From 340f5b99c40bb3a6ff226a8ce757f3950862844b Mon Sep 17 00:00:00 2001 From: Mick Grove Date: Tue, 29 Jul 2025 20:54:22 -0700 Subject: [PATCH] Added support for Slack. Wrote a basic integration test --- README.md | 29 +++++++++------------------- install-prereceive-hook.sh | 39 -------------------------------------- 2 files changed, 9 insertions(+), 59 deletions(-) delete mode 100755 install-prereceive-hook.sh diff --git a/README.md b/README.md index 09fabc1..a7c668d 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,14 @@ Kingfisher originated as a fork of Praetorian's [Nosey Parker](https://github.co **Learn more:** [Introducing Kingfisher: Real‑Time Secret Detection and Validation](https://www.mongodb.com/blog/post/product-release-announcements/introducing-kingfisher-real-time-secret-detection-validation) +# Benchmark Results + +See ([docs/COMPARISON.md](docs/COMPARISON.md)) + +

+ Kingfisher Runtime Comparison +

+ # Getting Started ## Installation @@ -424,15 +432,6 @@ This creates `.git/hooks/pre-commit` that scans the files staged for commit with Installs a global pre-commit hook at `$HOME/.git/hooks/pre-commit`; for every Git repository you use, it runs `kingfisher scan --no-update-check` on the staged files and cancels the commit if any secrets are detected. -To check incoming pushes on a server-side repository, install the pre-receive hook: - -```bash -./install-prereceive-hook.sh -``` - -The resulting `.git/hooks/pre-receive` script scans the files in each pushed commit and rejects the push if any secrets are detected. - - ## Update Checks Kingfisher automatically queries GitHub for a newer release when it starts and tells you whether an update is available. @@ -558,20 +557,10 @@ Real breaches show how one exposed key can snowball into a full-scale incident: Leaked secrets fuel unauthorized access, lateral movement, regulatory fines, and brand-damaging incident-response costs. -# Benchmark Results - -See ([docs/COMPARISON.md](docs/COMPARISON.md)) - - -

- Kingfisher Runtime Comparison -

- - # Roadmap - More rules -- Packages for Linux (deb, rpm) +- More targets - Please file a [feature request](https://github.com/mongodb/kingfisher/issues) if you have specific features you'd like added # License diff --git a/install-prereceive-hook.sh b/install-prereceive-hook.sh deleted file mode 100755 index f7a4d5e..0000000 --- a/install-prereceive-hook.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail - -HOOK_DIR="$(git rev-parse --git-dir)/hooks" -HOOK_PATH="$HOOK_DIR/pre-receive" - -if [ -e "$HOOK_PATH" ]; then - echo "Error: $HOOK_PATH already exists. Move or remove the existing hook to continue." >&2 - exit 1 -fi - -cat > "$HOOK_PATH" <<'HOOK' -#!/usr/bin/env bash -# Pre-receive hook to scan pushed commits with Kingfisher -set -euo pipefail - -if ! command -v kingfisher >/dev/null 2>&1; then - echo "kingfisher not found in PATH" >&2 - exit 1 -fi - -while read -r oldrev newrev refname; do - if [ "$oldrev" = "0000000000000000000000000000000000000000" ]; then - git diff-tree --name-only -r "$newrev" -z | - xargs -0 --no-run-if-empty kingfisher scan --no-update-check - else - git diff-tree --no-commit-id --name-only -r "$oldrev" "$newrev" -z | - xargs -0 --no-run-if-empty kingfisher scan --no-update-check - fi - status=$? - if [ "$status" -ne 0 ]; then - echo "Kingfisher detected secrets in push. Push rejected." >&2 - exit "$status" - fi -done -HOOK - -chmod +x "$HOOK_PATH" -echo "Pre-receive hook installed to $HOOK_PATH"