eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
1,280 commits 5 branches 83 tags 53 MiB
Commit graph

137 commits

Author SHA1 Message Date
Mick Grove
bd83568644 updated smoke_branch tests 2025-10-26 00:13:31 -07:00
Mick Grove
2e5fcf1c15 - Fixed local filesystem scans to keep open_path_as_is enabled when opening Git repositories and only disable it for diff-based scans. 
- Created Linux and Windows specific installer script
- Updated diff-focused scanning so --branch-root-commit can be provided alongside --branch, letting you diff from a chosen commit while targeting a specific branch tip (still defaulting back to the --branch ref when the commit is omitted).
 2025-10-25 17:25:29 -07:00
Mick Grove
7d9d3be132 - Fixed local filesystem scans to keep open_path_as_is enabled when opening Git repositories and only disable it for diff-based scans. 
- Created Linux and Windows specific installer script
- Updated diff-focused scanning so --branch-root-commit can be provided alongside --branch, letting you diff from a chosen commit while targeting a specific branch tip (still defaulting back to the --branch ref when the commit is omitted).
 2025-10-25 17:12:51 -07:00
Mick Grove
ea1bd2a022 Fixed bug in test when run on Windows 2025-10-23 21:28:37 -07:00
Mick Grove
8fda3eaa3b Fixed bug in test when run on Windows 2025-10-23 21:04:26 -07:00
Mick Grove
b50ef4172c added tests for --branch and --since-commit feature 2025-10-23 17:37:40 -07:00
Mick Grove
0ec8ebd59b added tests for --branch and --since-commit feature 2025-10-23 17:27:40 -07:00
Mick Grove
88bc02c91a added tests for --branch and --since-commit feature 2025-10-23 17:02:51 -07:00
Mick Grove
9f91cbdab6 added tests for --branch and --since-commit feature 2025-10-23 17:02:31 -07:00
Mick Grove
98333a4bda updated anthropic rule 2025-10-23 15:02:30 -07:00
Mick Grove
03d7364888 - Added first-class Hugging Face scanning support, including CLI enumeration, token authentication, and integration with remote scans. 
- Condensed GitError formatting to report the exit status and the first informative lines from stdout/stderr, producing concise git clone failure logs.
- Added support for scanning Google Cloud Storage buckets via --gcs-bucket, including optional prefixes and service-account authentication.
- Added --skip-aws-account (now accepting comma-separated values) and --skip-aws-account-file to bypass live AWS validation for known canary/honey-token account IDs without triggering alerts. Kingfisher now ships with several canary AWS account IDs pre-seeded in the skip list and now reports matching findings as "Not Attempted" with the "Response" containing "(skip list entry)" so its clear that validation was intentionally skipped and why.
 2025-10-15 22:47:40 -07:00
Mick Grove
3647d759a3 - Added a --no-ignore CLI flag to disable inline directives when you need every potential secret reported 
- Added: repeatable --ignore-comment <TOKEN> flag to reuse inline directives from other scanners (for example NOSONAR,
  kics-scan ignore, gitleaks:allow, etc)
 2025-10-10 16:23:41 -07:00
Mick Grove
92de1ba63d - Added kingfisher:ignore (or kingfisher:allow) to silence a finding inline within a file 
- Added: to reuse existing inline directives from other scanners, pass --compat-ignore-comments to also accept NOSONAR, kics-scan ignore,  gitleaks:allow and trufflehog:ignore
 2025-10-09 20:53:17 -07:00
Mick Grove
1f5b96c8d3 Merge branch 'development' into inline-ignore 
Signed-off-by: Mick Grove <mick.grove@mongodb.com>
 2025-10-09 20:19:02 -07:00
Mick Grove
a003b732fa - Added kingfisher:ignore (or kingfisher:allow) to silence a finding inline within a file 
- Added: to reuse existing inline directives from other scanners, pass --compat-ignore-comments to also accept NOSONAR, kics-scan ignore,  gitleaks:allow and trufflehog:ignore
 2025-10-09 20:11:31 -07:00
Mick Grove
caf766b731 - Added kingfisher:ignore (or kingfisher:allow) to silence a finding inline within a file 
- Added: to reuse existing inline directives from other scanners, pass --compat-ignore-comments to also accept NOSONAR, kics-scan ignore,  gitleaks:allow and trufflehog:ignore
 2025-10-09 17:59:10 -07:00
Mick Grove
7c85b89aae Fixed tree-sitter scanning bug where passing --no-base64 caused errors to be printed when the file type couldn’t be determined 2025-10-08 08:59:25 -07:00
Mick Grove
ec1d640b74 Added first-class Azure Repos support, including CLI commands, enumeration, and documentation updates 2025-10-04 23:12:28 -07:00
Mick Grove
d6d854c168 - Improved performance of tree-sitter parsing 
- Updated Windows build script to ensure static binary is produced
 2025-10-03 17:22:28 -07:00
Mick Grove
6a974907ee Added support for Gitea 2025-09-23 13:07:45 -07:00
Mick Grove
5c70fdc8e5 Added support for BitBucket 2025-09-22 18:21:03 -07:00
Mick Grove
19cca00c2b Removed the unused --rlimit-nofile flag 2025-09-18 17:02:56 -07:00
Mick Grove
866bf63202 Added diff-only Git scanning via --since-commit and --branch, including remote-aware ref resolution so CI jobs can pair --git-url clones with pull request branches 2025-09-16 14:20:43 -07:00
Mick Grove
563fa66d46 Added --github-exclude and --gitlab-exclude options to skip specific repositories when scanning or listing GitHub and GitLab sources, including support for gitignore-style glob patterns 2025-09-15 21:26:51 -07:00
Mick Grove
ba12a5b2be preparing for v1.48.0 2025-09-05 09:31:52 -07:00
Mick Grove
52b2c02ee9 Optimized memory usage via string interning and extensive data sharing 2025-09-03 09:52:49 -07:00
Mick Grove
c3513ea206 Optimized memory usage via string interning and extensive data sharing 2025-09-02 19:54:44 -07:00
Mick Grove
def8789c31 fix windows x64 builds 2025-08-31 17:26:30 -07:00
Mick Grove
dcd0460e8a fix ci build error 2025-08-31 10:27:16 -07:00
Mick Grove
2a3a4956d2 fix ci build error 2025-08-30 22:24:13 -07:00
Mick Grove
8b43f982c6 Fix tests 2025-08-30 21:25:12 -07:00
Mick Grove
5c33aa0b71 Decode Base64 blobs and scan their contents for secrets while skipping short strings for performance. This has a small performance impact and can be disabled with --no-base64 2025-08-30 19:40:22 -07:00
Mick Grove
5638a6cb45 Decode Base64 blobs and scan their contents for secrets while skipping short strings for performance. This has a small performance impact and can be disabled with --no-base64 2025-08-30 19:40:11 -07:00
Mick Grove
9de355a5c8 Decode Base64 blobs and scan their contents for secrets while skipping short strings for performance 2025-08-30 16:44:55 -07:00
Mick Grove
f820aaad6e - Added '--repo-artifacts' flag to scan repository issues, gists/snippets, and wikis when cloning via '--git-url' 2025-08-20 20:41:19 -07:00
Mick Grove
6e4c94ddc3 - Added '--repo-artifacts' flag to scan repository issues, gists/snippets, and wikis when cloning via '--git-url' 2025-08-20 20:41:11 -07:00
Mick Grove
d3bf941c5f Added '--skip-regex' and '--skip-word' flags to ignore secrets matching custom patterns or skipwords 2025-08-19 19:18:25 -07:00
Mick Grove
2411b86b78 - Fixed issue with self-update on Linux 
- Reverted the change to json and jsonl outputs by rule
 2025-08-19 11:55:28 -07:00
Mick Grove
951b62d61e - Added rules for clearbit, kickbox, azure container registry, improved Azure Storage key 
- Grouped JSON and JSONL outputs by rule, restoring matches arrays in reports
 2025-08-18 22:56:34 -07:00
Mick Grove
ab6ac8943a fixing windows tests 2025-08-17 21:11:09 -07:00
Mick Grove
2b062163e2 fixed failing tests 2025-08-17 17:41:51 -07:00
Mick Grove
125858c060 fixed failing tests 2025-08-17 17:41:34 -07:00
Mick Grove
6fb119d501 removed serde_utils and added Authress rule 2025-08-16 07:33:36 -07:00
Mick Grove
14fccc9cc6 - Added support for scanning gitlab subgroups, with 'kingfisher scan --gitlab-group my-group --gitlab-include-subgroups' 2025-08-14 09:25:18 -07:00
Mick Grove
67b570816f fixed test 2025-08-13 09:23:03 -07:00
Mick Grove
deef538835 fixed test 2025-08-13 09:20:36 -07:00
Mick Grove
8c71eae231 Dropped the “prevalidated” flag from rule definitions and validation logic so every finding now flows through the standard active/inactive/unknown pipeline, simplifying rule configuration and preventing special‑case bypasses 2025-08-13 08:22:53 -07:00
Mick Grove
053d1a3224 Added support for scanning Confluence pages 2025-08-10 21:54:26 -07:00
Mick Grove
22c5594b53 Added support for scanning Confluence pages 2025-08-10 21:51:31 -07:00
Mick Grove
f4a1e85b26 removed unused cli argument, snippet-length 2025-08-10 17:27:36 -07:00