-
Notifications
You must be signed in to change notification settings - Fork 29
Home
Mick Grove edited this page Aug 10, 2025
·
4 revisions
Kingfisher is a blazingly fast secret-scanning and live validation tool built in Rust. It combines Intel's hardware-accelerated Hyperscan regex engine with language-aware parsing via Tree-Sitter and ships with hundreds of built-in rules to detect, validate, and triage secrets before they reach production.
- Live validation via cloud-provider APIs
- Extra targets: GitLab repos, S3 buckets, Docker images, Jira issues, and Slack messages
- Compressed files: Supports extracting and scanning compressed files for secrets
- Baseline mode: ignore known secrets, flag only new ones
- Language-aware detection for ~20 languages
- Native Windows binary
- Performance: multithreaded, Hyperscan-powered scanning built for huge codebases
- Extensible rules: hundreds of built-in detectors plus YAML-defined custom rules
- Multiple targets: Git history, Docker images, Jira issues, Slack messages, AWS S3
- Baseline management: generate and track baselines to suppress known secrets
- Local directories and Git repositories
- GitHub and GitLab via their APIs
- AWS S3 buckets
- Docker images and container archives
- Jira issues and projects
- Slack messages and channels
- Getting Started
- Usage
- Additional docs are located in the project's
docs/directory.
- Prevent costly breaches
- Automate compliance
- Reduce noise, focus on real threats
- Accelerate dev workflows
See docs/COMPARISON.md for runtime comparisons.
Apache 2.0