kingfisher

Author	SHA1	Message	Date
Mick Grove	910d6d9dd3	preparing for v1.99.0	2026-05-04 19:24:46 -07:00
Mick Grove	bacdca6a52	preparing for v1.99.0	2026-05-04 19:00:45 -07:00
Mick Grove	b28f15252c	preparing for v1.99.0	2026-05-04 18:03:29 -07:00
Mick Grove	e30a7539b2	preparing for v1.99.0	2026-05-04 17:22:21 -07:00
Mick Grove	a9cdaea6cd	preparing for v1.99.0	2026-05-04 14:48:41 -07:00
Mick Grove	f6e05f0211	preparing for v1.99.0	2026-05-04 13:26:11 -07:00
Mick Grove	0e1fe0cede	webhook support and kingfisher configuration yaml support	2026-05-03 23:10:45 -07:00
Mick Grove	a4cf3990a5	webhook support and kingfisher configuration yaml support	2026-05-03 22:11:26 -07:00
Mick Grove	44d67cea1b	added SLSA provenance	2026-05-02 00:14:31 -07:00
Mick Grove	b2287c99ee	--self-update (alias --update) on a scan or other command now re-execs into the freshly installed binary so the current invocation completes with the new code and the latest detection rules. Previously the on-disk binary was replaced but the running process kept using the old in-memory version, requiring a second invocation to pick up the changes. On Unix this is a true exec() (same PID); on Windows the new binary is spawned and the parent exits with its status code. The explicit kingfisher self-update subcommand still updates and exits without re-execing. Self-update now also covers Windows arm64 (the asset was already published; the runtime cfg map gained the missing arm). See docs/ADVANCED.md → Update Checks.	2026-05-01 20:14:27 -07:00
Mick Grove	1619737e2c	improved access map viewer	2026-04-30 18:11:10 -07:00
Mick Grove	20e08105cf	improved github organization scanning	2026-04-30 16:40:43 -07:00
Mick Grove	632bb0113d	copilot fixes	2026-04-30 12:07:15 -07:00
Mick Grove	87f6bd818f	copilot fixes	2026-04-30 11:40:22 -07:00
Mick Grove	b89c952043	copilot fixes	2026-04-30 11:28:45 -07:00
Mick Grove	cceab35ec1	copilot fixes	2026-04-30 10:56:35 -07:00
Mick Grove	90737f098c	copilot fixes	2026-04-30 09:29:23 -07:00
Mick Grove	b7b6dfdeb2	copilot fixes	2026-04-30 09:02:49 -07:00
Mick Grove	06f72ec9f0	copilot fixes	2026-04-30 08:38:14 -07:00
Mick Grove	2c08659563	copilot fixes	2026-04-30 00:32:49 -07:00
Mick Grove	c94bd89195	copilot fixes	2026-04-29 23:42:33 -07:00
Mick Grove	327342a1bb	copilot fixes	2026-04-29 23:16:21 -07:00
Mick Grove	30b9eba427	copilot fixes	2026-04-29 22:50:31 -07:00
Mick Grove	ab93d4d242	Revert msys2/setup-msys2 to v2.31.0 v2.31.1 fails to verify MSYS2 package database PGP signatures on GitHub-hosted Windows runners ("signature from Christoph Reiter ... is unknown trust" for clangarm64/mingw32/mingw64/ucrt64/clang64/msys), which breaks the Windows ARM64 (and x64) jobs at the pacman -Syuu step. Pinning back to v2.31.0 until upstream ships a fix.	2026-04-29 12:57:56 -07:00
Mick Grove	1337588c7b	Added first-class Postman scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports.	2026-04-29 11:46:17 -07:00
Mick Grove	c387ac08d2	Added first-class Postman scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports.	2026-04-29 11:09:47 -07:00
Mick Grove	8d9f5bed40	Added first-class Postman scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports.	2026-04-29 08:58:11 -07:00
Mick Grove	997480ffc7	Added first-class Postman scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports.	2026-04-29 08:12:08 -07:00
Mick Grove	0b89e4b02f	added blog posts	2026-04-28 19:21:44 -07:00
Mick Grove	bf6c7da4a4	added blog posts	2026-04-28 15:28:48 -07:00
Mick Grove	cafa97f8d1	Updated rule	2026-04-27 14:26:07 -07:00
Mick Grove	19dafa42ea	Added provider endpoint overrides for validation and revocation via global --endpoint PROVIDER=URL and --endpoint-config FILE, with built-in support for self-hosted GitHub, GitLab, Gitea, Jira, Confluence, and Artifactory instances.	2026-04-27 13:20:16 -07:00
Mick Grove	5465d903cf	added kingfisher.github.9 to detect the new ~520-character stateless GitHub App installation token format (ghs_<APP_ID>_<JWT>). The legacy 36-character ghs_ rule	2026-04-26 16:56:44 -07:00
Mick Grove	2320a7ff72	performance improvements and rule improvements	2026-04-24 13:51:23 -07:00
Mick Grove	c73a44fbf9	performance improvements and rule improvements	2026-04-24 12:02:27 -07:00
Mick Grove	ceff3ab1c5	performance improvements and rule improvements	2026-04-24 00:23:50 -07:00
Mick Grove	a4e8117c8e	performance improvements and rule improvements	2026-04-24 00:14:56 -07:00
Mick Grove	cb4951c62c	performance improvements and rule improvements	2026-04-23 17:25:07 -07:00
Mick Grove	6cb404bdcd	cargo update	2026-04-23 17:13:18 -07:00
Mick Grove	69fb4352f7	cargo update	2026-04-23 16:57:51 -07:00
Mick Grove	eb339505f6	performance improvements and rule improvements	2026-04-23 16:54:21 -07:00
Mick Grove	ea19a827a0	performance improvements and rule improvements	2026-04-23 14:45:35 -07:00
Mick Grove	d8e0a41fe8	performance improvements and rule improvements	2026-04-23 14:42:10 -07:00
Mick Grove	7ee1fd5163	performance improvements and rule improvements	2026-04-22 23:39:19 -07:00
Mick Grove	30fcc49d92	performance improvements and rule improvements	2026-04-22 21:44:09 -07:00
Mick Grove	88e8604dc5	performance improvements and rule improvements	2026-04-22 20:41:44 -07:00
Mick Grove	2ef065abf9	performance improvements and rule improvements	2026-04-21 16:54:01 -07:00
Mick Grove	3645db2214	performance improvements and rule improvements	2026-04-21 16:44:49 -07:00
Mick Grove	d19893dd6f	performance improvements and rule improvements	2026-04-21 16:08:14 -07:00
Mick Grove	0afd39416c	performance improvements and rule improvements	2026-04-21 14:52:03 -07:00

1 2 3 4 5 ...

1,516 commits