Keeping Infrastructure as Code Secure KICS stands for Keeping Infrastructure as Code Secure, it is open source and is a must-have for any cloud native project. Getting Started Setting up and using KICS is super-easy. First, see how to install and get KICS running. Then explore KICS output results format and quickly fix the issues detected. Interested in more advanced stuff? Deep dive into KICS queries. Understand how to integrate KICS in your favourite CI/CD pipelines. See KICS documentation for more details and topics. How it Works What makes KICS really powerful and popular is its built-in extensibility. This extensibility is achieved by: Fully customizable and adjustable heuristics rules, called queries. These can be easily edited, extended and added. Robust but yet simple architecture, which allows quick addition of support for new Infrastructure as Code solutions. Community You're welcome to
FEATURES
ALTERNATIVES
Simple script to check a domain's email protections and identify vulnerabilities.
A demonstration site for the Acunetix Web Vulnerability Scanner, featuring intentionally vulnerable PHP code to test web application security.
Gamma Ray is a software that helps developers to look for vulnerabilities on their Node.js applications with a pluggable infrastructure for integration with vulnerabilities databases.
A tool to capture all the git secrets by leveraging multiple open source git searching tools.
A comprehensive database of exploits and vulnerabilities for researchers and professionals
A tool for scanning Adobe Experience Manager instances for potential security vulnerabilities
A list of vulnerable applications for testing and learning
PINNED

Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

PTJunior
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.

CTIChef.com Detection Feeds
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.

ImmuniWeb® Discovery
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.