diff --git a/CHANGELOG.md b/CHANGELOG.md index 7941fcb..fb350a4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ All notable changes to this project will be documented in this file. -## [Unreleased] +## [1.48.0] - Improved error message when self-update cannot find the current binary - Optimized memory usage via string interning and extensive data sharing - Replaced quadratic match filtering with a per-rule span map, fixing missed secrets in extremely large files and improving scan performance diff --git a/Cargo.toml b/Cargo.toml index ac3b6a6..797ef62 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -10,7 +10,7 @@ publish = false [package] name = "kingfisher" -version = "1.47.0" +version = "1.48.0" description = "MongoDB's blazingly fast secret scanning and validation tool" edition.workspace = true rust-version.workspace = true diff --git a/README.md b/README.md index cccbf34..5c92ba6 100644 --- a/README.md +++ b/README.md @@ -225,6 +225,15 @@ cat /path/to/file.py | kingfisher scan - ``` +### Limit maximum file size scanned (`--max-file-size`) + +By default, Kingfisher skips files larger than **64 MB**. You can raise or lower this cap per run with `--max-file-size`, which takes a value in **megabytes**. + +```bash +# Scan files up to 250 mb in size +kingfisher scan /some/file --max-file-size 250 +``` + ### Scan using a rule _family_ with one flag _(prefix matching: `--rule kingfisher.aws` loads `kingfisher.aws._`)\* @@ -617,6 +626,14 @@ kingfisher github repos list --organization my-org - `--skip-regex `: Ignore findings whose text matches this regex (repeatable) - `--skip-word `: Ignore findings containing this case-insensitive word (repeatable) +## Understanding `--confidence` + +The `--confidence` flag sets a minimum confidence threshold, not an exact match. + +- If you pass `--confidence medium`, findings with **medium and higher** confidence (medium + high) will be included. +- If you pass `--confidence low`, you’ll see **all levels** (low, medium, high). + + ### Ignore known false positives Use `--skip-regex` and `--skip-word` to suppress findings you know are benign. Both flags may be provided multiple times and are tested against the secret value **and** the full match context.