eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
323 commits 5 branches 83 tags 53 MiB
Commit graph

323 commits

This branch
This branch
All branches
Author SHA1 Message Date
Mick Grove
3e2f8705fd Updated README 2025-09-16 14:29:53 -07:00
Mick Grove
866bf63202 Added diff-only Git scanning via --since-commit and --branch, including remote-aware ref resolution so CI jobs can pair --git-url clones with pull request branches 2025-09-16 14:20:43 -07:00
Mick Grove
563fa66d46 Added --github-exclude and --gitlab-exclude options to skip specific repositories when scanning or listing GitHub and GitLab sources, including support for gitignore-style glob patterns 2025-09-15 21:26:51 -07:00
Mick Grove
895dac63b8 updated user-agent 2025-09-10 16:13:28 -07:00
Mick Grove
3bfcc074f4 updated user-agent 2025-09-10 16:08:33 -07:00
Mick Grove
01b6038f46 updated rule for AWS Secret Access key 2025-09-10 16:00:21 -07:00
Mick Grove
def9e5d18c updated rule for AWS Secret Access key 2025-09-10 13:29:19 -07:00
Mick Grove
a593e6d51e Increase max-file-size default to 256 mb (up from 64 mb) 2025-09-09 22:40:00 -07:00
Mick Grove
58c84d543e - Enabled MongoDB URI validation 
- AWS + GCP validators now respect HTTPS_PROXY and share a consistent user agent across AWS, GCP, and HTTP validation
 2025-09-09 22:35:17 -07:00
Mick Grove
6a1d9e4142 - Enabled MongoDB URI validation 
- AWS + GCP validators now respect HTTPS_PROXY and share a consistent user agent across AWS, GCP, and HTTP validation
 2025-09-09 16:45:02 -07:00
Mick Grove
e26b5d62da fixed ascii coloring in update check 2025-09-06 15:13:34 -07:00
Mick Grove
99a607213c fix windows x64 builds 2025-09-05 13:14:12 -07:00
Mick Grove
82caff531f preparing for v1.48.0 2025-09-05 10:20:41 -07:00
Mick Grove
ba12a5b2be preparing for v1.48.0 2025-09-05 09:31:52 -07:00
Mick Grove
80aef7e6d7 preparing for v1.48.0 2025-09-05 09:31:43 -07:00
Mick Grove
b70df66efd updated readme 2025-09-05 07:57:14 -07:00
Mick Grove
7579eb923c updated readme 2025-09-05 07:54:50 -07:00
Mick Grove
82e4d7b620 updated readme 2025-09-04 23:52:43 -07:00
Mick Grove
9b6c67c243 updated jwt rule 2025-09-04 23:31:34 -07:00
Mick Grove
3896ca40f9 updated sha1 crate 2025-09-04 22:24:30 -07:00
Mick Grove
8d15c8eabf - Improved error message when self-update cannot find the current binary 
- Optimized memory usage via string interning and extensive data sharing
- Replaced quadratic match filtering with a per-rule span map, fixing missed secrets in extremely large files and improving scan performance
- Support scanning extremely large files by chunking input into 1 GiB segments with small overlaps, avoiding vectorscan buffer limits while preserving match offsets
- Always use chunked vectorscan, eliminating the slow regex fallback for blobs over 4 GiB
- Skip Base64 scanning for blobs over 64 MB to avoid a second pass over massive files
- Increased max-file-size default to 64 MB (up from 25 MB)
 2025-09-04 21:51:24 -07:00
Mick Grove
52b2c02ee9 Optimized memory usage via string interning and extensive data sharing 2025-09-03 09:52:49 -07:00
Mick Grove
c3513ea206 Optimized memory usage via string interning and extensive data sharing 2025-09-02 19:54:44 -07:00
Mick Grove
23102f4b59 Improved error message when self-update cannot find the current binary 2025-09-02 13:59:01 -07:00
Mick Grove
def8789c31 fix windows x64 builds 2025-08-31 17:26:30 -07:00
Mick Grove
dcd0460e8a fix ci build error 2025-08-31 10:27:16 -07:00
Mick Grove
2a3a4956d2 fix ci build error 2025-08-30 22:24:13 -07:00
Mick Grove
8b43f982c6 Fix tests 2025-08-30 21:25:12 -07:00
Mick Grove
43fce5159a Fix changes in response to code review 2025-08-30 20:07:31 -07:00
Mick Grove
f24f00d6bd Decode Base64 blobs and scan their contents for secrets while skipping short strings for performance. This has a small performance impact and can be disabled with --no-base64 2025-08-30 20:02:53 -07:00
Mick Grove
5c33aa0b71 Decode Base64 blobs and scan their contents for secrets while skipping short strings for performance. This has a small performance impact and can be disabled with --no-base64 2025-08-30 19:40:22 -07:00
Mick Grove
5638a6cb45 Decode Base64 blobs and scan their contents for secrets while skipping short strings for performance. This has a small performance impact and can be disabled with --no-base64 2025-08-30 19:40:11 -07:00
Mick Grove
9de355a5c8 Decode Base64 blobs and scan their contents for secrets while skipping short strings for performance 2025-08-30 16:44:55 -07:00
Mick Grove
e54dbe90d0 - Improved rules: github oauth2, diffbot, mailchimp, aws 
- Added validation to SauceLabs rule
- Added rules: shodan, bitly, flickr
 2025-08-29 17:24:26 -07:00
Mick Grove
4f77706d0c changes in response to code review 2025-08-27 15:43:31 -07:00
Mick Grove
b3f80d7a33 added top level 'self-update' cli sub command to update the binary independently. Now supports updating over homebrew managed binary 2025-08-27 15:35:01 -07:00
Mick Grove
c4cda65690 added rules for zhipu 2025-08-27 12:43:41 -07:00
Mick Grove
8798d799f9 added rules for together.ai 2025-08-27 12:20:44 -07:00
Mick Grove
41b237740b added rules for nvidia nim 2025-08-27 11:39:32 -07:00
Mick Grove
0bd7a428f6 added rules for cerbras, friendli, fireworks.ai 2025-08-27 11:25:39 -07:00
Mick Grove
1945d65a70 Added rule for 'weights and biases' 2025-08-27 10:20:04 -07:00
Mick Grove
b54f9894c2 added ollama rule 2025-08-26 10:22:18 -07:00
Mick Grove
639fc60955 Added a new install-precommit subcommand that installs a git pre-commit hook, prompting or accepting --global/--repo flags to control scope and configuring the hook to run kingfisher --quiet --only-valid --no-update-check 2025-08-22 17:33:03 -07:00
Mick Grove
231b92e52e Added a new install-precommit subcommand that installs a git pre-commit hook, prompting or accepting --global/--repo flags to control scope and configuring the hook to run kingfisher --quiet --only-valid --no-update-check 2025-08-22 17:26:48 -07:00
Mick Grove
78b9f3dd8d - Improved rules: AWS, pem 2025-08-22 16:16:00 -07:00
Mick Grove
ef4cb03226 mproved AWS rule 2025-08-22 13:26:54 -07:00
Mick Grove
71d0e02fc4 fixed failing tests 2025-08-21 16:13:03 -07:00
Mick Grove
36d9ba54a1 fixed failing tests 2025-08-21 16:11:34 -07:00
Mick Grove
d841b72e6c fixed failing tests 2025-08-21 16:10:52 -07:00
Mick Grove
81d2f47c67 - Added '--repo-artifacts' flag to scan repository issues, gists/snippets, and wikis when cloning via '--git-url' 
- Added rules for sendbird, mattermost, langchain, notion
- JWT validation hardened to reject alg:none by default (only allowed if explicitly configured), require iss for OIDC/JWKS verification, ensuring Active Credential means cryptographically verified and time-valid, not just unexpired
- Updated the Git cloning logic to include all refs and minimize clone output, allowing Kingfisher to analyze pull request and deleted branch history
 2025-08-21 15:39:04 -07:00