eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
373 commits 5 branches 83 tags 53 MiB
Commit graph

77 commits

Author SHA1 Message Date
Mick Grove
8aced005b8 - Added first-class Hugging Face scanning support, including CLI enumeration, token authentication, and integration with remote scans. 
- Condensed GitError formatting to report the exit status and the first informative lines from stdout/stderr, producing concise git clone failure logs.
- Added support for scanning Google Cloud Storage buckets via --gcs-bucket, including optional prefixes and service-account authentication.
- Added --skip-aws-account (now accepting comma-separated values) and --skip-aws-account-file to bypass live AWS validation for known canary/honey-token account IDs without triggering alerts. Kingfisher now ships with several canary AWS account IDs pre-seeded in the skip list and now reports matching findings as "Not Attempted" with the "Response" containing "(skip list entry)" so its clear that validation was intentionally skipped and why.
 2025-10-15 22:47:40 -07:00
Mick Grove
ad26211190 - Added a --no-ignore CLI flag to disable inline directives when you need every potential secret reported 
- Added: repeatable --ignore-comment <TOKEN> flag to reuse inline directives from other scanners (for example NOSONAR,
  kics-scan ignore, gitleaks:allow, etc)
 2025-10-10 16:23:41 -07:00
Mick Grove
bb66153a13 - Added kingfisher:ignore (or kingfisher:allow) to silence a finding inline within a file 
- Added: to reuse existing inline directives from other scanners, pass --compat-ignore-comments to also accept NOSONAR, kics-scan ignore,  gitleaks:allow and trufflehog:ignore
 2025-10-09 20:53:17 -07:00
Mick Grove
4813951b28
 		Merge branch 'development' into inline-ignore 
Signed-off-by: Mick Grove <mick.grove@mongodb.com>
 2025-10-09 20:19:02 -07:00
Mick Grove
1ee53ec88b - Added kingfisher:ignore (or kingfisher:allow) to silence a finding inline within a file 
- Added: to reuse existing inline directives from other scanners, pass --compat-ignore-comments to also accept NOSONAR, kics-scan ignore,  gitleaks:allow and trufflehog:ignore
 2025-10-09 20:11:31 -07:00
Mick Grove
4d12f23d12 - Added kingfisher:ignore (or kingfisher:allow) to silence a finding inline within a file 
- Added: to reuse existing inline directives from other scanners, pass --compat-ignore-comments to also accept NOSONAR, kics-scan ignore,  gitleaks:allow and trufflehog:ignore
 2025-10-09 17:59:10 -07:00
Mick Grove
432c1fc0bc Fixed tree-sitter scanning bug where passing --no-base64 caused errors to be printed when the file type couldn’t be determined 2025-10-08 08:59:25 -07:00
Mick Grove
69dc42f5bb Added first-class Azure Repos support, including CLI commands, enumeration, and documentation updates 2025-10-04 23:12:28 -07:00
Mick Grove
74e47fc592 - Improved performance of tree-sitter parsing 
- Updated Windows build script to ensure static binary is produced
 2025-10-03 17:22:28 -07:00
Mick Grove
04bb3b74d0 Added support for Gitea 2025-09-23 13:07:45 -07:00
Mick Grove
3f82999ed5 Added support for BitBucket 2025-09-22 18:21:03 -07:00
Mick Grove
95b9b526a3 Removed the unused --rlimit-nofile flag 2025-09-18 17:02:56 -07:00
Mick Grove
bcec04b554 Added diff-only Git scanning via --since-commit and --branch, including remote-aware ref resolution so CI jobs can pair --git-url clones with pull request branches 2025-09-16 14:20:43 -07:00
Mick Grove
8a83203e3f Added --github-exclude and --gitlab-exclude options to skip specific repositories when scanning or listing GitHub and GitLab sources, including support for gitignore-style glob patterns 2025-09-15 21:26:51 -07:00
Mick Grove
9dd8487d54 preparing for v1.48.0 2025-09-05 09:31:52 -07:00
Mick Grove
bf60c5584b Optimized memory usage via string interning and extensive data sharing 2025-09-03 09:52:49 -07:00
Mick Grove
ac34f35f61 Optimized memory usage via string interning and extensive data sharing 2025-09-02 19:54:44 -07:00
Mick Grove
2a85f66e4a fix windows x64 builds 2025-08-31 17:26:30 -07:00
Mick Grove
e03ab5972d fix ci build error 2025-08-31 10:27:16 -07:00
Mick Grove
40ef76fd00 fix ci build error 2025-08-30 22:24:13 -07:00
Mick Grove
db0cd8d4ff Fix tests 2025-08-30 21:25:12 -07:00
Mick Grove
aa2c3ba0cc Decode Base64 blobs and scan their contents for secrets while skipping short strings for performance. This has a small performance impact and can be disabled with --no-base64 2025-08-30 19:40:22 -07:00
Mick Grove
fc0be774b4 Decode Base64 blobs and scan their contents for secrets while skipping short strings for performance. This has a small performance impact and can be disabled with --no-base64 2025-08-30 19:40:11 -07:00
Mick Grove
984231e25c Decode Base64 blobs and scan their contents for secrets while skipping short strings for performance 2025-08-30 16:44:55 -07:00
Mick Grove
87094ad773 - Added '--repo-artifacts' flag to scan repository issues, gists/snippets, and wikis when cloning via '--git-url' 2025-08-20 20:41:19 -07:00
Mick Grove
a3d9d22d6c - Added '--repo-artifacts' flag to scan repository issues, gists/snippets, and wikis when cloning via '--git-url' 2025-08-20 20:41:11 -07:00
Mick Grove
bf08d973b4 Added '--skip-regex' and '--skip-word' flags to ignore secrets matching custom patterns or skipwords 2025-08-19 19:18:25 -07:00
Mick Grove
36f51afd63 - Fixed issue with self-update on Linux 
- Reverted the change to json and jsonl outputs by rule
 2025-08-19 11:55:28 -07:00
Mick Grove
41a4ebb60f - Added rules for clearbit, kickbox, azure container registry, improved Azure Storage key 
- Grouped JSON and JSONL outputs by rule, restoring matches arrays in reports
 2025-08-18 22:56:34 -07:00
Mick Grove
92bbe70487 fixing windows tests 2025-08-17 21:11:09 -07:00
Mick Grove
c81e8a763d fixed failing tests 2025-08-17 17:41:51 -07:00
Mick Grove
068448193f fixed failing tests 2025-08-17 17:41:34 -07:00
Mick Grove
6619705459 removed serde_utils and added Authress rule 2025-08-16 07:33:36 -07:00
Mick Grove
b8ffa3ba0c - Added support for scanning gitlab subgroups, with 'kingfisher scan --gitlab-group my-group --gitlab-include-subgroups' 2025-08-14 09:25:18 -07:00
Mick Grove
1054476a3b fixed test 2025-08-13 09:23:03 -07:00
Mick Grove
a062e82728 fixed test 2025-08-13 09:20:36 -07:00
Mick Grove
e7a8da6b3c Dropped the “prevalidated” flag from rule definitions and validation logic so every finding now flows through the standard active/inactive/unknown pipeline, simplifying rule configuration and preventing special‑case bypasses 2025-08-13 08:22:53 -07:00
Mick Grove
94e2e11de3 Added support for scanning Confluence pages 2025-08-10 21:54:26 -07:00
Mick Grove
baa7b6e761 Added support for scanning Confluence pages 2025-08-10 21:51:31 -07:00
Mick Grove
9ca6ea5fb6 removed unused cli argument, snippet-length 2025-08-10 17:27:36 -07:00
Mick Grove
690db297e3 removed unused cli argument, snippet-length 2025-08-10 17:25:32 -07:00
Mick Grove
c9c0aba687 - --quiet now suppresses scan summaries and rule statistics unless --rule-stats is explicitly provided 
- Added X Consumer key detection and validation
 2025-08-09 15:36:12 -07:00
Mick Grove
c763780905 GitLab: include nested subgroup projects when enumerating group repositories 2025-08-08 15:11:44 -07:00
Mick Grove
a912043eb9 changes in response to code review 2025-08-07 18:45:46 -07:00
Mick Grove
0bdd68c900 JWT tokens without both 'iss' and 'aud' are no longer reported as active credentials 2025-08-07 18:30:40 -07:00
Mick Grove
b71fb5e6e2 JWT tokens without both 'iss' and 'aud' are no longer reported as active credentials 2025-08-07 17:21:16 -07:00
Mick Grove
8d32662c1a fixed issue where --redact did not function properly 2025-08-06 21:23:27 -07:00
Mick Grove
e48b9617c8 Remote scans with --git-history=none now clone repositories with a working tree and scan the current files instead of erroring with 'No inputs to scan.' 2025-08-06 19:16:22 -07:00
Mick Grove
0b8e8fcc75 Remote scans with --git-history=none now clone repositories with a working tree and scan the current files instead of erroring with 'No inputs to scan.' 2025-08-06 19:15:50 -07:00
Mick Grove
27b37245e7 refactored output reporting and formatting logic 2025-08-04 08:58:06 -07:00