eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
373 commits 5 branches 83 tags 53 MiB
Commit graph

87 commits

Author SHA1 Message Date
Mick Grove
03e218d7f9 change in response to code review 2025-10-16 10:54:48 -07:00
Mick Grove
be14f632b2 change in response to code review 2025-10-16 10:50:37 -07:00
Mick Grove
6525c48e30 change in response to code review 2025-10-16 10:50:07 -07:00
Mick Grove
8aced005b8 - Added first-class Hugging Face scanning support, including CLI enumeration, token authentication, and integration with remote scans. 
- Condensed GitError formatting to report the exit status and the first informative lines from stdout/stderr, producing concise git clone failure logs.
- Added support for scanning Google Cloud Storage buckets via --gcs-bucket, including optional prefixes and service-account authentication.
- Added --skip-aws-account (now accepting comma-separated values) and --skip-aws-account-file to bypass live AWS validation for known canary/honey-token account IDs without triggering alerts. Kingfisher now ships with several canary AWS account IDs pre-seeded in the skip list and now reports matching findings as "Not Attempted" with the "Response" containing "(skip list entry)" so its clear that validation was intentionally skipped and why.
 2025-10-15 22:47:40 -07:00
Mick Grove
82319928d2 kingfisher:ignore is only directive built-in 2025-10-11 15:27:21 -07:00
Mick Grove
1208fe8544 Respect user color settings in update messages by using the same color helper as the main reporter, ensuring consistent output and no ANSI codes on update check, when color is disabled 2025-10-11 12:36:35 -07:00
Mick Grove
ad26211190 - Added a --no-ignore CLI flag to disable inline directives when you need every potential secret reported 
- Added: repeatable --ignore-comment <TOKEN> flag to reuse inline directives from other scanners (for example NOSONAR,
  kics-scan ignore, gitleaks:allow, etc)
 2025-10-10 16:23:41 -07:00
Mick Grove
bb66153a13 - Added kingfisher:ignore (or kingfisher:allow) to silence a finding inline within a file 
- Added: to reuse existing inline directives from other scanners, pass --compat-ignore-comments to also accept NOSONAR, kics-scan ignore,  gitleaks:allow and trufflehog:ignore
 2025-10-09 20:53:17 -07:00
Mick Grove
1ee53ec88b - Added kingfisher:ignore (or kingfisher:allow) to silence a finding inline within a file 
- Added: to reuse existing inline directives from other scanners, pass --compat-ignore-comments to also accept NOSONAR, kics-scan ignore,  gitleaks:allow and trufflehog:ignore
 2025-10-09 20:11:31 -07:00
Mick Grove
8fe340a294 Updated README 2025-10-05 16:58:50 -07:00
Mick Grove
5e5cfb818d Updated README 2025-10-05 16:44:33 -07:00
Mick Grove
bc981cb61a Updated README 2025-10-05 16:38:10 -07:00
Mick Grove
3e33079aac Updated README 2025-10-05 16:37:15 -07:00
Mick Grove
cf45930e2c Added first-class Azure Repos support, including CLI commands, enumeration, and documentation updates. Fixed a few bugs. 2025-10-05 10:48:57 -07:00
Mick Grove
69dc42f5bb Added first-class Azure Repos support, including CLI commands, enumeration, and documentation updates 2025-10-04 23:12:28 -07:00
Mick Grove
dc90c33fb2 Updated README 2025-09-23 16:29:13 -07:00
Mick Grove
d091ca5d94 Updated README 2025-09-23 16:27:53 -07:00
Mick Grove
1ca95b1b93 Updated README 2025-09-23 16:23:12 -07:00
Mick Grove
c7f9110268 Updated README 2025-09-23 16:21:17 -07:00
Mick Grove
a891d7950d Updated README 2025-09-23 16:18:44 -07:00
Mick Grove
04bb3b74d0 Added support for Gitea 2025-09-23 13:07:45 -07:00
Mick Grove
3f82999ed5 Added support for BitBucket 2025-09-22 18:21:03 -07:00
Mick Grove
3ef9086759 Added a new CLI flag, --user-agent-suffix to allow developers to append additional information to the user-agent 2025-09-18 14:11:54 -07:00
Mick Grove
d0c948e257 Updated README 2025-09-16 14:29:53 -07:00
Mick Grove
bcec04b554 Added diff-only Git scanning via --since-commit and --branch, including remote-aware ref resolution so CI jobs can pair --git-url clones with pull request branches 2025-09-16 14:20:43 -07:00
Mick Grove
8a83203e3f Added --github-exclude and --gitlab-exclude options to skip specific repositories when scanning or listing GitHub and GitLab sources, including support for gitignore-style glob patterns 2025-09-15 21:26:51 -07:00
Mick Grove
6785e61768 Increase max-file-size default to 256 mb (up from 64 mb) 2025-09-09 22:40:00 -07:00
Mick Grove
f4aa334a97 updated readme 2025-09-05 07:57:14 -07:00
Mick Grove
fa9639ff48 updated readme 2025-09-05 07:54:50 -07:00
Mick Grove
3a18d52245 updated readme 2025-09-04 23:52:43 -07:00
Mick Grove
eaa1de928f Decode Base64 blobs and scan their contents for secrets while skipping short strings for performance. This has a small performance impact and can be disabled with --no-base64 2025-08-30 20:02:53 -07:00
Mick Grove
332f2c59f9 added top level 'self-update' cli sub command to update the binary independently. Now supports updating over homebrew managed binary 2025-08-27 15:35:01 -07:00
Mick Grove
c2de3bc25c added rules for zhipu 2025-08-27 12:43:41 -07:00
Mick Grove
7f3846c8e7 Added a new install-precommit subcommand that installs a git pre-commit hook, prompting or accepting --global/--repo flags to control scope and configuring the hook to run kingfisher --quiet --only-valid --no-update-check 2025-08-22 17:33:03 -07:00
Mick Grove
2f1385f5f1 Added a new install-precommit subcommand that installs a git pre-commit hook, prompting or accepting --global/--repo flags to control scope and configuring the hook to run kingfisher --quiet --only-valid --no-update-check 2025-08-22 17:26:48 -07:00
Mick Grove
245fb20670 - Added '--repo-artifacts' flag to scan repository issues, gists/snippets, and wikis when cloning via '--git-url' 
- Added rules for sendbird, mattermost, langchain, notion
- JWT validation hardened to reject alg:none by default (only allowed if explicitly configured), require iss for OIDC/JWKS verification, ensuring Active Credential means cryptographically verified and time-valid, not just unexpired
- Updated the Git cloning logic to include all refs and minimize clone output, allowing Kingfisher to analyze pull request and deleted branch history
 2025-08-21 15:39:04 -07:00
Mick Grove
a3d9d22d6c - Added '--repo-artifacts' flag to scan repository issues, gists/snippets, and wikis when cloning via '--git-url' 2025-08-20 20:41:11 -07:00
Mick Grove
bf08d973b4 Added '--skip-regex' and '--skip-word' flags to ignore secrets matching custom patterns or skipwords 2025-08-19 19:18:25 -07:00
Mick Grove
d2f40c477f Fixed issue with self-update on Linux 2025-08-19 09:30:26 -07:00
Mick Grove
068448193f fixed failing tests 2025-08-17 17:41:34 -07:00
Mick Grove
768d9c7899 added more rules 2025-08-16 20:23:27 -07:00
Mick Grove
b8ffa3ba0c - Added support for scanning gitlab subgroups, with 'kingfisher scan --gitlab-group my-group --gitlab-include-subgroups' 2025-08-14 09:25:18 -07:00
Mick Grove
0502eeb7a1 Added support for scanning Confluence pages 2025-08-10 21:57:35 -07:00
Mick Grove
5e678155ba Added support for scanning Confluence pages 2025-08-10 21:55:45 -07:00
Mick Grove
baa7b6e761 Added support for scanning Confluence pages 2025-08-10 21:51:31 -07:00
Mick Grove
0b8e8fcc75 Remote scans with --git-history=none now clone repositories with a working tree and scan the current files instead of erroring with 'No inputs to scan.' 2025-08-06 19:15:50 -07:00
Mick Grove
664cfd0e5c - Fixed header precedence so custom HTTP validation headers like "Accept" are preserved 
- Added new Heroku rule
 2025-08-04 19:32:19 -07:00
Mick Grove
ef51e77e24 updating s3 feature 2025-08-03 20:59:58 -07:00
Mick Grove
10d604418b improved integration test and updated README 2025-08-03 09:45:52 -07:00
Mick Grove
96ab0d4b59 -Added support for scanning AWS S3 buckets via --s3-bucket and optional --s3-prefix 
- Added --role-arn and --aws-local-profile flags for S3 authentication alongside KF_AWS_KEY/KF_AWS_SECRET
 2025-08-02 20:40:16 -07:00