added blog posts

.github/dependabot.yml

@@ -4,13 +4,31 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
-    open-pull-requests-limit: 10
+    open-pull-requests-limit: 25
+    cooldown:
+      default-days: 7
+      include:
+        - "*"
+    groups:
+      cargo-patch:
+        update-types: ["patch"]
+      cargo-minor:
+        update-types: ["minor"]
 
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: "weekly"
-    open-pull-requests-limit: 10
+    open-pull-requests-limit: 25
+    cooldown:
+      default-days: 7
+      include:
+        - "*"
+    groups:
+      actions-patch:
+        update-types: ["patch"]
+      actions-minor:
+        update-types: ["minor"]
     ignore:
       - dependency-name: "actions/checkout"
         update-types: ["version-update:semver-major"]

CHANGELOG.md

@@ -2,8 +2,9 @@
 
 All notable changes to this project will be documented in this file.
 
-## [v1.98.0]
+## [unreleased v1.98.0]
 - Fixed [#359](https://github.com/mongodb/kingfisher/issues/359): added `kingfisher.github.9` to detect the new ~520-character stateless GitHub App installation token format (`ghs_<APP_ID>_<JWT>`). The legacy 36-character `ghs_` rule (`kingfisher.github.5`) is retained for older / GHES-issued tokens that are still in circulation. 
+- Added provider endpoint overrides for validation and revocation via global `--endpoint PROVIDER=URL` and `--endpoint-config FILE`, with built-in support for self-hosted GitHub, GitLab, Gitea, Jira, Confluence, and Artifactory instances.
 
 ## [v1.97.0]
 - **Report viewer cross-tool triage:** when a Kingfisher report is loaded alongside a Gitleaks or TruffleHog report, matching imported findings are enriched with Kingfisher's validation verdict, validation response, validate command, and revoke command. Matching is keyed on `commit + file + line` with a `file + line` fallback, and enriched rows show an "Enriched by Kingfisher" callout in the detail panel plus an "Enriched" chip in the findings table. Added a **Source** column to the findings table; a new **Duplicates Removed by Tool** dashboard panel showing per-tool cards for Kingfisher / TruffleHog / Gitleaks; and an upload-time **Deduplicate findings** toggle (on by default) so users can inspect the raw rows before fingerprint dedup when needed.

docs-site/docs/blog/posts/2026-04-28-beyond-detection-validate-map-revoke.md

@@ -1,5 +1,5 @@
 ---
-date: 2026-04-26
+date: 2026-04-28
 title: "Beyond Detection: Live Validation, Blast Radius, and One-Command Revocation"
 description: >
   Detection alone is noise. Kingfisher answers the three questions that
@@ -32,18 +32,22 @@ Kingfisher answers the three questions that actually matter:
 
 ## 1. Live validation, not just pattern matching
 
-Out of Kingfisher's 820 standalone detectors, **484 include live validation
-logic**. When a provider exposes a safe check call, Kingfisher uses that
+Kingfisher can drastically reduce false positives by identifying
+secrets that are still active and valid.
+
+When a provider exposes a safe check call, Kingfisher uses that
 provider's own API to report each credential as `Active`, `Inactive`, or
 `NotAttempted`.
 
 That changes the output from "thousands of regex matches" to a much shorter
 list of findings that actually authenticate today.
 
-Validation runs automatically when you scan:
+Validation runs automatically when you run a scan:
 
 ```bash
-kingfisher scan github --organization my-org
+kingfisher scan github --organization my-org --view-report
+
+kingfisher scan https://github.com/leaktk/fake-leaks.git --view-report
 ```
 
 Or you can run it standalone when you've already pulled a suspicious value

docs-site/docs/blog/posts/2026-04-28-scan-github-org-for-secrets.md

@@ -1,5 +1,5 @@
 ---
-date: 2026-04-26
+date: 2026-04-28
 title: "Scanning an Entire GitHub Organization for Leaked Secrets"
 description: >
   Step-by-step guide to scanning every repository in a GitHub organization

docs-site/docs/changelog.md

@@ -7,7 +7,7 @@ description: "Kingfisher release history: new features, rules, bug fixes, and im
 
 All notable changes to this project will be documented in this file.
 
-## [v1.98.0]
+## [unreleased v1.98.0]
 - Fixed [#359](https://github.com/mongodb/kingfisher/issues/359): added `kingfisher.github.9` to detect the new ~520-character stateless GitHub App installation token format (`ghs_<APP_ID>_<JWT>`). The legacy 36-character `ghs_` rule (`kingfisher.github.5`) is retained for older / GHES-issued tokens that are still in circulation.
 - Added provider endpoint overrides for validation and revocation via global `--endpoint PROVIDER=URL` and `--endpoint-config FILE`, with built-in support for self-hosted GitHub, GitLab, Gitea, Jira, Confluence, and Artifactory instances.