Checkmarx KICS

registrynpm

package name@checkmarx/kics

maintainerCheckmarx

Checkmarx KICS (Keeping Infrastructure as Code Secure) is an open-source static analysis tool for scanning infrastructure-as-code files (Terraform, CloudFormation, Kubernetes YAML, Dockerfile) for security misconfigurations. It is run in CI/CD pipelines as a security gate before infrastructure deployments.

api usage

Checking Checkmarx KICS

@checkmarx/kics 2.1.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.

bash

curl "https://api.attestd.io/v1/check?product=%40checkmarx%2Fkics&version=2.1.0" \
  -H "Authorization: Bearer YOUR_API_KEY"

json

{
  "product": "@checkmarx/kics",
  "version": "2.1.0",
  "supported": true,
  "risk_state": "none",
  "supply_chain": {
    "compromised": false,
    "sources": [],
    "malware_type": null,
    "description": null,
    "advisory_url": null,
    "compromised_at": null,
    "removed_at": null
  },
  "last_updated": "2026-05-01T00:00:00Z"
}

attack surface

Why this package is monitored

Infrastructure security scanner packages have read access to all IaC files in the repository, which frequently contain cloud resource configurations, security group rules, and environment variable references. A compromised scanner can exfiltrate these files while reporting clean results.

Attestd monitors @checkmarx/kics using the following detection sources:

registry

Manually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.

osv

OSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.

npm_deprecation

npm package versions with deprecation messages containing targeted attack language such as malicious, backdoor, or compromised. Confidence 0.80.

Supply chain overview All npm packages Passport.js Helmet Response fields