-
Notifications
You must be signed in to change notification settings - Fork 307
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'master' into refactorTFDescriptioURLs
- Loading branch information
Showing
3,788 changed files
with
138,028 additions
and
12,211 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
70 changes: 70 additions & 0 deletions
70
.github/scripts/kics-queries-repo-branch-creation/config-template/config.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,70 @@ | ||
| version: 2.1 | ||
| orbs: | ||
| gh: circleci/[email protected] | ||
| executors: | ||
| circle-machine: | ||
| machine: | ||
| image: ubuntu-2004:2023.04.2 | ||
| cimg-base: | ||
| docker: | ||
| - image: cimg/base:2022.11 | ||
| resource_class: small | ||
|
|
||
| jobs: | ||
| publish-github-release-and-images: | ||
| executor: circle-machine | ||
| working_directory: ~/repo | ||
| steps: | ||
| - run: | ||
| name: Config git and clone kics-queries-repo | ||
| command: | | ||
| git config --global url."https://${GITHUB_USER}:${GITHUB_TOKEN}@github.com".insteadOf "https://github.com" | ||
| git clone https://github.com/CheckmarxDev/kics-queries-repo.git full_repo | ||
| - run: | ||
| name: Configure tools worktree | ||
| command: | | ||
| cd full_repo | ||
| git worktree add ../main main | ||
| cd .. | ||
| - run: | ||
| name: Set variables | ||
| command: | | ||
| echo "branch_name_template_to_replace" >> main/releaseBranches.txt | ||
| main/scripts/setVariables.sh | ||
| source "$BASH_ENV" | ||
| - run: | ||
| name: Build kics-queries-repo tar.gz | ||
| command: | | ||
| main/scripts/createQueriesRepo.sh "$PWD/full_repo" queries.tar.gz | ||
| - run: | ||
| name: Create GitHub release | ||
| command: | | ||
| main/scripts/createRelease.sh | ||
| - run: | ||
| name: Build ast-data image | ||
| command: | | ||
| main/scripts/buildImages.sh | ||
| - run: | ||
| name: Push ast-data image (JFrog Artifactory) | ||
| command: | | ||
| main/scripts/pushImageJFrog.sh | ||
| - run: | ||
| name: Persist AST_DATA_TAG to env file | ||
| command: | | ||
| echo "export AST_DATA_TAG='${AST_DATA_TAG}'" > /tmp/ast_data_env | ||
| - persist_to_workspace: | ||
| root: "/tmp" | ||
| paths: | ||
| - ast_data_env | ||
|
|
||
| workflows: | ||
| release-publish-workflow: | ||
| jobs: | ||
| - publish-github-release-and-images: | ||
| filters: | ||
| branches: | ||
| only: | ||
| - "branch_name_template_to_replace" | ||
| context: | ||
| - AWS | ||
| - JFROG |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -14,6 +14,7 @@ jobs: | |
| uses: actions/setup-go@v4 | ||
| with: | ||
| go-version: 1.20.x | ||
| cache: false | ||
| - name: golangci-lint | ||
| uses: golangci/[email protected] | ||
| with: | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| name: release-kics-queries-repo-branch | ||
| on: | ||
| release: | ||
| types: | ||
| - published | ||
| jobs: | ||
| create-branch: | ||
| runs-on: ubuntu-latest | ||
| env: | ||
| REPO_NAME: "kics-queries-repo" | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v2 | ||
|
|
||
| - name: Set up Git credentials | ||
| run: | | ||
| git config --global user.name "${{ github.actor }}" | ||
| git config --global url."https://${{ secrets.CHECKMARXDEV_GIT_TOKEN }}@github.com".insteadOf "https://github.com" | ||
| - name: Clone kics-queries-repo from CheckmarxDev | ||
| run: | | ||
| cd .. | ||
| git clone https://github.com/CheckmarxDev/$REPO_NAME.git | ||
| - name: Create new branch for release ${{ github.event.release.name }} | ||
| run: | | ||
| cd ../$REPO_NAME | ||
| git checkout -b ${{ github.event.release.name }} | ||
| - name: Copy queries to new branch | ||
| run: | | ||
| mkdir -p ../$REPO_NAME/kics-queries | ||
| rsync -av --exclude='*/test/*' --exclude='common/*' ./assets/queries/ ../$REPO_NAME/kics-queries/ | ||
| - name: Copy circle ci configuration to new branch | ||
| run: | | ||
| mkdir -p ../$REPO_NAME/.circleci | ||
| sed 's/branch_name_template_to_replace/${{ github.event.release.name }}/g' .github/scripts/kics-queries-repo-branch-creation/config-template/config.yml > .github/scripts/kics-queries-repo-branch-creation/config.yml | ||
| cp .github/scripts/kics-queries-repo-branch-creation/config.yml ../$REPO_NAME/.circleci/ | ||
| - name: Push branch | ||
| run: | | ||
| cd ../$REPO_NAME | ||
| git add . | ||
| git commit -m "Add queries from release ${{ github.event.release.name }} to $REPO_NAME" | ||
| git push origin ${{ github.event.release.name }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,9 +2,9 @@ | |
| [](https://opensource.org/licenses/Apache-2.0) | ||
| [](https://docs.kics.io/develop/queries/all-queries/) | ||
| [](https://hub.docker.com/r/checkmarx/kics) | ||
| [](https://docs.kics.io/) | ||
| [](https://github.com/Checkmarx/kics/discussions) | ||
| [](https://discord.gg/nzryxFup6Z) | ||
|  | ||
| [](https://docs.kics.io/) | ||
| [](https://github.com/Checkmarx/kics/discussions) | ||
|
|
||
| [](https://sast.checkmarx.net/cxwebclient/portal#/projectState/702/Summary) | ||
| [](https://www.codacy.com/gh/Checkmarx/kics/dashboard?utm_source=github.com&utm_medium=referral&utm_content=Checkmarx/kics&utm_campaign=Badge_Grade) | ||
|
|
@@ -55,9 +55,13 @@ Find security vulnerabilities, compliance issues, and infrastructure misconfigur | |
| <br> | ||
| <img alt="Azure BluePrints" src="docs/img/logo-azure-blueprints.png" width="100"> | ||
| <img alt="GitHub Workflows" src="docs/img/logo-github-icon.png" width="100"> | ||
| <img alt="OpenTofu" src="docs/img/logo-opentofu.png" width="150"> | ||
|
|
||
| #### Beta Features | ||
| <img alt="Databricks" src="docs/img/logo-databricks.png" width="200"> | ||
| <img alt="NIFCloud" src="docs/img/logo-nifcloud.png" width="110"> | ||
|
|
||
| Support of other solutions and additional cloud providers are on the [roadmap](docs/roadmap.md). | ||
| In order to run the Databricks and NIFCloud queries, use the `--experimental-queries` flag when running KICS. | ||
|
|
||
| ## Getting Started | ||
|
|
||
|
|
@@ -79,29 +83,32 @@ What makes KICS really powerful and popular is its built-in extensibility. This | |
| - Fully customizable and adjustable heuristics rules, called [queries](docs/queries.md). These can be easily edited, extended and added. | ||
| - Robust but yet simple [architecture](docs/architecture.md), which allows quick addition of support for new Infrastructure as Code solutions. | ||
|
|
||
| ## Contribution | ||
| ## Community | ||
|
|
||
| KICS is a true community project. It's built as an open source from day one, and anyone can find his own way to contribute to the project. | ||
| [Check out how](docs/CONTRIBUTING.md), within just minutes, you can start making a difference, by sharing your expertise with a community of thousands of security experts and software developers. | ||
| You're welcome to join our [community](docs/community.md), talk with us on <a href="https://github.com/Checkmarx/kics/discussions" target="_blank">GitHub discussions</a> or contact KICS core team at [[email protected]](mailto:[email protected]). | ||
|
|
||
| You're welcome to join our monthly [community meetings](docs/community.md), talk with us on <a href="https://github.com/Checkmarx/kics/discussions" target="_blank">GitHub discussions</a> or contact KICS core team at [[email protected]](mailto:[email protected]). | ||
| ### KICS Contributors | ||
|
|
||
| ## Meet us at conferences | ||
| See our individual contributors in the [community](docs/community.md) page. You're welcome to join them by [contributing](docs/CONTRIBUTING.md) to KICS. | ||
|
|
||
| - [Blackhat ASIA 2023](https://www.blackhat.com/asia-23/arsenal/schedule/index.html#kics---your-iac-secure-now-31009) (video TBD) | ||
| - [AWS re:Invent 2021: AWS On Air](https://youtu.be/9ZKldJeBHl4) ([video](https://youtu.be/9ZKldJeBHl4)) | ||
| - [OWASP Bristol & Suffolk Chapter - Meetup](https://www.meetup.com/OWASP-Bristol/events/281869377/) ([video](https://youtu.be/KKZJEJF6I0M)) | ||
| - [OWASP Canberra Chapter - Meetup](https://www.meetup.com/OWASP-Canberra-Chapter/events/281946376/) | ||
| - [InfoSec City - Singapore 2021](https://www.infosec-city.com/sin21-bizcomm) | ||
| - [DevSecOps Singapore 2021](https://devopscon.io/cloud-platforms-serverless/infrastructure-is-the-new-code-is-your-devsecops-ready/) | ||
| - [Blackhat Europe 2021](https://www.blackhat.com/eu-21/arsenal/schedule/#kics-keeping-infrastructure-as-code-secure-25111) | ||
| - [HashiTalks IL 2021](https://events.hashicorp.com/hashitalksisrael) ([video](https://www.youtube.com/watch?v=DFRiSVH4lu0)) | ||
| - [Yalla DevOps 2021](https://yalla-devops.com/) ([video](https://youtu.be/Hs_YbAH9giI)) | ||
| - [Geektime Code 2021](https://code.geektime.co.il/) | ||
| - [DevSecCon24 2021](https://www.devseccon.com/devseccon24-2021/) ([video](https://www.youtube.com/watch?v=eaD-tGMOKe8)) | ||
| - [GISEC Global 2021](https://www.gisec.ae/gisec-2021-conference/insecure-infrastructure-as-code-leaves-the-door-open-for-hackers-1wez) | ||
| - [Blackhat ASIA 2021](https://www.blackhat.com/asia-21/arsenal/schedule/#kics-22475) ([video](https://www.youtube.com/watch?v=56AM1wiIOss)) | ||
| We also like to thank the following organizations for their ongoing contribution: | ||
| - [Checkmarx](https://checkmarx.com/) | ||
| - [Bedrock Streaming](https://bedrockstreaming.com/) (since v1.4.8) | ||
| - [Dynatrace](https://www.dynatrace.com/) (since v1.5.1) | ||
| - [Orca Security](https://orca.security/) (since v1.5.10) | ||
|
|
||
| ### KICS Users | ||
| KICS is used by various companies and organizations, some are listed below. If you would like to be included here please open a PR. | ||
|
|
||
| - [Checkmarx](https://checkmarx.com/) ([IaC Security](https://checkmarx.com/product/iac-security/)) | ||
| - [GitLab](https://gitlab.com/) ([Infrastructure as Code scanning](https://docs.gitlab.com/ee/user/application_security/iac_scanning/)) | ||
| - [Bedrock Streaming](https://bedrockstreaming.com/) | ||
| - [Cisco](https://www.panoptica.app/) ([CI/CD Securitry](https://docs.panoptica.app/docs/ci-cd-security)) | ||
| - [Orca Security](https://orca.security/) | ||
| - [JIT](https://www.jit.io/) ([SAST for IaC](https://www.jit.io/security-tools/kics)) | ||
| - [Firefly](https://www.firefly.ai/) | ||
| - [Redpanda](https://redpanda.com/) | ||
| - [Keptn](https://keptn.sh) | ||
|
|
||
| **Keeping Infrastructure as Code Secure!** | ||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.