eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
1,572 commits 5 branches 83 tags 53 MiB
Commit graph

100 commits

Author SHA1 Message Date
Mick Grove
54d9fc7ecd preparing for v1.100.0 2026-05-18 13:03:16 -07:00
Mick Grove
f6e05f0211 preparing for v1.99.0 2026-05-04 13:26:11 -07:00
Mick Grove
44d67cea1b added SLSA provenance 2026-05-02 00:14:31 -07:00
Mick Grove
ab93d4d242 Revert msys2/setup-msys2 to v2.31.0 
v2.31.1 fails to verify MSYS2 package database PGP signatures on
GitHub-hosted Windows runners ("signature from Christoph Reiter
... is unknown trust" for clangarm64/mingw32/mingw64/ucrt64/clang64/msys),
which breaks the Windows ARM64 (and x64) jobs at the pacman -Syuu step.
Pinning back to v2.31.0 until upstream ships a fix.
 2026-04-29 12:57:56 -07:00
Mick Grove
c387ac08d2 Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports. 2026-04-29 11:09:47 -07:00
Mick Grove
6cb404bdcd cargo update 2026-04-23 17:13:18 -07:00
Mick Grove
9d7e31980c performance improvements and rule improvements 2026-04-19 22:38:39 -07:00
Mick Grove
5411a52211 updated to rust 1.94 2026-04-14 14:20:28 -07:00
Mick Grove
413798e27d Apply open Dependabot updates 2026-04-06 23:58:55 -07:00
Mick Grove
5f7d82a524 fix github action 2026-04-05 16:36:08 -07:00
Mick Grove
c325a2d1d8 fixes in response to code review 2026-04-05 11:31:03 -07:00
Mick Grove
d5dbc92474 fixed failing windows test setup 2026-04-05 10:38:20 -07:00
Mick Grove
c171704884 updated vectorscan 2026-04-02 19:35:30 -07:00
Mick Grove
3774e58848 GitHub Action fix for PyPi publishing and SLSA Provenance 2026-04-02 08:01:13 -07:00
Mick Grove
59afdc6043 fixed github actions 2026-03-29 23:28:19 -07:00
Mick Grove
c81ed03276 fixed github actions 2026-03-29 23:22:20 -07:00
Mick Grove
9c448eec60 fixed github actions 2026-03-29 17:36:40 -07:00
Mick Grove
49d980acb0 fixed github actions 2026-03-29 17:29:33 -07:00
Mick Grove
ac2198e3bd fixed github actions 2026-03-29 12:32:14 -07:00
Mick Grove
482a60bb9d fixed github actions 2026-03-29 10:41:54 -07:00
Mick Grove
5b51aa941d fixed github actions 2026-03-28 12:09:28 -07:00
Mick Grove
af66acd18d fixed github actions 2026-03-28 11:59:22 -07:00
Mick Grove
6f9e3a05ae fixed github actions 2026-03-28 11:48:13 -07:00
Mick Grove
31042d4784 updated in response to ossf scorecard 2026-03-27 14:28:53 -07:00
Mick Grove
3e0569d741 improve OpenSSF scorecard: tighten token permissions and add build provenance 
Move write permissions from workflow top-level to job-level in cflite_batch,
cflite_pr, and release-docker workflows. Add sigstore build provenance
attestation to the release workflow via actions/attest-build-provenance.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-26 19:36:18 -07:00
Mick Grove
d609900d56 updated dependencies 2026-03-24 08:55:34 -07:00
Mick Grove
e2c7dc3e41 openssf scorecard suggested improvements 2026-03-20 09:25:05 -07:00
Mick Grove
db97997521 openssf scorecard suggested improvements 2026-03-20 08:41:37 -07:00
Mick Grove
bd2d53b7b4 openssf scorecard suggested improvements 2026-03-20 07:45:37 -07:00
Mick Grove
5fa4ce59b7 openssf scorecard suggested improvements 
Made-with: Cursor
 2026-03-19 23:39:36 -07:00
Mick Grove
d637a7b6fb openssf scorecard suggested improvements 2026-03-19 20:45:58 -07:00
Mick Grove
66055953a0 openssf scorecard suggested improvements 2026-03-19 20:31:10 -07:00
Mick Grove
6c32e374c3 openssf scorecard suggested improvements 2026-03-19 20:14:35 -07:00
Mick Grove
02a314529e v1.87.0 2026-03-09 21:50:06 -07:00
Mick Grove
283e9d29b3 fixed CI to not upload bare checksum, because they are included in zip file 2026-03-06 12:06:12 -08:00
Mick Grove
02f235995b v1.86.0 2026-03-06 09:02:11 -08:00
Mick Grove
e1c0702d3c v1.86.0 2026-03-06 08:28:28 -08:00
Mick Grove
11df7a4a8b v1.86.0 2026-03-05 23:09:54 -08:00
Mick Grove
a0b979d3f8 v1.86.0 2026-03-05 22:50:11 -08:00
Mick Grove
2527438e25 v1.86.0 2026-03-05 22:08:11 -08:00
Mick Grove
d89bdb868f v1.86.0 2026-03-05 20:50:48 -08:00
Mick Grove
0bf066491a v1.86.0 2026-03-05 20:36:27 -08:00
Mick Grove
ea0f6ba834
 		Merge pull request #238 from hamirmahal/fix/around-20-warnings-in-release-workflow 
fix: around 20 warnings in release workflow
 2026-02-17 08:27:26 -08:00
Hamir
1e06504477
 		fix: around 20 set-output command warnings 2026-02-16 15:15:04 -08:00
Hamir
2afb747872
 		chore: changes from formatting on save 2026-02-16 15:14:35 -08:00
Mick Grove
0ddf3fc10f Fixes in response to PR review 2026-02-16 07:34:32 -08:00
Mick Grove
39a4e217e3 Kingfisher can now generate an auditor-friendly HTML report 2026-02-15 14:29:42 -08:00
Mick Grove
cfc01eab68 Fixed CI runner failure when executing tests 2026-02-13 09:19:02 -08:00
Mick Grove
0ba79df1f4 Fixed CI runner failure when executing tests 2026-02-13 08:40:04 -08:00
Mick Grove
0c9ca048ea Fixed CI runner failure when executing tests 2026-02-13 07:55:17 -08:00