Checkmarx Infrastructure as Code Scanning Engine (ICE)
ICE is a infrastructure-as-code Engine that scans infrastructure provisioned using Terraform.
ICE identifies security vulnerabilties and misconfigurations that may expose IaC files owners to cyber attacks.
ICE also powers Checkmarx SAST product, the security-first platform that streamlines code security throughout DevSecOps lifecycle.
-
ICE scans terraform files and leverages over 40 built-in queries that cover security and compliance best practices for AWS, Azure and Google Cloud.
-
ICE users can create their own customer queries to support specific use-cases and prevent unique attack scenarios.
-
ICE Output is currently available as CLI, JSON and references to remediation guides.
This section describes installation procedure of ICE.
Running ICE as cli is done through console/main.go entry point. Path to the queries folder should be provided:
-path=....\test\test-data
Contribution is welcome and appreciated!!
Start by reviewing the contribution guidelines
Looking to contribute new scanning queries? Learn how to do it here