disabled/query.rego#L22-L23) query, it currently compares the log group name with the stage name, however according to the Terraform AWS provider documentation, it is supposed to match a...
**Proposed Changes** - reduced complexity of `lambda_function_with_privileged_role` query since this query exceeded query timeout in PR #5423 I submit this contribution under the Apache-2.0 license.
Bumps alpine from 3.16.1 to 3.16.2. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
Closes #5489 **Proposed Changes** - remove referenced resources in policies on `pkg/parser/terraform/data_source.go` I submit this contribution under the Apache-2.0 license.
**Proposed Changes** - improved SplitLines function calls - improved minor code details I submit this contribution under the Apache-2.0 license.
**Proposed Changes** - add --ci flag to gitlab examples using the example unnecessarily spams the gitlab output and makes it uncomfortable to work with it. especially results of long lasting...
