eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
293 commits 5 branches 83 tags 53 MiB
Commit graph

55 commits

Author SHA1 Message Date
Mick Grove
984231e25c Decode Base64 blobs and scan their contents for secrets while skipping short strings for performance 2025-08-30 16:44:55 -07:00
Mick Grove
6f06b1acb3 mproved AWS rule 2025-08-22 13:26:54 -07:00
Mick Grove
245fb20670 - Added '--repo-artifacts' flag to scan repository issues, gists/snippets, and wikis when cloning via '--git-url' 
- Added rules for sendbird, mattermost, langchain, notion
- JWT validation hardened to reject alg:none by default (only allowed if explicitly configured), require iss for OIDC/JWKS verification, ensuring Active Credential means cryptographically verified and time-valid, not just unexpired
- Updated the Git cloning logic to include all refs and minimize clone output, allowing Kingfisher to analyze pull request and deleted branch history
 2025-08-21 15:39:04 -07:00
Mick Grove
d2f40c477f Fixed issue with self-update on Linux 2025-08-19 09:30:26 -07:00
Mick Grove
41a4ebb60f - Added rules for clearbit, kickbox, azure container registry, improved Azure Storage key 
- Grouped JSON and JSONL outputs by rule, restoring matches arrays in reports
 2025-08-18 22:56:34 -07:00
Mick Grove
0ce72739dc Improved language detection 2025-08-15 16:08:46 -07:00
Mick Grove
d74c86818a added rule for Vercel 2025-08-13 15:35:04 -07:00
Mick Grove
e7a8da6b3c Dropped the “prevalidated” flag from rule definitions and validation logic so every finding now flows through the standard active/inactive/unknown pipeline, simplifying rule configuration and preventing special‑case bypasses 2025-08-13 08:22:53 -07:00
Mick Grove
979d5e0f3d Added support for scanning Confluence pages 2025-08-11 08:04:52 -07:00
Mick Grove
229a66655c Added X Consumer key detection and validation 2025-08-09 08:46:07 -07:00
Mick Grove
02803a9bb2 GitLab: include nested subgroup projects when enumerating group repositories 2025-08-08 15:11:36 -07:00
Mick Grove
061d3d97ed JWT tokens without both 'iss' and 'aud' are no longer reported as active credentials 2025-08-07 17:21:31 -07:00
Mick Grove
0b8e8fcc75 Remote scans with --git-history=none now clone repositories with a working tree and scan the current files instead of erroring with 'No inputs to scan.' 2025-08-06 19:15:50 -07:00
Mick Grove
756fd89097 - Use system TLS root certificates to support self-hosted GitLab instances with internal CAs 
- Added new rule: Coze personal access token
 2025-08-05 14:45:51 -07:00
Mick Grove
3ebb8ecf8e - Fixed header precedence so custom HTTP validation headers like "Accept" are preserved 
- Added new Heroku rule
 2025-08-04 21:38:23 -07:00
Mick Grove
459d4d0ef0
 		Apply suggestions from code review 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-08-03 10:37:02 -07:00
Mick Grove
ef6ba415f2 improving s3 bucket scanning feature 2025-08-03 08:13:08 -07:00
Mick Grove
96ab0d4b59 -Added support for scanning AWS S3 buckets via --s3-bucket and optional --s3-prefix 
- Added --role-arn and --aws-local-profile flags for S3 authentication alongside KF_AWS_KEY/KF_AWS_SECRET
 2025-08-02 20:40:16 -07:00
Mick Grove
8a74eba160 - New rules: Telegram bot token, OpenWeatherMap, Apify 
- New OpenAI detectors added (@joshlarsen)
- Fixed bug that broke validation when using unnamed group captures
 2025-08-01 16:56:04 -07:00
Mick Grove
97135c01fd Fixed validation caching for HTTP validators to include rendered headers so inactive secrets no longer appear active, in some cases 2025-08-01 09:15:24 -07:00
Mick Grove
f0a99dcfcd bug fixes in response to code review. Also added support for ed25519 coinbase cdp api keys 2025-07-31 18:29:21 -07:00
Mick Grove
92f8513945 updated version number 2025-07-31 16:53:52 -07:00
Mick Grove
51bc64339c - Fixed issue when more than 1 named capture group is used in a rule variable 
- Added 2 new liquid template filters: 'b64dec' and 'es256_sign'
- Added custom validator for Coinbase, and a Coinbase rule that uses it
 2025-07-31 16:52:50 -07:00
Mick Grove
3320863962 Added support for Slack 2025-07-29 19:00:49 -07:00
Mick Grove
d9e3a61689 changed from oci-distribution to newer oci-client 2025-07-28 09:55:48 -07:00
Mick Grove
29b97b4091 WIP: Adding support for scanning Docker images 2025-07-27 14:59:19 -07:00
Mick Grove
9a3fabdbf2 WIP: Adding support for scanning Docker images 2025-07-27 12:20:20 -07:00
Mick Grove
33592fbc65 added buildkite rule 2025-07-26 22:00:05 -07:00
Mick Grove
5c8f7d88ef Added support for scanning issues returned from a JQL search using --jira-url and --jql 2025-07-25 17:23:18 -07:00
Mick Grove
a708fc6eea Added ElevenLabs rule 2025-07-25 10:31:17 -07:00
Mick Grove
2650bcc751 Fixed version number 2025-07-23 19:58:24 -07:00
Mick Grove
793b9e847c Fixed Gitlab support. Added pre-commit and pre-receive installation scripts. 2025-07-23 19:57:33 -07:00
Mick Grove
bc5ecd6b1c Fixed permission issue with cargo-deb running after docker based linux build 2025-07-22 08:25:42 -07:00
Mick Grove
71bab5ca8a - Now generating DEB and RPM packages 
- Now releasing Docker images, and updated README
- Added rule for Scale, Deepgram, AssemblyAI
 2025-07-21 15:21:40 -07:00
Mick Grove
c4e3e5d1d7 - Now generating DEB and RPM packages 
- Now releasing Docker images, and updated README
- Added rule for Scale, Deepgram, AssemblyAI
 2025-07-21 15:21:10 -07:00
Mick Grove
8f587f62de Updating GitHub Action to generate Docker image. Added rules for Diffbot, ai21, baseten. Fixed supabase rule. Added 'alg' to JWT validation output 2025-07-18 15:26:18 -07:00
Mick Grove
b06baeb7bd updated README 2025-07-17 15:11:35 -07:00
Mick Grove
572d8146e7 upgraded cargo dependencies 2025-07-17 14:31:09 -07:00
Mick Grove
7b161030a3 Added rule for Google Gemini AI 2025-07-17 11:07:44 -07:00
Mick Grove
93f1e3b1da JWT validation performs OpenID Connect discovery using the iss claim and verifies signatures via JWKS 2025-07-14 15:31:44 -07:00
Mick Grove
3520c5fba5 Added baseline feature with --baseline-file and --manage-baseline flags. Introduced --exclude option for skipping paths 2025-07-14 13:18:24 -07:00
Mick Grove
0ab21ace99 improved azure storage rule. Added rule to detect TravisCI encrypted values 2025-07-12 22:44:34 -07:00
Mick Grove
cd4f626502 Added support for HTTP request bodies in rule validation. Added mistral and perplexity rule 2025-07-08 17:49:12 -07:00
Mick Grove
2280bee6e2 JSON output was missing committer name and email 2025-07-02 15:13:31 -07:00
Mick Grove
c6567ee04b Restored --version cli argument. Added a test for it 2025-07-01 10:31:09 -07:00
Mick Grove
65de1b0290 added rules for deepseek, xai. Removed branding. Added a NOTICE file 2025-06-30 17:04:29 -07:00
Mick Grove
366f6fab5b Added test to prevent this and similar issues 2025-06-29 22:01:25 -07:00
Mick Grove
1bf87935c8 added rules for nasa, teamcity 2025-06-28 09:05:19 -07:00
Mick Grove
87d2a83e3e Fix: HTML detection now requires both HTML content-type and html tag, fixing webhook false negatives 2025-06-27 15:28:34 -07:00
Mick Grove
37cdf1fb69 Improved Updater text. Cleaned up more rules and the examples included with them. 2025-06-26 14:29:36 -07:00