Mick Grove
|
12c141bfac
|
preparing for v1.99.0
|
2026-05-05 07:08:40 -07:00 |
|
Mick Grove
|
f6e05f0211
|
preparing for v1.99.0
|
2026-05-04 13:26:11 -07:00 |
|
Mick Grove
|
0e1fe0cede
|
webhook support and kingfisher configuration yaml support
|
2026-05-03 23:10:45 -07:00 |
|
Mick Grove
|
997480ffc7
|
Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports.
|
2026-04-29 08:12:08 -07:00 |
|
Mick Grove
|
0b89e4b02f
|
added blog posts
|
2026-04-28 19:21:44 -07:00 |
|
Mick Grove
|
bf6c7da4a4
|
added blog posts
|
2026-04-28 15:28:48 -07:00 |
|
Mick Grove
|
19dafa42ea
|
Added provider endpoint overrides for validation and revocation via global --endpoint PROVIDER=URL and --endpoint-config FILE, with built-in support for self-hosted GitHub, GitLab, Gitea, Jira, Confluence, and Artifactory instances.
|
2026-04-27 13:20:16 -07:00 |
|
Mick Grove
|
5465d903cf
|
added kingfisher.github.9 to detect the new ~520-character stateless GitHub App installation token format (ghs_<APP_ID>_<JWT>). The legacy 36-character ghs_ rule
|
2026-04-26 16:56:44 -07:00 |
|