diff --git a/README.md b/README.md index 721c7f4..6077ef2 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ License - Detection Rules + Detection Rules
@@ -20,7 +20,7 @@ Kingfisher is an open source secret scanner and **live secret validation** tool built in Rust. -It combines Intel's SIMD-accelerated regex engine (Hyperscan) with language-aware parsing to achieve high accuracy at massive scale, and ships with [950 built-in rules](https://mongodb.github.io/kingfisher/rules/builtin-rules/) to detect, **validate**, and triage leaked API keys, tokens, and credentials before they ever reach production. +It combines Intel's SIMD-accelerated regex engine (Hyperscan) with language-aware parsing to achieve high accuracy at massive scale, and ships with [950+ built-in rules](https://mongodb.github.io/kingfisher/rules/builtin-rules/) to detect, **validate**, and triage leaked API keys, tokens, and credentials before they ever reach production. Kingfisher also ships a **browser-based report viewer** that visualizes and triages findings from Kingfisher **and** from Gitleaks and TruffleHog JSON reports — so you can import scans from other tools and triage them in the same UI. A [hosted copy of the viewer](https://mongodb.github.io/kingfisher/viewer/) is published on the Kingfisher docs site [or run locally](#3-scan-and-view-results-in-browser) @@ -54,9 +54,9 @@ Kingfisher is a high-performance, open source secret detection tool for source c -### Performance, Accuracy, and 950 Rules +### Performance, Accuracy, and 954 Rules - **Performance**: multithreaded, Hyperscan‑powered scanning built for huge codebases -- **Extensible rules**: 950 built-in rules plus YAML-defined custom rules ([docs/RULES.md](/docs/RULES.md)) +- **Extensible rules**: 954 built-in rules plus YAML-defined custom rules ([docs/RULES.md](/docs/RULES.md)) - **Validate & Revoke**: live validation of discovered secrets, plus direct revocation for supported platforms (GitHub, GitLab, Slack, AWS, GCP, and more) ([docs/USAGE.md](/docs/USAGE.md)) - **Revocation support matrix**: current built-in revocation coverage across providers and rule IDs ([docs/REVOCATION_PROVIDERS.md](/docs/REVOCATION_PROVIDERS.md)) - **Blast Radius Mapping**: instantly map leaked keys to their effective cloud identities and exposed resources with `--access-map` (alias `--blast-radius`). Supports 43 providers (see table below). @@ -400,7 +400,7 @@ kingfisher scan /path/to/scan --access-map --view-report # Detection Rules -Kingfisher ships with [950 built-in rules](crates/kingfisher-rules/data/rules/) covering cloud keys, AI tokens, CI/CD secrets, database credentials, and SaaS API keys. Below is an overview — see the full list in [crates/kingfisher-rules/data/rules/](crates/kingfisher-rules/data/rules/): +Kingfisher ships with [954 built-in rules](crates/kingfisher-rules/data/rules/) covering cloud keys, AI tokens, CI/CD secrets, database credentials, and SaaS API keys. Below is an overview — see the full list in [crates/kingfisher-rules/data/rules/](crates/kingfisher-rules/data/rules/): | Category | What we catch | |----------|---------------| @@ -417,7 +417,7 @@ Kingfisher ships with [950 built-in rules](crates/kingfisher-rules/data/rules/) ## Write Custom Rules -Kingfisher ships with 950 built-in rules. +Kingfisher ships with 954 built-in rules. However, you may want to add your own custom rules, or modify a detection to better suit your needs / environment. diff --git a/docs-site/docs/index.md b/docs-site/docs/index.md index e9f0847..f2c6c26 100644 --- a/docs-site/docs/index.md +++ b/docs-site/docs/index.md @@ -2,7 +2,7 @@ title: Kingfisher — Open Source Secret Scanner with Live Validation description: >- Kingfisher is an open source secret scanner with live validation, blast radius - mapping, and credential revocation. 950 detection rules (485 with live validation), + mapping, and credential revocation. 954 detection rules (489 with live validation), plus a browser-based report viewer that also triages Gitleaks and TruffleHog output. Built in Rust by MongoDB. template: home.html diff --git a/docs-site/docs/rules/builtin-rules.md b/docs-site/docs/rules/builtin-rules.md index ff627f1..eaee0f3 100644 --- a/docs-site/docs/rules/builtin-rules.md +++ b/docs-site/docs/rules/builtin-rules.md @@ -1,13 +1,13 @@ --- title: "Built-in Rules List" -description: "Complete list of all 950 built-in secret detection rules in Kingfisher. Searchable and filterable by provider, confidence level, and validation support." +description: "Complete list of all 954 built-in secret detection rules in Kingfisher. Searchable and filterable by provider, confidence level, and validation support." --- # Built-in Rules -Kingfisher ships with **950 detection rules** across **583 providers** -(826 detectors + 124 dependent rules). -Of these, **485** include live validation and **50** support direct revocation. +Kingfisher ships with **954 detection rules** across **584 providers** +(830 detectors + 124 dependent rules). +Of these, **489** include live validation and **50** support direct revocation. !!! tip "Search" Use the search box below to filter rules by provider name, rule ID, or confidence level. @@ -2020,6 +2020,30 @@ Of these, **485** include live validation and **50** support direct revocation. Yes +Devin +Cognition Devin Personal API Key +kingfisher.devin.1 +Medium +Yes + + + +Devin +Cognition Devin Service API Key +kingfisher.devin.2 +Medium +Yes + + + +Devin +Cognition Devin Service User Token +kingfisher.devin.3 +Medium +Yes + + + Diffbot Diffbot API Key kingfisher.diffbot.1 @@ -7263,7 +7287,15 @@ Of these, **485** include live validation and **50** support direct revocation. Voyageai Voyage AI API Key kingfisher.voyageai.api_key -High +Medium +Yes + + + +Voyageai +Voyage AI API Key +kingfisher.voyageai.api_key.2 +Medium Yes diff --git a/docs-site/docs/usage/advanced.md b/docs-site/docs/usage/advanced.md index 2c7edcb..ff82788 100644 --- a/docs-site/docs/usage/advanced.md +++ b/docs-site/docs/usage/advanced.md @@ -300,7 +300,7 @@ kingfisher scan ./my-project \ ## Custom Rules -Kingfisher currently ships with 950 built-in rules, but you may want to add your own custom rules or modify existing detection to better suit your needs. +Kingfisher currently ships with 954 built-in rules, but you may want to add your own custom rules or modify existing detection to better suit your needs. First, review [RULES.md](../rules/overview.md) to learn how to create custom Kingfisher rules. diff --git a/docs-site/mkdocs.yml b/docs-site/mkdocs.yml index cd58d1b..866a145 100644 --- a/docs-site/mkdocs.yml +++ b/docs-site/mkdocs.yml @@ -1,7 +1,7 @@ site_name: Kingfisher site_url: https://mongodb.github.io/kingfisher site_description: >- - Open source secret scanner with live validation. 950 detection rules, + Open source secret scanner with live validation. 954 detection rules, blast radius mapping, credential revocation, and a browser-based report viewer that also imports Gitleaks and TruffleHog output. Built in Rust by MongoDB. diff --git a/docs-site/overrides/home.html b/docs-site/overrides/home.html index a74fbc7..d3d1834 100644 --- a/docs-site/overrides/home.html +++ b/docs-site/overrides/home.html @@ -36,7 +36,7 @@
- 950 + 954 Detection Rules
diff --git a/docs-site/overrides/main.html b/docs-site/overrides/main.html index 3d2331f..3a04d0c 100644 --- a/docs-site/overrides/main.html +++ b/docs-site/overrides/main.html @@ -7,7 +7,7 @@ "@context": "https://schema.org", "@type": "SoftwareApplication", "name": "Kingfisher", - "description": "Open source secret scanner with live validation. 950 detection rules, blast radius mapping, and credential revocation.", + "description": "Open source secret scanner with live validation. 954 detection rules, blast radius mapping, and credential revocation.", "applicationCategory": "DeveloperApplication", "operatingSystem": "Linux, macOS, Windows", "license": "https://opensource.org/licenses/Apache-2.0",