eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
1,280 commits 5 branches 83 tags 53 MiB
Commit graph

116 commits

Author SHA1 Message Date
Mick Grove
6a974907ee Added support for Gitea 2025-09-23 13:07:45 -07:00
Mick Grove
5c70fdc8e5 Added support for BitBucket 2025-09-22 18:21:03 -07:00
Mick Grove
19cca00c2b Removed the unused --rlimit-nofile flag 2025-09-18 17:02:56 -07:00
Mick Grove
866bf63202 Added diff-only Git scanning via --since-commit and --branch, including remote-aware ref resolution so CI jobs can pair --git-url clones with pull request branches 2025-09-16 14:20:43 -07:00
Mick Grove
563fa66d46 Added --github-exclude and --gitlab-exclude options to skip specific repositories when scanning or listing GitHub and GitLab sources, including support for gitignore-style glob patterns 2025-09-15 21:26:51 -07:00
Mick Grove
6a1d9e4142 - Enabled MongoDB URI validation 
- AWS + GCP validators now respect HTTPS_PROXY and share a consistent user agent across AWS, GCP, and HTTP validation
 2025-09-09 16:45:02 -07:00
Mick Grove
99a607213c fix windows x64 builds 2025-09-05 13:14:12 -07:00
Mick Grove
82e4d7b620 updated readme 2025-09-04 23:52:43 -07:00
Mick Grove
3896ca40f9 updated sha1 crate 2025-09-04 22:24:30 -07:00
Mick Grove
8d15c8eabf - Improved error message when self-update cannot find the current binary 
- Optimized memory usage via string interning and extensive data sharing
- Replaced quadratic match filtering with a per-rule span map, fixing missed secrets in extremely large files and improving scan performance
- Support scanning extremely large files by chunking input into 1 GiB segments with small overlaps, avoiding vectorscan buffer limits while preserving match offsets
- Always use chunked vectorscan, eliminating the slow regex fallback for blobs over 4 GiB
- Skip Base64 scanning for blobs over 64 MB to avoid a second pass over massive files
- Increased max-file-size default to 64 MB (up from 25 MB)
 2025-09-04 21:51:24 -07:00
Mick Grove
52b2c02ee9 Optimized memory usage via string interning and extensive data sharing 2025-09-03 09:52:49 -07:00
Mick Grove
9de355a5c8 Decode Base64 blobs and scan their contents for secrets while skipping short strings for performance 2025-08-30 16:44:55 -07:00
Mick Grove
ef4cb03226 mproved AWS rule 2025-08-22 13:26:54 -07:00
Mick Grove
81d2f47c67 - Added '--repo-artifacts' flag to scan repository issues, gists/snippets, and wikis when cloning via '--git-url' 
- Added rules for sendbird, mattermost, langchain, notion
- JWT validation hardened to reject alg:none by default (only allowed if explicitly configured), require iss for OIDC/JWKS verification, ensuring Active Credential means cryptographically verified and time-valid, not just unexpired
- Updated the Git cloning logic to include all refs and minimize clone output, allowing Kingfisher to analyze pull request and deleted branch history
 2025-08-21 15:39:04 -07:00
Mick Grove
343c08ed00 Fixed issue with self-update on Linux 2025-08-19 09:30:26 -07:00
Mick Grove
951b62d61e - Added rules for clearbit, kickbox, azure container registry, improved Azure Storage key 
- Grouped JSON and JSONL outputs by rule, restoring matches arrays in reports
 2025-08-18 22:56:34 -07:00
Mick Grove
695b051e24 Improved language detection 2025-08-15 16:08:46 -07:00
Mick Grove
e83b171694 added rule for Vercel 2025-08-13 15:35:04 -07:00
Mick Grove
8c71eae231 Dropped the “prevalidated” flag from rule definitions and validation logic so every finding now flows through the standard active/inactive/unknown pipeline, simplifying rule configuration and preventing special‑case bypasses 2025-08-13 08:22:53 -07:00
Mick Grove
38371b538e Added support for scanning Confluence pages 2025-08-11 08:04:52 -07:00
Mick Grove
3458c37d33 Added X Consumer key detection and validation 2025-08-09 08:46:07 -07:00
Mick Grove
97956bcc3f GitLab: include nested subgroup projects when enumerating group repositories 2025-08-08 15:11:36 -07:00
Mick Grove
d8624972ec JWT tokens without both 'iss' and 'aud' are no longer reported as active credentials 2025-08-07 17:21:31 -07:00
Mick Grove
a81cfb963a Remote scans with --git-history=none now clone repositories with a working tree and scan the current files instead of erroring with 'No inputs to scan.' 2025-08-06 19:15:50 -07:00
Mick Grove
5931847300 - Use system TLS root certificates to support self-hosted GitLab instances with internal CAs 
- Added new rule: Coze personal access token
 2025-08-05 14:45:51 -07:00
Mick Grove
8ff147c08c - Fixed header precedence so custom HTTP validation headers like "Accept" are preserved 
- Added new Heroku rule
 2025-08-04 21:38:23 -07:00
Mick Grove
cb5595be23 Apply suggestions from code review 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-08-03 10:37:02 -07:00
Mick Grove
57cb4f320c improving s3 bucket scanning feature 2025-08-03 08:13:08 -07:00
Mick Grove
40e760ea2c -Added support for scanning AWS S3 buckets via --s3-bucket and optional --s3-prefix 
- Added --role-arn and --aws-local-profile flags for S3 authentication alongside KF_AWS_KEY/KF_AWS_SECRET
 2025-08-02 20:40:16 -07:00
Mick Grove
46d0ecce3b - New rules: Telegram bot token, OpenWeatherMap, Apify 
- New OpenAI detectors added (@joshlarsen)
- Fixed bug that broke validation when using unnamed group captures
 2025-08-01 16:56:04 -07:00
Mick Grove
f48eeb79e2 Fixed validation caching for HTTP validators to include rendered headers so inactive secrets no longer appear active, in some cases 2025-08-01 09:15:24 -07:00
Mick Grove
902446d754 bug fixes in response to code review. Also added support for ed25519 coinbase cdp api keys 2025-07-31 18:29:21 -07:00
Mick Grove
1cd69dc267 updated version number 2025-07-31 16:53:52 -07:00
Mick Grove
e73aec9d70 - Fixed issue when more than 1 named capture group is used in a rule variable 
- Added 2 new liquid template filters: 'b64dec' and 'es256_sign'
- Added custom validator for Coinbase, and a Coinbase rule that uses it
 2025-07-31 16:52:50 -07:00
Mick Grove
bcf2b60e0b Added support for Slack 2025-07-29 19:00:49 -07:00
Mick Grove
cdbf3ffac1 changed from oci-distribution to newer oci-client 2025-07-28 09:55:48 -07:00
Mick Grove
8739c92572 WIP: Adding support for scanning Docker images 2025-07-27 14:59:19 -07:00
Mick Grove
627ef98881 WIP: Adding support for scanning Docker images 2025-07-27 12:20:20 -07:00
Mick Grove
e6693b480e added buildkite rule 2025-07-26 22:00:05 -07:00
Mick Grove
63a757fba8 Added support for scanning issues returned from a JQL search using --jira-url and --jql 2025-07-25 17:23:18 -07:00
Mick Grove
1ac413bbee Added ElevenLabs rule 2025-07-25 10:31:17 -07:00
Mick Grove
9a87e30171 Fixed version number 2025-07-23 19:58:24 -07:00
Mick Grove
9b4856d7d5 Fixed Gitlab support. Added pre-commit and pre-receive installation scripts. 2025-07-23 19:57:33 -07:00
Mick Grove
83bde3247e Fixed permission issue with cargo-deb running after docker based linux build 2025-07-22 08:25:42 -07:00
Mick Grove
39a4f1d25b - Now generating DEB and RPM packages 
- Now releasing Docker images, and updated README
- Added rule for Scale, Deepgram, AssemblyAI
 2025-07-21 15:21:40 -07:00
Mick Grove
1f1dbf312f - Now generating DEB and RPM packages 
- Now releasing Docker images, and updated README
- Added rule for Scale, Deepgram, AssemblyAI
 2025-07-21 15:21:10 -07:00
Mick Grove
8b2c79e70f Updating GitHub Action to generate Docker image. Added rules for Diffbot, ai21, baseten. Fixed supabase rule. Added 'alg' to JWT validation output 2025-07-18 15:26:18 -07:00
Mick Grove
7d28ab531d updated README 2025-07-17 15:11:35 -07:00
Mick Grove
6bcfd6bc48 upgraded cargo dependencies 2025-07-17 14:31:09 -07:00
Mick Grove
bf24b0c563 Added rule for Google Gemini AI 2025-07-17 11:07:44 -07:00