eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
429 commits 5 branches 83 tags 53 MiB
Commit graph

120 commits

Author SHA1 Message Date
Mick Grove
1ca9c023ac added tests for --branch and --since-commit feature 2025-10-23 17:27:40 -07:00
Mick Grove
01460fe00c updated anthropic rule 2025-10-23 15:02:30 -07:00
Mick Grove
a655bc8803 updated maxmind rule 2025-10-22 18:49:20 -07:00
Mick Grove
5f8baed46c - Added provider-specific kingfisher scan subcommands (for example kingfisher scan github …) that translate into the legacy flags under the hood. The new layout keeps backwards compatibility while removing the wall of provider options from kingfisher scan --help. 
- Updated the README so every provider example (GitHub, GitLab, Bitbucket, Azure Repos, Gitea, Hugging Face, Slack, Jira, Confluence, S3, GCS, Docker) uses the new subcommand style.
- Restored the direct kingfisher scan /path/to/dir flow for local filesystem scans while adding a --list-only switch to each provider subcommand so repository enumeration no longer requires the standalone github repos, gitlab repos, etc. commands.
- Removed the legacy top-level provider commands (kingfisher github, kingfisher gitlab, kingfisher gitea, kingfisher bitbucket, kingfisher azure, kingfisher huggingface) now that enumeration lives under kingfisher scan <provider> --list-only.
- Fixed kingfisher scan github … (and other provider-specific subcommands) so they no longer demand placeholder path arguments before the CLI accepts the request.
- Removed the --bitbucket-username, --bitbucket-token, and --bitbucket-oauth-token flags in favour of KF_BITBUCKET_* environment variables when authenticating to Bitbucket.
 2025-10-22 16:24:09 -07:00
Mick Grove
212bda4100 - Fixed kingfisher scan so that providing --branch without --since-commit now diffs the branch against the empty tree and scans every commit reachable from that branch. 
- Added rules for meraki, duffel, finnhub, frameio, freshbooks, gitter, infracost, launchdarkly, lob, maxmind, messagebird, nytimes, prefect, salingo, sendinblue, sentry, shippo, twitch, typeform
 2025-10-20 18:23:12 -07:00
Mick Grove
69dc42f5bb Added first-class Azure Repos support, including CLI commands, enumeration, and documentation updates 2025-10-04 23:12:28 -07:00
Mick Grove
74e47fc592 - Improved performance of tree-sitter parsing 
- Updated Windows build script to ensure static binary is produced
 2025-10-03 17:22:28 -07:00
Mick Grove
69c14f7451 Populate the finding path from git blob metadata so history-derived secrets display their file location instead of an empty path 2025-09-24 10:06:47 -07:00
Mick Grove
e74a42c20b updated rule for AWS Secret Access key 2025-09-10 13:29:19 -07:00
Mick Grove
611f19fd74 - Enabled MongoDB URI validation 
- AWS + GCP validators now respect HTTPS_PROXY and share a consistent user agent across AWS, GCP, and HTTP validation
 2025-09-09 16:45:02 -07:00
Mick Grove
2ee204ce3c updated jwt rule 2025-09-04 23:31:34 -07:00
Mick Grove
e03ab5972d fix ci build error 2025-08-31 10:27:16 -07:00
Mick Grove
3bed8b36f2 Fix changes in response to code review 2025-08-30 20:07:31 -07:00
Mick Grove
984231e25c Decode Base64 blobs and scan their contents for secrets while skipping short strings for performance 2025-08-30 16:44:55 -07:00
Mick Grove
b2b5791190 - Improved rules: github oauth2, diffbot, mailchimp, aws 
- Added validation to SauceLabs rule
- Added rules: shodan, bitly, flickr
 2025-08-29 17:24:26 -07:00
Mick Grove
96f1784953 changes in response to code review 2025-08-27 15:43:31 -07:00
Mick Grove
332f2c59f9 added top level 'self-update' cli sub command to update the binary independently. Now supports updating over homebrew managed binary 2025-08-27 15:35:01 -07:00
Mick Grove
c2de3bc25c added rules for zhipu 2025-08-27 12:43:41 -07:00
Mick Grove
d1bd843567 added rules for together.ai 2025-08-27 12:20:44 -07:00
Mick Grove
4194b01306 added rules for nvidia nim 2025-08-27 11:39:32 -07:00
Mick Grove
49640c5338 added rules for cerbras, friendli, fireworks.ai 2025-08-27 11:25:39 -07:00
Mick Grove
8135bf6b37 Added rule for 'weights and biases' 2025-08-27 10:20:04 -07:00
Mick Grove
bbbb0f33bb added ollama rule 2025-08-26 10:22:18 -07:00
Mick Grove
96293385f5 - Improved rules: AWS, pem 2025-08-22 16:16:00 -07:00
Mick Grove
6f06b1acb3 mproved AWS rule 2025-08-22 13:26:54 -07:00
Mick Grove
f51abc00b0 fixed failing tests 2025-08-21 16:13:03 -07:00
Mick Grove
29e09906b7 fixed failing tests 2025-08-21 16:11:34 -07:00
Mick Grove
245fb20670 - Added '--repo-artifacts' flag to scan repository issues, gists/snippets, and wikis when cloning via '--git-url' 
- Added rules for sendbird, mattermost, langchain, notion
- JWT validation hardened to reject alg:none by default (only allowed if explicitly configured), require iss for OIDC/JWKS verification, ensuring Active Credential means cryptographically verified and time-valid, not just unexpired
- Updated the Git cloning logic to include all refs and minimize clone output, allowing Kingfisher to analyze pull request and deleted branch history
 2025-08-21 15:39:04 -07:00
Mick Grove
c3257a7e6f fixed example in rule 2025-08-18 23:32:15 -07:00
Mick Grove
41a4ebb60f - Added rules for clearbit, kickbox, azure container registry, improved Azure Storage key 
- Grouped JSON and JSONL outputs by rule, restoring matches arrays in reports
 2025-08-18 22:56:34 -07:00
Mick Grove
23c727f57d added more rules 2025-08-16 20:36:22 -07:00
Mick Grove
768d9c7899 added more rules 2025-08-16 20:23:27 -07:00
Mick Grove
0d89e682da added more rules 2025-08-16 14:54:01 -07:00
Mick Grove
a5c9c442d9 added clickhouse rule and validation 2025-08-16 08:41:39 -07:00
Mick Grove
f645212c57 removed serde_utils and added Authress rule 2025-08-16 07:35:52 -07:00
Mick Grove
6619705459 removed serde_utils and added Authress rule 2025-08-16 07:33:36 -07:00
Mick Grove
b259771ca9 fixed aiven regex to pass test 2025-08-14 10:17:16 -07:00
Mick Grove
d74c86818a added rule for Vercel 2025-08-13 15:35:04 -07:00
Mick Grove
a062e82728 fixed test 2025-08-13 09:20:36 -07:00
Mick Grove
12e9a01b5e Improved Tailscale api key detectors 2025-08-13 09:13:50 -07:00
Mick Grove
e7a8da6b3c Dropped the “prevalidated” flag from rule definitions and validation logic so every finding now flows through the standard active/inactive/unknown pipeline, simplifying rule configuration and preventing special‑case bypasses 2025-08-13 08:22:53 -07:00
Mick Grove
979bc469c5 - --quiet now suppresses scan summaries and rule statistics unless --rule-stats is explicitly provided 
- Added X Consumer key detection and validation
 2025-08-09 15:52:00 -07:00
Mick Grove
e53ad9f309 Added X Consumer key detection and validation 2025-08-09 08:45:27 -07:00
Mick Grove
b71fb5e6e2 JWT tokens without both 'iss' and 'aud' are no longer reported as active credentials 2025-08-07 17:21:16 -07:00
Mick Grove
de181634cb Fixed GitHub organization and GitLab group scans when using '--git-history=none' 2025-08-07 16:13:57 -07:00
Mick Grove
57ba607a33 Fixed validation logic for clarifai rule 2025-08-06 21:31:02 -07:00
Mick Grove
d9b90fbc50 fixing github action failure for linux-arm6 when making deb 2025-08-05 18:06:09 -07:00
Mick Grove
c2e227a832 Updated Supabase rule to detect project url's and validate their corresponding tokens 2025-08-05 16:25:22 -07:00
Mick Grove
756fd89097 - Use system TLS root certificates to support self-hosted GitLab instances with internal CAs 
- Added new rule: Coze personal access token
 2025-08-05 14:45:51 -07:00
Mick Grove
664cfd0e5c - Fixed header precedence so custom HTTP validation headers like "Accept" are preserved 
- Added new Heroku rule
 2025-08-04 19:32:19 -07:00