eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
1,511 commits 5 branches 83 tags 53 MiB
Commit graph

390 commits

Author SHA1 Message Date
Mick Grove
f6e05f0211 preparing for v1.99.0 2026-05-04 13:26:11 -07:00
Mick Grove
0e1fe0cede webhook support and kingfisher configuration yaml support 2026-05-03 23:10:45 -07:00
Mick Grove
a4cf3990a5 webhook support and kingfisher configuration yaml support 2026-05-03 22:11:26 -07:00
Mick Grove
44d67cea1b added SLSA provenance 2026-05-02 00:14:31 -07:00
Mick Grove
b2287c99ee --self-update (alias --update) on a scan or other command now **re-execs into the freshly installed binary** so the current invocation completes with the new code and the latest detection rules. Previously the on-disk binary was replaced but the running process kept using the old in-memory version, requiring a second invocation to pick up the changes. On Unix this is a true exec() (same PID); on Windows the new binary is spawned and the parent exits with its status code. The explicit kingfisher self-update subcommand still updates and exits without re-execing. Self-update now also covers Windows arm64 (the asset was already published; the runtime cfg map gained the missing arm). See docs/ADVANCED.md → *Update Checks*. 2026-05-01 20:14:27 -07:00
Mick Grove
1619737e2c improved access map viewer 2026-04-30 18:11:10 -07:00
Mick Grove
20e08105cf improved github organization scanning 2026-04-30 16:40:43 -07:00
Mick Grove
87f6bd818f copilot fixes 2026-04-30 11:40:22 -07:00
Mick Grove
b89c952043 copilot fixes 2026-04-30 11:28:45 -07:00
Mick Grove
cceab35ec1 copilot fixes 2026-04-30 10:56:35 -07:00
Mick Grove
90737f098c copilot fixes 2026-04-30 09:29:23 -07:00
Mick Grove
b7b6dfdeb2 copilot fixes 2026-04-30 09:02:49 -07:00
Mick Grove
06f72ec9f0 copilot fixes 2026-04-30 08:38:14 -07:00
Mick Grove
2c08659563 copilot fixes 2026-04-30 00:32:49 -07:00
Mick Grove
c94bd89195 copilot fixes 2026-04-29 23:42:33 -07:00
Mick Grove
30b9eba427 copilot fixes 2026-04-29 22:50:31 -07:00
Mick Grove
1337588c7b Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports. 2026-04-29 11:46:17 -07:00
Mick Grove
8d9f5bed40 Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports. 2026-04-29 08:58:11 -07:00
Mick Grove
997480ffc7 Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports. 2026-04-29 08:12:08 -07:00
Mick Grove
0b89e4b02f added blog posts 2026-04-28 19:21:44 -07:00
Mick Grove
19dafa42ea Added provider endpoint overrides for validation and revocation via global --endpoint PROVIDER=URL and --endpoint-config FILE, with built-in support for self-hosted GitHub, GitLab, Gitea, Jira, Confluence, and Artifactory instances. 2026-04-27 13:20:16 -07:00
Mick Grove
a4e8117c8e performance improvements and rule improvements 2026-04-24 00:14:56 -07:00
Mick Grove
cb4951c62c performance improvements and rule improvements 2026-04-23 17:25:07 -07:00
Mick Grove
eb339505f6 performance improvements and rule improvements 2026-04-23 16:54:21 -07:00
Mick Grove
d8e0a41fe8 performance improvements and rule improvements 2026-04-23 14:42:10 -07:00
Mick Grove
7ee1fd5163 performance improvements and rule improvements 2026-04-22 23:39:19 -07:00
Mick Grove
79139e49b8 - Fixed the HTML access-map viewer dark mode so charts redraw correctly on theme changes and follow the system color scheme until manually overridden. 
- Fixed [#344](https://github.com/mongodb/kingfisher/issues/344): baseline fingerprints no longer have to be hexadecimal. The fingerprint value emitted by scan output (JSON, JSONL, pretty, SARIF) can now be copied directly into a baseline file and will match on the next scan. --manage-baseline now writes fingerprints in decimal to match scan output, and legacy 16-char hex (and 0x-prefixed hex) entries continue to be accepted, so existing baseline files keep working unchanged.
 2026-04-20 17:54:51 -07:00
Mick Grove
9d7e31980c performance improvements and rule improvements 2026-04-19 22:38:39 -07:00
Mick Grove
745b32011d performance improvements and rule improvements 2026-04-19 22:04:10 -07:00
Mick Grove
c50b3ba292 performance improvements and rule improvements 2026-04-19 16:33:13 -07:00
Mick Grove
a13b175fc5 performance improvements and rule improvements 2026-04-19 14:50:11 -07:00
Mick Grove
e4cd6dd164 performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
Mick Grove
74cad26aed performance improvements and rule improvements 2026-04-17 11:01:46 -07:00
Mick Grove
a27f90d619 performance improvements and rule improvements 2026-04-16 16:57:31 -07:00
Mick Grove
c3d686cfac performance improvements and access map viewer improvements 2026-04-16 09:56:56 -07:00
Mick Grove
c89e527053 bug fix 2026-04-16 06:44:12 -07:00
Mick Grove
93a9cb796e updates to new rules 2026-04-15 17:13:10 -07:00
Mick Grove
efa47ba140 updates to new rules 2026-04-15 14:37:26 -07:00
Mick Grove
d2008dc3b7 cleaned up dependency tree 2026-04-13 20:43:09 -07:00
Mick Grove
2de703105f fixed performance regression 2026-04-09 21:06:51 -07:00
Mick Grove
aa940b0c7a fixed performance regression 2026-04-09 11:59:31 -07:00
Mick Grove
57b2a40461 changes in response to PR review 2026-04-08 19:58:09 -07:00
Mick Grove
58e9cfd585 changes in response to PR review 2026-04-08 16:16:31 -07:00
Mick Grove
a0934737dc changes in response to PR review 2026-04-08 13:14:39 -07:00
Mick Grove
0d33dff196 changes in response to PR review 2026-04-08 11:09:36 -07:00
Mick Grove
eee7697e24 changes in response to PR review 2026-04-08 09:42:37 -07:00
Mick Grove
17c57e96e3 changes in response to PR review 2026-04-08 08:29:50 -07:00
Mick Grove
0cb854872b Replaced tree-sitter with a lighter parser-based context verifier built from handwritten lexers plus tl/cssparser, preserving context-dependent matching while cutting about 19 MB from the release binary. 2026-04-07 23:20:17 -07:00
Mick Grove
afee0b7181 updated rules 2026-04-07 10:42:44 -07:00
Mick Grove
45a565fa6e added more rules 2026-04-06 22:18:58 -07:00