Techonologies
KICS support multiple technologies, following you will find more details about each technology.
Ansible
KICS supports Ansible files with .yaml extension.
CloudFormation
KICS supports CloudFormation files with .json or .yaml extension.
Docker
KICS supports Docker files with .dockerfile extension.
Helm
KICS supports Helm by rendering charts and running Kubernetes queries against the rendered manifest.
The charts file structure must be as explained by Helm: https://helm.sh/docs/topics/charts/#the-chart-file-structure.
Results are displayed against original Helm files:
Service With External Load Balance, Severity: MEDIUM, Results: 1
Description: Service has an external load balancer, which may cause accessibility from other networks and the Internet
Platform: Kubernetes
[1]: /charts/nginx-ingress/templates/controller-service.yaml:20
019: release: {{ template "nginx-ingress.releaseLabel" . }}
020: name: {{ template "nginx-ingress.controller.fullname" . }}
021: spec:
Kubernetes
KICS supports Kubernetes files with .yaml extension.
Terraform
KICS support .tf extension and input variables using terraform.tfvars or files with .auto.tfvars extension that are in same directory of .tf files.
Although KICS support variables and interpolations, KICS does not support functions and enviroment variables. In case of variables used as function parameters, it will parse as wrapped expression, so the following function call:
resource "aws_launch_configuration" "example" {
image_id = data.aws_ami.ubuntu.id
instance_type = "${concat(list("${var.name}", "${var.other_name}"), var.node_tags)}"
spot_price = var.price
user_data_base64 = "${var.data}=="
}
Considering var.data = "a123B" and var.price = 1.023, it would be parsed like the following example:
resource "aws_launch_configuration" "example" {
image_id = data.aws_ami.ubuntu.id
instance_type = "${concat(list("${var.name}", "${var.other_name}"), var.node_tags)}"
spot_price = 1.023
user_data_base64 = "a123B=="
}