eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
1,214 commits 5 branches 83 tags 53 MiB
Commit graph

1,214 commits

This branch
This branch
All branches
Author SHA1 Message Date
Mick Grove
0ae4e8445c Updated kingfisher scan to accept Git repository URLs as positional targets (for example kingfisher scan github.com/org/repo or kingfisher scan https://gitlab.com/group/project.git) without requiring --git-url. 2026-02-26 23:14:18 -07:00
Mick Grove
a76b8eb544 unkey and redis 2026-02-25 22:38:33 -07:00
Mick Grove
887cb9af8b unkey and redis 2026-02-25 22:38:06 -07:00
Mick Grove
a5582d0544 added redis rule, modified from Titus project, and updated NOTICE file 2026-02-24 12:56:50 -07:00
Mick Grove
71638cce47 added redis rule, modified from Titus project, and updated NOTICE file 2026-02-24 12:44:24 -07:00
Mick Grove
92f43d2e29 added --turbo mode 2026-02-24 12:25:12 -07:00
Mick Grove
4905ace028 performance improvements 2026-02-23 23:14:39 -07:00
Mick Grove
aa29ee0e99 added '--fast' mode which sets maximum scan speed. Omits git commit context and will not base64 decode 2026-02-23 22:34:23 -07:00
Mick Grove
fa640e2c38 Python bytecode (.pyc) scanning: extracts string constants from compiled Python 2026-02-23 20:06:43 -07:00
Mick Grove
1f4ccb8144 Automatically extracts and scans SQLite database contents for secrets stored in table rows 2026-02-22 23:35:18 -07:00
Mick Grove
7845cfa727 being discovered, overlapping I/O with pattern matching. 
- Performance: skip blobs smaller than 20 bytes during enumeration (too small to contain any secret).
- Performance: preserve pack-ascending blob order in the metadata path for better I/O locality when Rayon splits work.
 2026-02-22 22:59:42 -07:00
Mick Grove
8ae2ba1a1e fixed tests 2026-02-19 22:15:14 -08:00
Mick Grove
02538a6ac4 added more access-maps 2026-02-19 20:51:12 -08:00
Mick Grove
05002fe4d6 added more access-maps 2026-02-19 20:39:07 -08:00
Mick Grove
f38df8a953 added more access-maps 2026-02-19 19:36:43 -08:00
Mick Grove
a9c5d8524f added more access-maps 2026-02-19 18:19:20 -08:00
Mick Grove
17bb433227 improved GCP access mapping support 2026-02-19 14:58:10 -08:00
Mick Grove
3b1085baa6 added buildkit and harness to access-map 2026-02-17 22:58:29 -08:00
Mick Grove
32d40c0b53 added pipedrive and amplitude 2026-02-17 16:42:44 -08:00
Mick Grove
51d782a917 Fixes in response to PR review 2026-02-16 09:43:16 -08:00
Mick Grove
0ddf3fc10f Fixes in response to PR review 2026-02-16 07:34:32 -08:00
Mick Grove
8cf09936fc Kingfisher can now generate an auditor-friendly HTML report 2026-02-15 23:50:39 -08:00
Mick Grove
39a4e217e3 Kingfisher can now generate an auditor-friendly HTML report 2026-02-15 14:29:42 -08:00
Mick Grove
470120369b refactored code 2026-02-14 14:08:48 -08:00
Mick Grove
d3e659491d refactored code 2026-02-14 13:12:26 -08:00
Mick Grove
f62bfe103b tree sitter scanning improvements 2026-02-14 11:13:59 -08:00
Mick Grove
7468230f47 html report viewer improvements 2026-02-13 22:36:48 -08:00
Mick Grove
fdf85f09fc html report viewer improvements 2026-02-13 18:35:36 -08:00
Mick Grove
79102a073b html report viewer improvements 2026-02-13 18:19:18 -08:00
Mick Grove
7653acb433 wip 1.83 2026-02-13 17:37:31 -08:00
Mick Grove
816d5c40ba wip 1.83 2026-02-13 16:41:28 -08:00
Mick Grove
a36634c4b4 Fixed CI runner failure when executing tests 2026-02-13 10:04:18 -08:00
Mick Grove
09ed89eec2 Fixed CI runner failure when executing tests 2026-02-13 09:57:44 -08:00
Mick Grove
56827ae342 Fixed CI runner failure when executing tests 2026-02-13 09:39:41 -08:00
Mick Grove
409e1557de Fixed CI runner failure when executing tests 2026-02-13 09:35:04 -08:00
Mick Grove
cfc01eab68 Fixed CI runner failure when executing tests 2026-02-13 09:19:02 -08:00
Mick Grove
0ba79df1f4 Fixed CI runner failure when executing tests 2026-02-13 08:40:04 -08:00
Mick Grove
0c9ca048ea Fixed CI runner failure when executing tests 2026-02-13 07:55:17 -08:00
Mick Grove
1583df7a64 Fixed CI runner failure when executing tests 2026-02-12 21:56:07 -08:00
Mick Grove
dfa4375152 Fixed CI runner failure when executing tests 2026-02-12 21:46:17 -08:00
Mick Grove
20a05a643c Fixed CI runner failure when executing tests 2026-02-12 21:11:50 -08:00
Mick Grove
1a8651ecb0 Fixed CI runner failure when executing tests 2026-02-12 17:26:28 -08:00
Mick Grove
1503b4f661 Fixed CI runner failure when executing tests 2026-02-12 17:25:49 -08:00
Mick Grove
6a9a3b35ed Fixed CI runner failure when executing tests 2026-02-12 17:23:03 -08:00
Mick Grove
e72f40b169 Fixed CI runner failure when executing tests 2026-02-12 16:51:55 -08:00
Mick Grove
dfe6554b1c Fixed CI runner failure when executing tests 2026-02-12 16:07:55 -08:00
Mick Grove
60c72292c7 Added optional validation rate limiting via --validation-rps (global) and repeatable --validation-rps-rule <RULE_SELECTOR=RPS> (per-rule override) for both scan and validate. Throttling now applies across built-in validator types (HTTP/gRPC plus AWS, GCP, Coinbase, MongoDB, Postgres, MySQL, JDBC, JWT, and Azure Storage). Rule selectors support the short form (for example, github=2 matches kingfisher.github.*) with longest-prefix precedence when multiple selectors apply. 2026-02-12 13:15:51 -08:00
Mick Grove
5882468177 Added optional validation rate limiting via --validation-rps (global) and repeatable --validation-rps-rule <RULE_SELECTOR=RPS> (per-rule override) for both scan and validate. Throttling now applies across built-in validator types (HTTP/gRPC plus AWS, GCP, Coinbase, MongoDB, Postgres, MySQL, JDBC, JWT, and Azure Storage). Rule selectors support the short form (for example, github=2 matches kingfisher.github.*) with longest-prefix precedence when multiple selectors apply. 2026-02-12 12:33:59 -08:00
Mick Grove
2d6abb95c9 fixes in response to pr review 2026-02-11 23:44:09 -08:00
Mick Grove
57845eebcd - Added kingfisher.temporal.1 rule for Temporal Cloud API keys (namespace-scoped and user-scoped JWT formats) with Temporal-specific pattern matching. 
- Added Temporal Cloud active credential validation via GET https://saas-api.tmprl.cloud/cloud/current-identity using bearer auth, so Temporal keys validate against provider APIs instead of generic OIDC discovery.
- Fixed JWT issuer normalization to treat bare host issuers (e.g. iss: temporal.io) as HTTPS URLs during discovery, avoiding low-level URL builder failures.
- Added crates/kingfisher-rules/build.rs to ensure embedded rule assets rebuild when files under crates/kingfisher-rules/data change.
 2026-02-11 23:33:35 -08:00