eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
kingfisher/.github/workflows
History
Mick Grove ab93d4d242 Revert msys2/setup-msys2 to v2.31.0 
v2.31.1 fails to verify MSYS2 package database PGP signatures on
GitHub-hosted Windows runners ("signature from Christoph Reiter
... is unknown trust" for clangarm64/mingw32/mingw64/ucrt64/clang64/msys),
which breaks the Windows ARM64 (and x64) jobs at the pacman -Syuu step.
Pinning back to v2.31.0 until upstream ships a fix.
2026-04-29 12:57:56 -07:00
..
cflite_batch.yml improve OpenSSF scorecard: tighten token permissions and add build provenance 2026-03-26 19:36:18 -07:00
cflite_pr.yml improve OpenSSF scorecard: tighten token permissions and add build provenance 2026-03-26 19:36:18 -07:00
ci.yml Revert msys2/setup-msys2 to v2.31.0 2026-04-29 12:57:56 -07:00
docs.yml Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports. 2026-04-29 11:09:47 -07:00
pypi.yml Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports. 2026-04-29 11:09:47 -07:00
release-docker.yml fixed github actions 2026-03-28 11:59:22 -07:00
release.yml Revert msys2/setup-msys2 to v2.31.0 2026-04-29 12:57:56 -07:00