kics

kics copied to clipboard

cannot install KICS older then V1.5.1 using the tag on linux machine

2

the URL for the download file has changed since V1.5.2 and the installation script does not support it curl -sfL 'https://raw.githubusercontent.com/Checkmarx/kics/master/install.sh' | bash -s -- -b /usr/local/bin v1.5.1 ==> WORKS...

daviduash

Any plans to incorporate various compliance/control frameworks?

2

Would be nice if there was a way to configure queries based on the various compliance frameworks, such as the Cloud Security Alliance (CSA) CCM instead of just the Center...

corydorning

SARIF output on Kics docker mode is relative to docker mounting point

4

When running Kics as docker as part of a workflow(and not using kics GitHub action), SARIF output and the "artifactLocation" are all relative to the docker volume mounting point. For...

liorj-orca

[Terraform] Add for_each support to prevent false positives

5

### Expected Behavior Not throwing a **Redis Publicly Accessible** Vulnerability error when using a **for_each** on **azurerm_redis_firewall_rule** resource ### Actual Behavior Vulnerability **Redis Publicly Accessible** found on resource **azurerm_redis_firewall_rule** when...

leandroyou

ECR Repository Without Policy found when using for_each

1

### Expected Behavior Not finding "ECR Repository Without Policy, Severity: LOW, Results: 1". Creation of many resources is common and for_each should be used for this instead of having to...

noelmcgrath

Duplicated dockerfile query - "Last User Is 'root'"

1

It seems there are 2 "non root user" queries - assets/queries/dockerfile/last_user_is_root assets/queries/dockerfile/missing_user_instruction

lioskaderon

Update "Changing Default Shell Using SHELL Command" query for Docker, query and reasoning are in conflict

1

### Platform Docker ### Query `8a301064-c291-4b20-adcb-403fe7fd95fd` ### Description The query currently checks that the `SHELL` instruction is not used at all in a Dockerfile. Instead, it suggests changing the shell...

malte-laukoetter

Update "COPY '--from' Without FROM Alias Defined Previously" query for Docker, allow external images

1

### Platform Docker ### Query `68a51e22-ae5a-4d48-8e87-b01a323605c9` ### Description Currently, this query detects an issue when a `COPY` instruction references another docker image using `--from` and this image is not defined...

malte-laukoetter

Update "RUN Instruction Using 'cd' Instead of WORKDIR" query for Docker, allow cd when not at the beginning

1

### Platform Docker ### Query `f4a6bcd3-e231-4acf-993c-aa027be50d2e` ### Description In long `RUN` commands there sometimes exists `cd`s in the middle of the Instruction to change a directory. It is not helpful...

malte-laukoetter

# "kics-scan ignore-line" comment doesn't work in YAML to ignore secret false positive in next commented line

8

### Expected Behavior Ignore a false positive line when preceeded by a line such as: ```yaml # kics-scan ignore-line ``` Iirc this was supposed to be fixed in PR #4662...

HariSekhon