eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
1,071 commits 5 branches 83 tags 53 MiB
Commit graph

190 commits

Author SHA1 Message Date
Luke Young
5b2b81ed7e
 		feat(dockerhub): add Organization Access Token pattern 
Signed-off-by: Luke Young <bored-engineer@users.noreply.github.com>
 2026-01-30 16:11:44 -08:00
Mick Grove
216fc1dbdc Switched compression dependencies to pure-Rust bzip2/lzma implementations and pared zip features to avoid C-based codecs for bz2/xz handling. 2026-01-23 09:52:11 -08:00
Mick Grove
049294af3d Skipped per-repository report writes when an output file is specified and emit a single aggregated report after multi-repository scans to preserve full output content in files. 2026-01-16 12:39:44 -08:00
Mick Grove
594534f69f Skipped per-repository report writes when an output file is specified and emit a single aggregated report after multi-repository scans to preserve full output content in files. 2026-01-16 11:34:13 -08:00
Mick Grove
fee6c2d5ba new rules 2026-01-16 09:30:30 -08:00
Mick Grove
bff15a334b new rules 2026-01-16 08:15:32 -08:00
Mick Grove
2eadddcc4e new rules 2026-01-15 22:46:07 -08:00
Mick Grove
b0e2ce8af1 new rules 2026-01-15 22:15:59 -08:00
Mick Grove
0409abead5 new rules 2026-01-15 22:02:31 -08:00
Mick Grove
f26d3ca383 new rules 2026-01-15 21:00:23 -08:00
Mick Grove
c57181aa60 improving findings viewer 2026-01-15 10:41:55 -08:00
Mick Grove
c2cb5b9637 fix beamer rule 2026-01-14 22:12:28 -08:00
Mick Grove
fdd0a8e02d fix beamer rule 2026-01-14 22:06:08 -08:00
Mick Grove
8c07fb3f3c - Enhanced Access Map View: added fingerprint display, enabled searching by fingerprint, and implemented bidirectional navigation between Findings and Access Map nodes. 
- Added Slack Access Map support with granular permissions in the tree view.
 2026-01-14 21:45:55 -08:00
Mick Grove
02131a6d40
 		Merge pull request #181 from mongodb/development 
preparing v1.74.0
 2026-01-13 21:15:07 -08:00
Mick Grove
f4fc395554 preparing v1.74.0 2026-01-13 17:08:21 -08:00
Mick Grove
a93419bd33 preparing v1.74.0 2026-01-13 14:26:50 -08:00
Mick Grove
e10f6c6e2a
 		Apply suggestions from code review 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Mick Grove <mick.grove@mongodb.com>
 2026-01-13 10:37:37 -08:00
Mick Grove
51588dbb6a preparing v1.74.0 2026-01-13 10:32:09 -08:00
Akshay Jain
69d447dcc9 Add detection for short sk-None- prefixed OpenAI API keys 
OpenAI issues keys with sk-None- prefix in both short (56 char) and long
(130+ char) formats. The existing openai.2 rule only matches long keys
with {100,} minimum length. This adds openai.3 to detect the short variant:
sk-None- followed by exactly 48 alphanumeric characters.

Fixes detection gap where trufflehog found valid keys that kingfisher missed.
 2026-01-13 13:40:16 +05:30
Mick Grove
abe546fd59 preparing v1.74.0 2026-01-12 22:51:40 -08:00
Mick Grove
4f18541cb6 preparing v1.74.0 2026-01-12 22:50:05 -08:00
Akshay Jain
98d009deae Add ScraperAPI key detection rule 
Adds a new rule to detect ScraperAPI keys with:
- Pattern matching for 32-character alphanumeric keys
- Live validation against ScraperAPI endpoint
- Medium confidence with entropy check (min 3.5)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2026-01-07 13:38:53 +05:30
Mick Grove
b54e5329a2 v1.73.0 2026-01-02 13:29:45 -08:00
Mick Grove
7237a931d5 v1.73.0 2026-01-01 22:24:57 -08:00
Mick Grove
587dfc5892 - Fixed deduplication for dependency-provider rules so dependent validations run per blob 
- Updated Artifactory rule entropy and added new artifactory rule
 2025-12-21 22:07:45 -08:00
Trever McKee
093dbd58f6 Add JFrog Artifactory Reference Token rule. 2025-12-19 11:11:29 -08:00
Mick Grove
0b8f98ea16 fixed rule 2025-12-17 12:21:26 -08:00
Mick Grove
1a496ba01d fixed rule 2025-12-17 12:03:51 -08:00
Mick Grove
db2c0c7b4e - Improved Report Viewer layout 
- Improved Salesforce rule
 2025-12-17 11:57:35 -08:00
Mick Grove
9d76ebd46e improved Jira support and fixed salesforce rule 2025-12-16 17:20:05 -08:00
Mick Grove
d155a33334 improved Jira support and working on salesforce rule, which is broken atm 2025-12-16 16:53:02 -08:00
Mick Grove
195f086afc added dark mode for finding + access map viewer 2025-12-12 17:21:17 -08:00
Mick Grove
f1a77a736c Updated precommit behavior and docs 2025-12-09 12:56:55 -08:00
Mick Grove
356ecc5748 Atlassian key update 2025-12-09 09:48:05 -08:00
Mick Grove
3c141f989a updated entropy on several rules 2025-12-06 16:48:52 -08:00
Mick Grove
c59b7794ca updated posthog rule 2025-12-06 12:58:45 -08:00
Mick Grove
f79b7f4b0c added posthog 2025-12-05 21:45:24 -08:00
Mick Grove
9eff41f4ff Added new rules for AWS Bedrock, Voyage.ai 2025-12-05 16:06:02 -08:00
Mick Grove
d15afe7cea updated tests 2025-11-24 12:49:06 -08:00
Mick Grove
58b17c21ac reducing false positives 2025-11-24 09:33:58 -08:00
Mick Grove
4fb8e616dc added youtube rule 2025-11-23 20:00:19 -08:00
Mick Grove
a5877c4abe added youtube rule 2025-11-23 18:30:02 -08:00
Mick Grove
4c53f2c246 added youtube rule 2025-11-23 17:23:52 -08:00
Mick Grove
ae01a24414 Added checksum to GitLab rule 2025-11-21 12:33:10 -08:00
Mick Grove
17e0ca3594 - Updating to support Bitbucket App Passwords 
- Improved boundaries for several rules
- Added more rules
 2025-11-20 16:33:28 -08:00
Mick Grove
c6b10f0b47 - Skip reporting MongoDB and Postgres findings when their connection strings cannot be parsed, even when validation is disabled. 
- Improve MySQL detection by broadening URI coverage and adding live validation that skips clearly invalid connection strings.
 2025-11-16 23:25:42 -08:00
Mick Grove
8d77f9d298 - Skip reporting MongoDB and Postgres findings when their connection strings cannot be parsed, even when validation is disabled. 
- Improve MySQL detection by broadening URI coverage and adding live validation that skips clearly invalid connection strings.
 2025-11-15 08:43:54 -08:00
Mick Grove
9853d346a6 - Skip reporting MongoDB and Postgres findings when their connection strings cannot be parsed, even when validation is disabled. 
- Improve MySQL detection by broadening URI coverage and adding live validation that skips clearly invalid connection strings.
 2025-11-15 08:23:06 -08:00
Mick Grove
f9d75eaadd - Skip reporting MongoDB and Postgres findings when their connection strings cannot be parsed, even when validation is disabled. 
- Improve MySQL detection by broadening URI coverage and adding live validation that skips clearly invalid connection strings.
 2025-11-15 08:11:25 -08:00