- Added '--repo-artifacts' flag to scan repository issues, gists/snippets, and wikis when cloning via '--git-url'

- Added rules for sendbird, mattermost, langchain, notion
- JWT validation hardened to reject alg:none by default (only allowed if explicitly configured), require iss for OIDC/JWKS verification, ensuring Active Credential means cryptographically verified and time-valid, not just unexpired
- Updated the Git cloning logic to include all refs and minimize clone output, allowing Kingfisher to analyze pull request and deleted branch history

src/git_binary.rs

@@ -137,6 +137,9 @@ impl Git {
         if let Some(arg) = clone_mode.arg() {
             cmd.arg(arg);
         }
+        cmd.arg("--quiet");
+        cmd.arg("-c");
+        cmd.arg("remote.origin.fetch=+refs/*:refs/remotes/origin/*");
         cmd.arg(repo_url.as_str());
         cmd.arg(output_dir);
         debug!("{cmd:#?}");