eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
1,498 commits 5 branches 83 tags 53 MiB
Commit graph

121 commits

Author SHA1 Message Date
Mick Grove
1337588c7b Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports. 2026-04-29 11:46:17 -07:00
Mick Grove
8d9f5bed40 Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports. 2026-04-29 08:58:11 -07:00
Mick Grove
997480ffc7 Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports. 2026-04-29 08:12:08 -07:00
Mick Grove
19dafa42ea Added provider endpoint overrides for validation and revocation via global --endpoint PROVIDER=URL and --endpoint-config FILE, with built-in support for self-hosted GitHub, GitLab, Gitea, Jira, Confluence, and Artifactory instances. 2026-04-27 13:20:16 -07:00
Mick Grove
ceff3ab1c5 performance improvements and rule improvements 2026-04-24 00:23:50 -07:00
Mick Grove
a4e8117c8e performance improvements and rule improvements 2026-04-24 00:14:56 -07:00
Mick Grove
d8e0a41fe8 performance improvements and rule improvements 2026-04-23 14:42:10 -07:00
Mick Grove
7ee1fd5163 performance improvements and rule improvements 2026-04-22 23:39:19 -07:00
Mick Grove
79139e49b8 - Fixed the HTML access-map viewer dark mode so charts redraw correctly on theme changes and follow the system color scheme until manually overridden. 
- Fixed [#344](https://github.com/mongodb/kingfisher/issues/344): baseline fingerprints no longer have to be hexadecimal. The fingerprint value emitted by scan output (JSON, JSONL, pretty, SARIF) can now be copied directly into a baseline file and will match on the next scan. --manage-baseline now writes fingerprints in decimal to match scan output, and legacy 16-char hex (and 0x-prefixed hex) entries continue to be accepted, so existing baseline files keep working unchanged.
 2026-04-20 17:54:51 -07:00
Mick Grove
c50b3ba292 performance improvements and rule improvements 2026-04-19 16:33:13 -07:00
Mick Grove
2d63146078 performance improvements and rule improvements 2026-04-17 18:06:17 -07:00
Mick Grove
09961f6feb performance improvements and access map viewer improvements 2026-04-16 13:34:44 -07:00
Mick Grove
68dd1266a6 performance improvements and access map viewer improvements 2026-04-16 10:57:40 -07:00
Mick Grove
21c51e5cba performance improvements and access map viewer improvements 2026-04-16 10:26:07 -07:00
Mick Grove
c3d686cfac performance improvements and access map viewer improvements 2026-04-16 09:56:56 -07:00
Mick Grove
c89e527053 bug fix 2026-04-16 06:44:12 -07:00
Mick Grove
93a9cb796e updates to new rules 2026-04-15 17:13:10 -07:00
Mick Grove
efa47ba140 updates to new rules 2026-04-15 14:37:26 -07:00
Mick Grove
6100eeb6b5 updated docs 2026-04-14 22:56:19 -07:00
Mick Grove
365422a819 fixed performance regression 2026-04-09 22:21:02 -07:00
Mick Grove
17c57e96e3 changes in response to PR review 2026-04-08 08:29:50 -07:00
Mick Grove
0cb854872b Replaced tree-sitter with a lighter parser-based context verifier built from handwritten lexers plus tl/cssparser, preserving context-dependent matching while cutting about 19 MB from the release binary. 2026-04-07 23:20:17 -07:00
Mick Grove
45a565fa6e added more rules 2026-04-06 22:18:58 -07:00
Mick Grove
f227141b88 fixes in response to code review 2026-04-05 10:58:46 -07:00
Mick Grove
a7b8711c5c updated readme 2026-04-04 08:16:15 -07:00
Mick Grove
915dbca646 updated readme 2026-04-04 08:06:46 -07:00
Mick Grove
13bad3f172 added more access-maps 2026-04-01 13:39:24 -07:00
Mick Grove
19fe52a9bf added more access-maps 2026-04-01 10:20:52 -07:00
Mick Grove
ba30b1788f fixed github actions 2026-03-29 18:24:18 -07:00
Mick Grove
b14522351b updated in response to ossf scorecard 2026-03-27 23:18:56 -07:00
Mick Grove
e0a403607f updated in response to ossf scorecard 2026-03-27 22:26:35 -07:00
Mick Grove
b04865e174 updated in response to ossf scorecard 2026-03-27 21:38:58 -07:00
Mick Grove
4e9a7364cd updated in response to ossf scorecard 2026-03-27 21:25:56 -07:00
Mick Grove
411aeefa92 updated in response to ossf scorecard 2026-03-27 17:22:21 -07:00
Mick Grove
1c7341f3ac updated in response to ossf scorecard 2026-03-27 15:04:14 -07:00
Mick Grove
f0a3bee587 added --max-validation-response-length <BYTES> 2026-03-16 22:25:32 -07:00
Mick Grove
349b8165aa Added TOON output support, to optimize usage of kingfisher from LLM/agent workflows 2026-03-15 15:00:59 -07:00
Mick Grove
bc1093ca4a v1.90.0 2026-03-15 13:59:07 -07:00
Mick Grove
e54b87a322 added Teams support 2026-03-13 22:53:05 -07:00
Mick Grove
60931c11a9 added Teams support 2026-03-13 17:39:34 -07:00
Mick Grove
db67105221 v1.88.0 2026-03-11 21:36:30 -07:00
Mick Grove
b99cbf9f50 v1.88.0 2026-03-11 20:59:44 -07:00
Mick Grove
d5539c4e9d v1.87.0 2026-03-09 21:50:58 -07:00
Mick Grove
ab811c8bcf v1.87.0 2026-03-09 20:11:58 -07:00
Mick Grove
96ab9a6d58 fixing windows installers to support new arm64 build 2026-03-06 11:53:24 -08:00
Mick Grove
11c2b74d67 updated README 2026-03-05 13:23:19 -08:00
Mick Grove
444ab7d7b0 updated README 2026-03-05 13:23:07 -08:00
Mick Grove
3220ed3a80 Merge branch 'codex/pr-244-mergeable' into development 
* codex/pr-244-mergeable:
  Add Jira comment and changelog scanning
 2026-02-28 11:14:19 -07:00
Mick Grove
719b91301d Add Jira comment and changelog scanning 2026-02-28 11:13:00 -07:00
Mick Grove
0ae4e8445c Updated kingfisher scan to accept Git repository URLs as positional targets (for example kingfisher scan github.com/org/repo or kingfisher scan https://gitlab.com/group/project.git) without requiring --git-url. 2026-02-26 23:14:18 -07:00