eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
1,572 commits 5 branches 83 tags 53 MiB
Commit graph

203 commits

Author SHA1 Message Date
Mick Grove
dae93afcdd updated docs 2026-05-28 20:21:07 -07:00
Mick Grove
816a75e3e4 add docker --archive support 2026-05-28 13:54:59 -07:00
Mick Grove
394d05dd4d preparing for v1.99.0 2026-05-04 23:10:16 -07:00
Mick Grove
44d67cea1b added SLSA provenance 2026-05-02 00:14:31 -07:00
Mick Grove
1619737e2c improved access map viewer 2026-04-30 18:11:10 -07:00
Mick Grove
8d9f5bed40 Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports. 2026-04-29 08:58:11 -07:00
Mick Grove
997480ffc7 Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports. 2026-04-29 08:12:08 -07:00
Mick Grove
0b89e4b02f added blog posts 2026-04-28 19:21:44 -07:00
Mick Grove
5465d903cf added kingfisher.github.9 to detect the new ~520-character stateless GitHub App installation token format (ghs_<APP_ID>_<JWT>). The legacy 36-character ghs_ rule 2026-04-26 16:56:44 -07:00
Mick Grove
ceff3ab1c5 performance improvements and rule improvements 2026-04-24 00:23:50 -07:00
Mick Grove
6cb404bdcd cargo update 2026-04-23 17:13:18 -07:00
Mick Grove
eb339505f6 performance improvements and rule improvements 2026-04-23 16:54:21 -07:00
Mick Grove
ea19a827a0 performance improvements and rule improvements 2026-04-23 14:45:35 -07:00
Mick Grove
d8e0a41fe8 performance improvements and rule improvements 2026-04-23 14:42:10 -07:00
Mick Grove
7ee1fd5163 performance improvements and rule improvements 2026-04-22 23:39:19 -07:00
Mick Grove
c50b3ba292 performance improvements and rule improvements 2026-04-19 16:33:13 -07:00
Mick Grove
a13b175fc5 performance improvements and rule improvements 2026-04-19 14:50:11 -07:00
Mick Grove
2d63146078 performance improvements and rule improvements 2026-04-17 18:06:17 -07:00
Mick Grove
09961f6feb performance improvements and access map viewer improvements 2026-04-16 13:34:44 -07:00
Mick Grove
c89e527053 bug fix 2026-04-16 06:44:12 -07:00
Mick Grove
93a9cb796e updates to new rules 2026-04-15 17:13:10 -07:00
Mick Grove
efa47ba140 updates to new rules 2026-04-15 14:37:26 -07:00
Mick Grove
6100eeb6b5 updated docs 2026-04-14 22:56:19 -07:00
Mick Grove
365422a819 fixed performance regression 2026-04-09 22:21:02 -07:00
Mick Grove
58e9cfd585 changes in response to PR review 2026-04-08 16:16:31 -07:00
Mick Grove
0cb854872b Replaced tree-sitter with a lighter parser-based context verifier built from handwritten lexers plus tl/cssparser, preserving context-dependent matching while cutting about 19 MB from the release binary. 2026-04-07 23:20:17 -07:00
Mick Grove
45a565fa6e added more rules 2026-04-06 22:18:58 -07:00
Mick Grove
99fb01aa66 fixed failing windows test setup 2026-04-04 17:24:04 -07:00
Mick Grove
a7b8711c5c updated readme 2026-04-04 08:16:15 -07:00
Mick Grove
915dbca646 updated readme 2026-04-04 08:06:46 -07:00
Mick Grove
372b0e579e more rules 2026-04-03 21:35:28 -07:00
Mick Grove
d42620919f updated dependencies 2026-04-01 14:58:08 -07:00
Mick Grove
19fe52a9bf added more access-maps 2026-04-01 10:20:52 -07:00
Mick Grove
ac2198e3bd fixed github actions 2026-03-29 12:32:14 -07:00
Mick Grove
482a60bb9d fixed github actions 2026-03-29 10:41:54 -07:00
Mick Grove
bfcec88482 updated dependencies 2026-03-24 09:40:06 -07:00
Mick Grove
6c32e374c3 openssf scorecard suggested improvements 2026-03-19 20:14:35 -07:00
Mick Grove
e6dd9cd7db v1.90.0 2026-03-18 17:06:55 -07:00
Mick Grove
f0a3bee587 added --max-validation-response-length <BYTES> 2026-03-16 22:25:32 -07:00
Mick Grove
bc1093ca4a v1.90.0 2026-03-15 13:59:07 -07:00
Mick Grove
e54b87a322 added Teams support 2026-03-13 22:53:05 -07:00
Mick Grove
60931c11a9 added Teams support 2026-03-13 17:39:34 -07:00
Mick Grove
ab811c8bcf v1.87.0 2026-03-09 20:11:58 -07:00
Mick Grove
d66d8f0226 added new rules 2026-03-07 21:31:02 -08:00
Mick Grove
0bf066491a v1.86.0 2026-03-05 20:36:27 -08:00
Mick Grove
fcac8cf1b7 rules updated 2026-03-03 16:47:59 -08:00
Mick Grove
0605848ed5 Fix extraction fallback handling 2026-02-28 12:42:08 -07:00
Mick Grove
3220ed3a80 Merge branch 'codex/pr-244-mergeable' into development 
* codex/pr-244-mergeable:
  Add Jira comment and changelog scanning
 2026-02-28 11:14:19 -07:00
Mick Grove
719b91301d Add Jira comment and changelog scanning 2026-02-28 11:13:00 -07:00
Mick Grove
0ae4e8445c Updated kingfisher scan to accept Git repository URLs as positional targets (for example kingfisher scan github.com/org/repo or kingfisher scan https://gitlab.com/group/project.git) without requiring --git-url. 2026-02-26 23:14:18 -07:00