eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
1,572 commits 5 branches 83 tags 53 MiB
Commit graph

169 commits

Author SHA1 Message Date
Mick Grove
cf6c4cae0d fixed failing windows test 2026-05-28 23:59:19 -07:00
Mick Grove
816a75e3e4 add docker --archive support 2026-05-28 13:54:59 -07:00
Craigory Coppola
ebd8acfc1b test(jwt): generate ephemeral RSA keypair in RS256 regression test 
- Replace the inline RS256 token and committed public key with a
  throwaway RSA keypair generated at runtime; the token is signed from
  readable claims so no key material or opaque blobs live in the repo
- Add `rsa` as a dev-only dependency (getrandom feature) for in-test
  key generation; release binary is unaffected

Addresses review feedback on #386.
 2026-05-21 21:56:01 -04:00
Craigory Coppola
f71b9d826d fix(jwt): unify jsonwebtoken crypto backend 2026-05-21 21:15:41 -04:00
Mick Grove
1636b07810 preparing for v1.100.0 2026-05-18 09:42:04 -07:00
Mick Grove
f6e05f0211 preparing for v1.99.0 2026-05-04 13:26:11 -07:00
Mick Grove
b2287c99ee --self-update (alias --update) on a scan or other command now **re-execs into the freshly installed binary** so the current invocation completes with the new code and the latest detection rules. Previously the on-disk binary was replaced but the running process kept using the old in-memory version, requiring a second invocation to pick up the changes. On Unix this is a true exec() (same PID); on Windows the new binary is spawned and the parent exits with its status code. The explicit kingfisher self-update subcommand still updates and exits without re-execing. Self-update now also covers Windows arm64 (the asset was already published; the runtime cfg map gained the missing arm). See docs/ADVANCED.md → *Update Checks*. 2026-05-01 20:14:27 -07:00
Mick Grove
632bb0113d copilot fixes 2026-04-30 12:07:15 -07:00
Mick Grove
b89c952043 copilot fixes 2026-04-30 11:28:45 -07:00
Mick Grove
327342a1bb copilot fixes 2026-04-29 23:16:21 -07:00
Mick Grove
30b9eba427 copilot fixes 2026-04-29 22:50:31 -07:00
Mick Grove
997480ffc7 Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports. 2026-04-29 08:12:08 -07:00
Mick Grove
0b89e4b02f added blog posts 2026-04-28 19:21:44 -07:00
Mick Grove
2320a7ff72 performance improvements and rule improvements 2026-04-24 13:51:23 -07:00
Mick Grove
c73a44fbf9 performance improvements and rule improvements 2026-04-24 12:02:27 -07:00
Mick Grove
a4e8117c8e performance improvements and rule improvements 2026-04-24 00:14:56 -07:00
Mick Grove
e4cd6dd164 performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
Mick Grove
74cad26aed performance improvements and rule improvements 2026-04-17 11:01:46 -07:00
Mick Grove
aa940b0c7a fixed performance regression 2026-04-09 11:59:31 -07:00
Mick Grove
1628dac0c7 changes in response to PR review 2026-04-08 20:45:44 -07:00
Mick Grove
57b2a40461 changes in response to PR review 2026-04-08 19:58:09 -07:00
Mick Grove
a9fdf41558 changes in response to PR review 2026-04-08 17:38:46 -07:00
Mick Grove
0d33dff196 changes in response to PR review 2026-04-08 11:09:36 -07:00
Mick Grove
eee7697e24 changes in response to PR review 2026-04-08 09:42:37 -07:00
Mick Grove
0cb854872b Replaced tree-sitter with a lighter parser-based context verifier built from handwritten lexers plus tl/cssparser, preserving context-dependent matching while cutting about 19 MB from the release binary. 2026-04-07 23:20:17 -07:00
Mick Grove
e2664e33ed updated dependencies 2026-04-01 17:25:19 -07:00
Mick Grove
411aeefa92 updated in response to ossf scorecard 2026-03-27 17:22:21 -07:00
Mick Grove
1c7341f3ac updated in response to ossf scorecard 2026-03-27 15:04:14 -07:00
Mick Grove
f0a3bee587 added --max-validation-response-length <BYTES> 2026-03-16 22:25:32 -07:00
Mick Grove
349b8165aa Added TOON output support, to optimize usage of kingfisher from LLM/agent workflows 2026-03-15 15:00:59 -07:00
Mick Grove
60931c11a9 added Teams support 2026-03-13 17:39:34 -07:00
Mick Grove
b99cbf9f50 v1.88.0 2026-03-11 20:59:44 -07:00
Mick Grove
b518e349df v1.87.0 2026-03-09 20:46:08 -07:00
Mick Grove
0983581b76 improved yelp and perplexity rules 2026-03-07 07:40:26 -08:00
Mick Grove
fcac8cf1b7 rules updated 2026-03-03 16:47:59 -08:00
Mick Grove
e3bd776406 Fix redis URI matching and sqlite row budget 2026-02-28 14:25:05 -08:00
Mick Grove
4f2738b957 changes in response to PR review 2026-02-28 12:16:08 -07:00
Mick Grove
3220ed3a80 Merge branch 'codex/pr-244-mergeable' into development 
* codex/pr-244-mergeable:
  Add Jira comment and changelog scanning
 2026-02-28 11:14:19 -07:00
Mick Grove
719b91301d Add Jira comment and changelog scanning 2026-02-28 11:13:00 -07:00
Mick Grove
0ae4e8445c Updated kingfisher scan to accept Git repository URLs as positional targets (for example kingfisher scan github.com/org/repo or kingfisher scan https://gitlab.com/group/project.git) without requiring --git-url. 2026-02-26 23:14:18 -07:00
Mick Grove
92f43d2e29 added --turbo mode 2026-02-24 12:25:12 -07:00
Mick Grove
aa29ee0e99 added '--fast' mode which sets maximum scan speed. Omits git commit context and will not base64 decode 2026-02-23 22:34:23 -07:00
Mick Grove
1f4ccb8144 Automatically extracts and scans SQLite database contents for secrets stored in table rows 2026-02-22 23:35:18 -07:00
Mick Grove
51d782a917 Fixes in response to PR review 2026-02-16 09:43:16 -08:00
Mick Grove
0ddf3fc10f Fixes in response to PR review 2026-02-16 07:34:32 -08:00
Mick Grove
39a4e217e3 Kingfisher can now generate an auditor-friendly HTML report 2026-02-15 14:29:42 -08:00
Mick Grove
470120369b refactored code 2026-02-14 14:08:48 -08:00
Mick Grove
5882468177 Added optional validation rate limiting via --validation-rps (global) and repeatable --validation-rps-rule <RULE_SELECTOR=RPS> (per-rule override) for both scan and validate. Throttling now applies across built-in validator types (HTTP/gRPC plus AWS, GCP, Coinbase, MongoDB, Postgres, MySQL, JDBC, JWT, and Azure Storage). Rule selectors support the short form (for example, github=2 matches kingfisher.github.*) with longest-prefix precedence when multiple selectors apply. 2026-02-12 12:33:59 -08:00
Mick Grove
2866367c2e v1.80.0 2026-02-09 12:11:35 -08:00
Mick Grove
9ae6053804 more changes for v1.78.0 2026-02-03 09:37:53 -08:00