eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
415 commits 5 branches 83 tags 53 MiB
Commit graph

415 commits

This branch
This branch
All branches
Author SHA1 Message Date
amone
7ddaa2bfc9 update: just sort and dedup once 2025-10-21 16:36:05 +08:00
Mick Grove
8f7772b3cc
 		Merge pull request #127 from mongodb/development v1.59.0 
v1.59.0
 2025-10-20 21:19:15 -07:00
Mick Grove
dd37bfbbca - Fixed kingfisher scan so that providing --branch without --since-commit now diffs the branch against the empty tree and scans every commit reachable from that branch. 
- Added rules for meraki, duffel, finnhub, frameio, freshbooks, gitter, infracost, launchdarkly, lob, maxmind, messagebird, nytimes, prefect, salingo, sendinblue, sentry, shippo, twitch, typeform
 2025-10-20 19:36:50 -07:00
Mick Grove
79a2969980 - Fixed kingfisher scan so that providing --branch without --since-commit now diffs the branch against the empty tree and scans every commit reachable from that branch. 
- Added rules for meraki, duffel, finnhub, frameio, freshbooks, gitter, infracost, launchdarkly, lob, maxmind, messagebird, nytimes, prefect, salingo, sendinblue, sentry, shippo, twitch, typeform
 2025-10-20 19:35:14 -07:00
Mick Grove
3d10422bcc - Fixed kingfisher scan so that providing --branch without --since-commit now diffs the branch against the empty tree and scans every commit reachable from that branch. 
- Added rules for meraki, duffel, finnhub, frameio, freshbooks, gitter, infracost, launchdarkly, lob, maxmind, messagebird, nytimes, prefect, salingo, sendinblue, sentry, shippo, twitch, typeform
 2025-10-20 19:33:37 -07:00
Mick Grove
212bda4100 - Fixed kingfisher scan so that providing --branch without --since-commit now diffs the branch against the empty tree and scans every commit reachable from that branch. 
- Added rules for meraki, duffel, finnhub, frameio, freshbooks, gitter, infracost, launchdarkly, lob, maxmind, messagebird, nytimes, prefect, salingo, sendinblue, sentry, shippo, twitch, typeform
 2025-10-20 18:23:12 -07:00
Mick Grove
fecf858bfd
 		Merge pull request #125 from mongodb/development v1.58.0 
v1.58.0
 2025-10-16 13:29:38 -07:00
Mick Grove
03e218d7f9 change in response to code review 2025-10-16 10:54:48 -07:00
Mick Grove
63fa008992 change in response to code review 2025-10-16 10:52:33 -07:00
Mick Grove
be14f632b2 change in response to code review 2025-10-16 10:50:37 -07:00
Mick Grove
6525c48e30 change in response to code review 2025-10-16 10:50:07 -07:00
Mick Grove
f65b0b2c22 change in response to code review 2025-10-16 10:20:18 -07:00
Mick Grove
a04741c756 updated dependencies 2025-10-16 10:09:06 -07:00
Mick Grove
a6824aa753 updated ci to use Rust 1.90 2025-10-15 23:01:28 -07:00
Mick Grove
8aced005b8 - Added first-class Hugging Face scanning support, including CLI enumeration, token authentication, and integration with remote scans. 
- Condensed GitError formatting to report the exit status and the first informative lines from stdout/stderr, producing concise git clone failure logs.
- Added support for scanning Google Cloud Storage buckets via --gcs-bucket, including optional prefixes and service-account authentication.
- Added --skip-aws-account (now accepting comma-separated values) and --skip-aws-account-file to bypass live AWS validation for known canary/honey-token account IDs without triggering alerts. Kingfisher now ships with several canary AWS account IDs pre-seeded in the skip list and now reports matching findings as "Not Attempted" with the "Response" containing "(skip list entry)" so its clear that validation was intentionally skipped and why.
 2025-10-15 22:47:40 -07:00
Mick Grove
8cd220a42e
 		Merge pull request #123 from mongodb/development v1.57.0 
v1.57.0
 2025-10-11 18:30:11 -07:00
Mick Grove
50f703f42c kingfisher:ignore is only directive built-in 2025-10-11 18:04:00 -07:00
Mick Grove
b3de6140d3
 		Merge pull request #122 from mongodb/development 
v1.57.0
 2025-10-11 17:08:30 -07:00
Mick Grove
82319928d2 kingfisher:ignore is only directive built-in 2025-10-11 15:27:21 -07:00
Mick Grove
1208fe8544 Respect user color settings in update messages by using the same color helper as the main reporter, ensuring consistent output and no ANSI codes on update check, when color is disabled 2025-10-11 12:36:35 -07:00
Mick Grove
0c8a8aa1a5 - Added a --no-ignore CLI flag to disable inline directives when you need every potential secret reported 
- Added: repeatable --ignore-comment <TOKEN> flag to reuse inline directives from other scanners (for example NOSONAR,
  kics-scan ignore, gitleaks:allow, etc)
 2025-10-10 16:25:26 -07:00
Mick Grove
ad26211190 - Added a --no-ignore CLI flag to disable inline directives when you need every potential secret reported 
- Added: repeatable --ignore-comment <TOKEN> flag to reuse inline directives from other scanners (for example NOSONAR,
  kics-scan ignore, gitleaks:allow, etc)
 2025-10-10 16:23:41 -07:00
Mick Grove
bb66153a13 - Added kingfisher:ignore (or kingfisher:allow) to silence a finding inline within a file 
- Added: to reuse existing inline directives from other scanners, pass --compat-ignore-comments to also accept NOSONAR, kics-scan ignore,  gitleaks:allow and trufflehog:ignore
 2025-10-09 20:53:17 -07:00
Mick Grove
387727f37f
 		Merge pull request #121 from mongodb/inline-ignore 
- Added kingfisher:ignore (or kingfisher:allow) to silence a finding …
 2025-10-09 20:19:16 -07:00
Mick Grove
4813951b28
 		Merge branch 'development' into inline-ignore 
Signed-off-by: Mick Grove <mick.grove@mongodb.com>
 2025-10-09 20:19:02 -07:00
Mick Grove
1ee53ec88b - Added kingfisher:ignore (or kingfisher:allow) to silence a finding inline within a file 
- Added: to reuse existing inline directives from other scanners, pass --compat-ignore-comments to also accept NOSONAR, kics-scan ignore,  gitleaks:allow and trufflehog:ignore
 2025-10-09 20:11:31 -07:00
Mick Grove
9f135d668e - Added kingfisher:ignore (or kingfisher:allow) to silence a finding inline within a file 
- Added: to reuse existing inline directives from other scanners, pass --compat-ignore-comments to also accept NOSONAR, kics-scan ignore,  gitleaks:allow and trufflehog:ignore
 2025-10-09 17:59:22 -07:00
Mick Grove
4d12f23d12 - Added kingfisher:ignore (or kingfisher:allow) to silence a finding inline within a file 
- Added: to reuse existing inline directives from other scanners, pass --compat-ignore-comments to also accept NOSONAR, kics-scan ignore,  gitleaks:allow and trufflehog:ignore
 2025-10-09 17:59:10 -07:00
Mick Grove
1b7d682950
 		Merge pull request #120 from mongodb/development v1.56.0 
v1.56.0
 2025-10-08 12:59:27 -07:00
Mick Grove
e88a5f1342 Fixed tree-sitter scanning bug where passing --no-base64 caused errors to be printed when the file type couldn’t be determined 2025-10-08 10:55:43 -07:00
Mick Grove
f11df224f9 Fixed tree-sitter scanning bug where passing --no-base64 caused errors to be printed when the file type couldn’t be determined 2025-10-08 10:38:28 -07:00
Mick Grove
ff55eb6d6b Fixed tree-sitter scanning bug where passing --no-base64 caused errors to be printed when the file type couldn’t be determined 2025-10-08 09:47:56 -07:00
Mick Grove
948bde9d8b Fixed tree-sitter scanning bug where passing --no-base64 caused errors to be printed when the file type couldn’t be determined 2025-10-08 08:59:34 -07:00
Mick Grove
432c1fc0bc Fixed tree-sitter scanning bug where passing --no-base64 caused errors to be printed when the file type couldn’t be determined 2025-10-08 08:59:25 -07:00
Mick Grove
db4de57c91
 		Merge pull request #118 from mongodb/development v1.55.0 
v1.55.0
 2025-10-05 20:25:29 -07:00
Mick Grove
39dc0b0e35 Fixed test 2025-10-05 18:07:45 -07:00
Mick Grove
8fe340a294 Updated README 2025-10-05 16:58:50 -07:00
Mick Grove
5e5cfb818d Updated README 2025-10-05 16:44:33 -07:00
Mick Grove
6a3db7af67 Updated README 2025-10-05 16:42:29 -07:00
Mick Grove
bc981cb61a Updated README 2025-10-05 16:38:10 -07:00
Mick Grove
3e33079aac Updated README 2025-10-05 16:37:15 -07:00
Mick Grove
cf45930e2c Added first-class Azure Repos support, including CLI commands, enumeration, and documentation updates. Fixed a few bugs. 2025-10-05 10:48:57 -07:00
Mick Grove
69dc42f5bb Added first-class Azure Repos support, including CLI commands, enumeration, and documentation updates 2025-10-04 23:12:28 -07:00
Mick Grove
74e47fc592 - Improved performance of tree-sitter parsing 
- Updated Windows build script to ensure static binary is produced
 2025-10-03 17:22:28 -07:00
Mick Grove
583351e45e
 		Merge pull request #116 from mongodb/development v1.54.0 
v1.54.0
 2025-09-24 12:30:22 -07:00
Mick Grove
516e25d125 Replaced Match::finding_id’s SHA1-based hashing with a fast xxh3_64 digest that keeps IDs deterministic while eliminating a hot-path SHA1 dependency 2025-09-24 12:22:56 -07:00
Mick Grove
98204011ab
 		Merge pull request #115 from mongodb/development 
v1.54.0
 2025-09-24 12:13:10 -07:00
Mick Grove
f5db34a985 Changes in response to code review 2025-09-24 10:43:51 -07:00
Mick Grove
69c14f7451 Populate the finding path from git blob metadata so history-derived secrets display their file location instead of an empty path 2025-09-24 10:06:47 -07:00
Mick Grove
04af6a6b3a Populate the finding path from git blob metadata so history-derived secrets display their file location instead of an empty path 2025-09-23 17:24:11 -07:00