eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
416 commits 5 branches 83 tags 53 MiB
Commit graph

416 commits

This branch
This branch
All branches
Author SHA1 Message Date
Mick Grove
f5d34dfdac Merge pull request #129 from amone-bit/main 
update: just sort and dedup once
 2025-10-21 09:01:53 -07:00
amone
47027d2ce5 update: just sort and dedup once 2025-10-21 16:36:05 +08:00
Mick Grove
dc105e6e5b Merge pull request #127 from mongodb/development 
v1.59.0
 2025-10-20 21:19:15 -07:00
Mick Grove
e91772bfe8 - Fixed kingfisher scan so that providing --branch without --since-commit now diffs the branch against the empty tree and scans every commit reachable from that branch. 
- Added rules for meraki, duffel, finnhub, frameio, freshbooks, gitter, infracost, launchdarkly, lob, maxmind, messagebird, nytimes, prefect, salingo, sendinblue, sentry, shippo, twitch, typeform
 2025-10-20 19:36:50 -07:00
Mick Grove
6634416105 - Fixed kingfisher scan so that providing --branch without --since-commit now diffs the branch against the empty tree and scans every commit reachable from that branch. 
- Added rules for meraki, duffel, finnhub, frameio, freshbooks, gitter, infracost, launchdarkly, lob, maxmind, messagebird, nytimes, prefect, salingo, sendinblue, sentry, shippo, twitch, typeform
 2025-10-20 19:35:14 -07:00
Mick Grove
d3af060ed9 - Fixed kingfisher scan so that providing --branch without --since-commit now diffs the branch against the empty tree and scans every commit reachable from that branch. 
- Added rules for meraki, duffel, finnhub, frameio, freshbooks, gitter, infracost, launchdarkly, lob, maxmind, messagebird, nytimes, prefect, salingo, sendinblue, sentry, shippo, twitch, typeform
 2025-10-20 19:33:37 -07:00
Mick Grove
122885199d - Fixed kingfisher scan so that providing --branch without --since-commit now diffs the branch against the empty tree and scans every commit reachable from that branch. 
- Added rules for meraki, duffel, finnhub, frameio, freshbooks, gitter, infracost, launchdarkly, lob, maxmind, messagebird, nytimes, prefect, salingo, sendinblue, sentry, shippo, twitch, typeform
 2025-10-20 18:23:12 -07:00
Mick Grove
26e2848cda Merge pull request #125 from mongodb/development 
v1.58.0
 2025-10-16 13:29:38 -07:00
Mick Grove
31a6441af7 change in response to code review 2025-10-16 10:54:48 -07:00
Mick Grove
bde7002877 change in response to code review 2025-10-16 10:52:33 -07:00
Mick Grove
a2710f9ed8 change in response to code review 2025-10-16 10:50:37 -07:00
Mick Grove
8c154606c1 change in response to code review 2025-10-16 10:50:07 -07:00
Mick Grove
65a00e2705 change in response to code review 2025-10-16 10:20:18 -07:00
Mick Grove
afe1bedbec updated dependencies 2025-10-16 10:09:06 -07:00
Mick Grove
5566f8e733 updated ci to use Rust 1.90 2025-10-15 23:01:28 -07:00
Mick Grove
03d7364888 - Added first-class Hugging Face scanning support, including CLI enumeration, token authentication, and integration with remote scans. 
- Condensed GitError formatting to report the exit status and the first informative lines from stdout/stderr, producing concise git clone failure logs.
- Added support for scanning Google Cloud Storage buckets via --gcs-bucket, including optional prefixes and service-account authentication.
- Added --skip-aws-account (now accepting comma-separated values) and --skip-aws-account-file to bypass live AWS validation for known canary/honey-token account IDs without triggering alerts. Kingfisher now ships with several canary AWS account IDs pre-seeded in the skip list and now reports matching findings as "Not Attempted" with the "Response" containing "(skip list entry)" so its clear that validation was intentionally skipped and why.
 2025-10-15 22:47:40 -07:00
Mick Grove
ae3975750e Merge pull request #123 from mongodb/development 
v1.57.0
 2025-10-11 18:30:11 -07:00
Mick Grove
b4073855f2 kingfisher:ignore is only directive built-in 2025-10-11 18:04:00 -07:00
Mick Grove
85ebcece4d Merge pull request #122 from mongodb/development 
v1.57.0
 2025-10-11 17:08:30 -07:00
Mick Grove
9f13727666 kingfisher:ignore is only directive built-in 2025-10-11 15:27:21 -07:00
Mick Grove
4c952bf1bf Respect user color settings in update messages by using the same color helper as the main reporter, ensuring consistent output and no ANSI codes on update check, when color is disabled 2025-10-11 12:36:35 -07:00
Mick Grove
5241ed4d8b - Added a --no-ignore CLI flag to disable inline directives when you need every potential secret reported 
- Added: repeatable --ignore-comment <TOKEN> flag to reuse inline directives from other scanners (for example NOSONAR,
  kics-scan ignore, gitleaks:allow, etc)
 2025-10-10 16:25:26 -07:00
Mick Grove
3647d759a3 - Added a --no-ignore CLI flag to disable inline directives when you need every potential secret reported 
- Added: repeatable --ignore-comment <TOKEN> flag to reuse inline directives from other scanners (for example NOSONAR,
  kics-scan ignore, gitleaks:allow, etc)
 2025-10-10 16:23:41 -07:00
Mick Grove
92de1ba63d - Added kingfisher:ignore (or kingfisher:allow) to silence a finding inline within a file 
- Added: to reuse existing inline directives from other scanners, pass --compat-ignore-comments to also accept NOSONAR, kics-scan ignore,  gitleaks:allow and trufflehog:ignore
 2025-10-09 20:53:17 -07:00
Mick Grove
220aa83936 Merge pull request #121 from mongodb/inline-ignore 
- Added kingfisher:ignore (or kingfisher:allow) to silence a finding …
 2025-10-09 20:19:16 -07:00
Mick Grove
1f5b96c8d3 Merge branch 'development' into inline-ignore 
Signed-off-by: Mick Grove <mick.grove@mongodb.com>
 2025-10-09 20:19:02 -07:00
Mick Grove
a003b732fa - Added kingfisher:ignore (or kingfisher:allow) to silence a finding inline within a file 
- Added: to reuse existing inline directives from other scanners, pass --compat-ignore-comments to also accept NOSONAR, kics-scan ignore,  gitleaks:allow and trufflehog:ignore
 2025-10-09 20:11:31 -07:00
Mick Grove
b2a62a9c8a - Added kingfisher:ignore (or kingfisher:allow) to silence a finding inline within a file 
- Added: to reuse existing inline directives from other scanners, pass --compat-ignore-comments to also accept NOSONAR, kics-scan ignore,  gitleaks:allow and trufflehog:ignore
 2025-10-09 17:59:22 -07:00
Mick Grove
caf766b731 - Added kingfisher:ignore (or kingfisher:allow) to silence a finding inline within a file 
- Added: to reuse existing inline directives from other scanners, pass --compat-ignore-comments to also accept NOSONAR, kics-scan ignore,  gitleaks:allow and trufflehog:ignore
 2025-10-09 17:59:10 -07:00
Mick Grove
78e6f8dbe1 Merge pull request #120 from mongodb/development 
v1.56.0
 2025-10-08 12:59:27 -07:00
Mick Grove
dbb97bdcf3 Fixed tree-sitter scanning bug where passing --no-base64 caused errors to be printed when the file type couldn’t be determined 2025-10-08 10:55:43 -07:00
Mick Grove
fecd05be03 Fixed tree-sitter scanning bug where passing --no-base64 caused errors to be printed when the file type couldn’t be determined 2025-10-08 10:38:28 -07:00
Mick Grove
01b0ae8fc7 Fixed tree-sitter scanning bug where passing --no-base64 caused errors to be printed when the file type couldn’t be determined 2025-10-08 09:47:56 -07:00
Mick Grove
899de9bad7 Fixed tree-sitter scanning bug where passing --no-base64 caused errors to be printed when the file type couldn’t be determined 2025-10-08 08:59:34 -07:00
Mick Grove
7c85b89aae Fixed tree-sitter scanning bug where passing --no-base64 caused errors to be printed when the file type couldn’t be determined 2025-10-08 08:59:25 -07:00
Mick Grove
e5fac1f792 Merge pull request #118 from mongodb/development 
v1.55.0
 2025-10-05 20:25:29 -07:00
Mick Grove
89ce645d14 Fixed test 2025-10-05 18:07:45 -07:00
Mick Grove
828ebf6d25 Updated README 2025-10-05 16:58:50 -07:00
Mick Grove
8b0d957134 Updated README 2025-10-05 16:44:33 -07:00
Mick Grove
7e5bdf59ef Updated README 2025-10-05 16:42:29 -07:00
Mick Grove
f648658c81 Updated README 2025-10-05 16:38:10 -07:00
Mick Grove
81574833f7 Updated README 2025-10-05 16:37:15 -07:00
Mick Grove
3fc81229e8 Added first-class Azure Repos support, including CLI commands, enumeration, and documentation updates. Fixed a few bugs. 2025-10-05 10:48:57 -07:00
Mick Grove
ec1d640b74 Added first-class Azure Repos support, including CLI commands, enumeration, and documentation updates 2025-10-04 23:12:28 -07:00
Mick Grove
d6d854c168 - Improved performance of tree-sitter parsing 
- Updated Windows build script to ensure static binary is produced
 2025-10-03 17:22:28 -07:00
Mick Grove
d64977cab3 Merge pull request #116 from mongodb/development 
v1.54.0
 2025-09-24 12:30:22 -07:00
Mick Grove
ae5c8eecbe Replaced Match::finding_id’s SHA1-based hashing with a fast xxh3_64 digest that keeps IDs deterministic while eliminating a hot-path SHA1 dependency 2025-09-24 12:22:56 -07:00
Mick Grove
6b6051c3a4 Merge pull request #115 from mongodb/development 
v1.54.0
 2025-09-24 12:13:10 -07:00
Mick Grove
0c022b4ed5 Changes in response to code review 2025-09-24 10:43:51 -07:00
Mick Grove
645bfa2e01 Populate the finding path from git blob metadata so history-derived secrets display their file location instead of an empty path 2025-09-24 10:06:47 -07:00