Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Factory
trufflehog
trufflehog.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File trufflehog.changes of Package trufflehog
------------------------------------------------------------------- Sun Nov 24 08:36:57 UTC 2024 - felix.niederwanger@suse.com - Update to version 3.84.1: * fix(deps): update module github.com/stretchr/testify to v1.10.0 (#3659) * [feat] - Support S3 Source Resumption (#3570) * [refactor] - Rename S3 ProgressTracker (#3652) * Separate org listing error from finding 0 members error cases (#3654) * fix(deps): update module google.golang.org/api to v0.209.0 (#3655) * fix(algolia): 403 is invalid (#3653) * Recover general chunker panics (#3625) * updated buildkite detectors (#3611) * added godaddy detector (#3615) * fix(deps): update module google.golang.org/api to v0.208.0 (#3647) * fix test (#3641) * fixed test failure (#3646) * fix(gcp): handle quoted JSON (#2865) * build: remove golang-jwt@v4 (#3644) * build: remove azure sdk (#3642) * feat(algolia): upgrade detector (#3613) * fix(azure_storage): use DefaultMultiPartCredentialProvider (#3639) * feat(hubspot): update v1 detector (#2845) * fix(deps): update module github.com/azuread/microsoft-authentication-library-for-go to v1.3.2 (#3617) * feat(azurecr): update detector (#3632) * feat(azure): improve connstring matching (#2097) * fixing databricks detector for azure workspaces (#3038) * feat(detectors): create azure_entra base package (#2985) * feat(azure): create openai detector (#2347) * feat: cleanup AWS detector logic (#3583) * added handling of forbidden state in slack webhook detector. (#3635) * fix(deps): update module github.com/gabriel-vasile/mimetype to v1.4.7 (#3636) * fixed github classic token analyzer expiry time (#3624) * fix(deps): update module google.golang.org/api to v0.207.0 (#3630) * Add log.ToLogger and log.ToSlogger helper functions (#3629) * Remove unused findLevel function (#3628) * chore: fix function name in comment (#3616) * Update CODEOWNERS (#3627) * Added pattern unit tests for detectors starting with the letters i through m (#3614) * fix(deps): update module github.com/jedib0t/go-pretty/v6 to v6.6.2 (#3623) * fix(deps): update module github.com/xanzy/go-gitlab to v0.114.0 (#3621) * feat(mongodb): increase timeout to 5 seconds (#3620) * [chore] Log non-fatal errors encountered during a scan (#3612) * add comment to close reader (#3622) * [fix] - Close the BufferedReadSeekr after use (#3618) * Add GitLab shared exclusion flag (#3572) * Feat: Added ZohoCRM detector (#3516) ------------------------------------------------------------------- Sun Nov 17 12:32:43 UTC 2024 - felix.niederwanger@suse.com - Update to version 3.83.7: * chore: fix typos in comments and tests; enable misspell (#3573) * [feat] - S3 Progress Tracker (#3568) * [feat] - Introduce Fatal/Non-Fatal File Handling Errors (#3521) * [refactor] - Add DataOrErr (#3520) * [refactor] - Adjust File Handling Errors (#3519) * [fix] - Improve UTF8 decoder's handling of non-printable characters (#3588) * [bug] - correctly capture db type for postgres detector (#3610) * Add support for scanning APK files (#3517) * feat(opsgenie): update detector (#3608) * fix(deps): update module google.golang.org/api to v0.206.0 (#3609) * fix(deps): update module cloud.google.com/go/storage to v1.47.0 (#3607) * fix(deps): update module github.com/elastic/go-elasticsearch/v8 to v8.16.0 (#3606) * fix(deps): update module github.com/bradleyfalzon/ghinstallation/v2 to v2.12.0 (#3600) * chore(deps): update jaxxstorm/action-install-gh-release action to v1.13.0 (#3599) * fix(deps): update module golang.org/x/oauth2 to v0.24.0 (#3605) * build: upgrade go-debian to v0.17.0 (#3603) * fix(deps): update module google.golang.org/protobuf to v1.35.2 (#3604) * fix(deps): update module github.com/googleapis/gax-go/v2 to v2.14.0 (#3601) * fix(deps): update module github.com/schollz/progressbar/v3 to v3.17.1 (#3598) * golangci-lint: replace exportloopref with copyloopvar and remove the copy of the 'for' variables (#3591) * chore(deps): update module github.com/trufflesecurity/overseer to v1.2.8 (#3596) * fix(deps): update golang.org/x/exp digest to 2d47ceb (#3595) * chore(deps): update mikepenz/action-junit-report action to v5 (#3553) * feat: added check for valid git commit and warning message (#3413) * fix(deps): update module github.com/azuread/microsoft-authentication-library-for-go to v1.3.1 (#3566) * fix(deps): update module github.com/xanzy/go-gitlab to v0.113.0 (#3562) * Add Detector Description to JSON output (#3404) * added pattern test cases for F, G and H alphabet detectors (#3590) * remove unused embedded struct (#3592) * chore: increase level for verbose log (#3589) * fix(giturl): encode % (#2982) * chore: sort defaults.go (#3587) * Added pattern test cases for Alphabet D and E detectors (#3584) * feat(airtable): update detector (#3581) ------------------------------------------------------------------- Mon Nov 11 08:33:20 UTC 2024 - felix.niederwanger@suse.de - Update to version 3.83.6: * chore: log false positive result as string (#3582) * feat: log why false positives are skipped (#3579) ------------------------------------------------------------------- Sat Nov 09 09:47:31 UTC 2024 - felix.niederwanger@suse.com - Update to version 3.83.5: * remove Analyze protos from gen_protos.sh #3571 * fix(jdbc): ignore invalid sqlserver URLs (#3429) * Added pattern test cases for detectors starting with Alphabet C (#3564) * added name back in extradata (#3569) * feat(mailgun): update detector (#2679) * fix(fetchrss): update detector logic (#2844) * Add UUIDs to false positive checker (#2976) * feat(sumologic): update detector (#3511) * fix(mongodb): ignore invalid URLs (#3440) * fix(rabbitmq): add dial timeout (#3421) ------------------------------------------------------------------- Thu Nov 07 11:14:46 UTC 2024 - felix.niederwanger@suse.com - Update to version 3.83.4: * add config option for s3 resumption (#3563) * added pattern test cases for detectors starting with b (#3559) * added pattern test cases for all detectors starting with Alphabet `a` (#3539) * validate if twitter services are more than one before accessing it. (#3565) ------------------------------------------------------------------- Wed Nov 06 09:50:46 UTC 2024 - felix.niederwanger@suse.de - Update to version 3.83.3: * fix(deps): update module github.com/azuread/microsoft-authentication-library-for-go to v1.3.0 (#3561) * [bug] - Correct Line Number Calculation (#3550) * set verification error if failed to decode body (#3560) * Add owner to github tokens (#3558) * [feat] - Add Weights and Biases detector (#3551) * [chore] - minor cleanup S3 source (#3554) * fix(deps): update module github.com/golang-jwt/jwt/v4 to v4.5.1 (#3555) * stop logging all GitLab projects (#3541) * fix(deps): update module cloud.google.com/go/storage to v1.46.0 (#3544) * fix(deps): update module github.com/snowflakedb/gosnowflake to v1.12.0 (#3531) * fix(deps): update module google.golang.org/api to v0.204.0 (#3543) * fix(deps): update module github.com/azuread/microsoft-authentication-library-for-go to v1.2.3 (#3540) ------------------------------------------------------------------- Thu Oct 31 15:29:58 UTC 2024 - felix.niederwanger@suse.de - Update to version 3.83.2: * fixed gitlab extradata overwriting (#3537) ------------------------------------------------------------------- Thu Oct 31 10:46:20 UTC 2024 - Felix Niederwanger <felix.niederwanger@suse.de> - Update to version 3.83.1: * standardize email pattern (#3524) * strip symbol table and DWARF generation (#3534) * gcp cred not set (#3535) ------------------------------------------------------------------- Thu Oct 31 08:07:23 UTC 2024 - felix.niederwanger@suse.de - Update to version 3.83.0: * fix(deps): update module github.com/brianvoe/gofakeit/v7 to v7.1.2 (#3536) * gcp cred not set (#3535) * strip symbol and DWARF tables (#3534) * standardize email pattern (#3524) * Add Scanning team to CODEOWNERS (#3533) * stop logging detailed group info (#3532) * [analyze] Add Analyzer interface for Gitlab (#3232) * [feat] Gitlab inclusion globbing (#3500) * feat: added `v3` API version for the detector `captaindatago` (#3484) * update aws descriptions (#3529) * enforce timeout on circleci test (#3528) * rm snifftest (#3527) * Redact more source credentials (#3526) * Create global log redaction capability (#3522) * Adding basic "what is trufflehog" to the readme (#3514) * Handle custom detector response and include in extra data (#3411) * fix: fixed validation logic for `calendarific` (#3480) * fix(deps): update github.com/tailscale/depaware digest to 3d7f3b3 (#3518) * Move DecoderType into ResultWithMetadata #3502 * Addeded 403 account block status code handling for gitlab (#3471) * updated gcpapplicationdefaultcredentials detector results with RawV2 (#3499) * fix(deps): update module github.com/brianvoe/gofakeit/v7 to v7.1.1 (#3512) * fix(deps): update module github.com/schollz/progressbar/v3 to v3.17.0 (#3510) * fix(deps): update module cloud.google.com/go/secretmanager to v1.14.2 (#3498) ------------------------------------------------------------------- Fri Oct 25 19:54:55 UTC 2024 - felix.niederwanger@suse.com - Update to version 3.82.13: * Adds a logging section in the contributing guidelines (#3509) * fix: fixed verifcation pattern logic for `bulksms` (#3478) * Extend `algoliaadminkey` with additional checks (#3459) * fix(deps): update module google.golang.org/api to v0.203.0 (#3497) * fix: added correct api endpoint for verification & logic for Aeroworkflow (#3435) * remove debug log (#3505) * delete unused code (#3504) * fix: added correct verification endpoint & validation logic for alegra (#3437) * fix(deps): update module google.golang.org/api to v0.202.0 (#3496) * chore: re-order log context fields (#3430) * fix(deps): update module github.com/fatih/color to v1.18.0 (#3492) * feat: validation & verification fix for apiscience to apimetrics (#3475) * fix: fixed validation logic for `cannyio` (#3482) * update error messages (#3490) ------------------------------------------------------------------- Tue Oct 22 06:46:20 UTC 2024 - felix.niederwanger@suse.de - Update to version 3.82.12: * [fix] - Inadvertent s3 body close (#3491) * Remove proto (#3489) * fix(deps): update testcontainers-go monorepo to v0.34.0 (#3488) * fix(deps): update module github.com/jedib0t/go-pretty/v6 to v6.6.1 (#3487) * Extract FP logic correctly at other call site #3476 * fix(deps): update module go.uber.org/mock to v0.5.0 (#3468) * fix(deps): update module cloud.google.com/go/storage to v1.45.0 (#3467) * increase timeout to 30s (#3422) * Update yousign detector endpoints to check againt prod and staging urls (#3426) * fix: fixed autoklose verification endpoint (#3447) * fix: fixed verification logic & endpoint for AyrShare (#3452) ------------------------------------------------------------------- Fri Oct 18 12:24:31 UTC 2024 - felix.niederwanger@suse.com - Update to version 3.82.11: * fix timeout (#3460) * Revert "Compress release with UPX (#3445)" (#3455) * Compress release with UPX (#3445) * ignore https as false postive for slackwebhook detector (#3425) ------------------------------------------------------------------- Wed Oct 16 06:24:21 UTC 2024 - felix.niederwanger@suse.de - Update to version 3.82.9: * fix(deps): update module github.com/prometheus/client_golang to v1.20.5 (#3412) * fix: include integration test in generate.go (#3415) * Add feature flags to CLI args (#3359) * fix(deps): update module google.golang.org/api to v0.201.0 (#3416) * feat: add github comments timeframe filtering (fixes #3388) (#3390) * [fix] - resource leak (#3402) * [detector] Implemented Box Detector (#3242) * feat: propagate file info in log context (#3405) * fix(deps): update module github.com/xanzy/go-gitlab to v0.112.0 (#3410) * fix(deps): update module github.com/getsentry/sentry-go to v0.29.1 (#3408) * fix(deps): update module github.com/gabriel-vasile/mimetype to v1.4.6 (#3407) ------------------------------------------------------------------- Sat Oct 12 14:36:22 UTC 2024 - felix.niederwanger@suse.com - Update to version 3.82.8: * Update SaladCloud description (#3399) * fix tests (#3400) * [chore] Update custom detector default description (#3398) * add description to salad (#3397) * Add detector for SaladCloud API Keys (#3273) * fix(deps): update module github.com/xanzy/go-gitlab to v0.111.0 (#3393) * Add SliceContainsString common util (#3395) * fix: pr template link to golangci-lint (#3392) * fix(deps): update golang.org/x/exp digest to f66d83c (#3389) * Separate detector tests into unit/integration (#3274) * Manually upgrade github dep (#3387) * Updated Fastly Personal Token Detector (#3386) * fix(deps): update module google.golang.org/api to v0.200.0 (#3391) * [Fix] Snowflake privatelink Support (#3286) * Enhanced the easyinsight detector (#3384) ------------------------------------------------------------------- Tue Oct 08 09:21:03 UTC 2024 - felix.niederwanger@suse.de - Update to version 3.82.7: * Log skipped files on debug level (#3383) * build: update retracted bluemonday ver (#3369) * Fix git binary handling and add a smoke test (#3379) * fix(deps): update module google.golang.org/protobuf to v1.35.1 (#3382) * Added Cisco Meraki API Key detector (#3367) * improved the agora detector (#3360) * fix(deps): update module github.com/xanzy/go-gitlab to v0.110.0 (#3376) * fix(deps): update golang.org/x/exp digest to 225e2ab (#3371) * fix(deps): update module golang.org/x/net to v0.30.0 (#3373) * fix(deps): update module golang.org/x/crypto to v0.28.0 (#3372) * chore(deps): update sigstore/cosign-installer action to v3.7.0 (#3368) * fix(deps): update module cloud.google.com/go/storage to v1.44.0 (#3366) * fix(deps): update module github.com/schollz/progressbar/v3 to v3.16.1 (#3365) * [refactor] - Decouple Metrics From Cache Implementation (#3355) * fix(deps): update module github.com/snowflakedb/gosnowflake to v1.11.2 (#3363) * Updated Cosign Install URL (#3364) * fix(deps): update module github.com/jedib0t/go-pretty/v6 to v6.6.0 (#3361) * Added Pattern test cases for detectors (#3354) * remove size check (#3351) * fix(deps): update module go.mongodb.org/mongo-driver to v1.17.1 (#3357) * [chore] - Rename memory cache package to 'simple' for clarity (#3352) * Fixed github oauth2 token detector (#3353) ------------------------------------------------------------------- Tue Oct 01 08:05:06 UTC 2024 - felix.niederwanger@suse.de - Update to version 3.82.6: * [feat] - Add SizedLRU Cache (#3344) * [bug] - Recover From Panic During Archive Handling (#3348) * [fix] - Use Parent Context in Azure Detector (#3346) * [chore] - update Go version to 1.23.0 (#3340) * disable secret scans for community PRs (#3343) * Enhanced the eraser detector to handle new status code from verification API (#3342) * [feat] - Add Generic Hasher Interface with Blake2b Implementation (#3337) * [fix] Move detector initialization to DefaultDetectors function (#3341) * Improve process cleanup (#3339) * fix(decoder): prevent race (#3031) * Add named params to interface methods (#3335) ------------------------------------------------------------------- Thu Sep 26 08:17:06 UTC 2024 - felix.niederwanger@suse.de - Update to version 3.82.5: * fix(deps): update module google.golang.org/api to v0.199.0 (#3336) * [chore] Ensure testing Endpoints() doesn't silently pass on change (#3334) * [fix] Correctly initialize detectors with cloud endpoint customization (#3333) * RailwayApp Detector (#3331) * fix(deps): update module github.com/couchbase/gocb/v2 to v2.9.2 (#3332) * Adding Descriptions (#3258) * update timeout to 60s (#3330) * Include all detector tests for captain (#3329) * Use captain for test aggregation (#3328) * [Fix] (#3306) * fix(deps): update module google.golang.org/api to v0.198.0 (#3323) * Endpoint customizer refresh (#3308) * Ignore glTF & JPEG XL files (#3325) * fix(deps): update module golang.org/x/oauth2 to v0.23.0 (#3322) * fix(deps): update module go.uber.org/automaxprocs to v1.6.0 (#3321) * fix(deps): update module go.mongodb.org/mongo-driver to v1.17.0 (#3319) * [bug] - Improve seekability check for stdout pipes in BufferedReadSeeker (#3189) * Improve MongoDB connection string matching (#1550) * fix(deps): update module github.com/xanzy/go-gitlab to v0.109.0 (#3318) * [Analyzer] Test and generated permissions for HuggingFace, Square & Stripe (#3294) * Implement SourceUnitEnumChunker for GitHub (#3298) * fix(deps): update module github.com/wasilibs/go-re2 to v1.7.0 (#3317) * fix(deps): update module github.com/schollz/progressbar/v3 to v3.16.0 (#3315) * hit em w/ a min (#3316) * fix(deps): update module github.com/snowflakedb/gosnowflake to v1.11.1 (#3313) * [fix] - Add Size Method to BufferedReadSeeker and Refactor Context Timeout Handling in HandleFile (#3307) * fix(deps): update module github.com/sendgrid/sendgrid-go to v3.16.0+incompatible (#3312) * fix(deps): update module github.com/schollz/progressbar/v3 to v3.15.0 (#3311) * fix(deps): update module github.com/getsentry/sentry-go to v0.29.0 (#3310) * fix(deps): update module github.com/elastic/go-elasticsearch/v8 to v8.15.0 (#3309) * Update GitHub enumeration to report unique filtered values (#3292) * [analyze] Add client filter to detect successful unsafe HTTP requests (#3305) * fix(deps): update module github.com/prometheus/client_golang to v1.20.4 (#3303) * fix(deps): update module cloud.google.com/go/secretmanager to v1.14.1 (#3301) ------------------------------------------------------------------- Tue Sep 17 07:39:34 UTC 2024 - felix.niederwanger@suse.de - Update to version 3.82.2: * Instrument GitHub source with a ChunkReporter (#3296) * fix(deps): update golang.org/x/exp digest to 701f63a (#3291) * Add user agent suffix feature flag (#3297) * Fix GitHub analyzer panic on empty organization name (#3295) * Fix slice initialization error (#3293) ------------------------------------------------------------------- Fri Sep 13 12:30:43 UTC 2024 - felix.niederwanger@suse.com - Update to version 3.82.1: * [analyze] Add analyzer interface for Shopify (#3226) * [analyze] Add Analyzer for Mailgun (#3206) * [analyze] Add Analyzer for MySQL (#3193) * Instrument GitHub source with a UnitReporter (#3284) * fix(deps): update module github.com/prometheus/client_golang to v1.20.3 (#3279) * adding pypi v1 support (#3289) * adding pypi detector (#3287) * feature flag additional refs (#3282) * Clarify "no decoder found for chunk" log message (#3001) * update aha keyword (#3281) * [chore] - remove unused method and function (#3089) * Jira Email fix (#3061) * fix(git): config normalization for git sources (#3278) * Add detector for Nvidia NGC Personal Keys (#3280) ------------------------------------------------------------------- Tue Sep 10 07:48:42 UTC 2024 - felix.niederwanger@suse.de - Update to version 3.81.10: * GitHub source logger clean up (#3269) * fix(deps): update module github.com/felixge/fgprof to v0.9.5 (#3277) * fix(deps): update golang.org/x/exp digest to e7e105d (#3202) * [chore] Skip analyzer tests in CI (#3270) * [analyze] Add Analyzer for Postgres (#3192) * [analyze] Add Analyzer for SourceGraph (#3173) * [analyze] Add Analyzer for Asana (#3139) * [analyze] Add Analyzer for Slack (#3207) * [analyze] Improve SquareUp analyzer and Implemented test (#3231) * [analyze] Add Analyze interface for Mailchimp (#3225) * [analyze] Add analyze interface for Bitbucket (#3224) * [analyze] Add Analyzer for Sendgrid (#3174) * [analyze] Add Analyzer for Opsgenie (#3181) * [analyze] Add analyzer for Postman (#3180) * Add Sentry protobufs (#3263) * Make worker multipliers configurable (#3267) * add rotation links (#3257) * Reduce high freq keywords (#3265) * Add central feature flags (#3264) * Add huggingface tui config (#3060) * Add Robinhood Crypto detector (#3254) * Update buffer (#3255) * Download files when reverifying (#3252) * update rotation guide link for teams (#3248) * Th 899 postman panic issue (#3245) * Strip leading +/- from github target diffs (#3244) * Skip filtration for targeted scans #3243 * Customize results cleaning (using smuggled interface) (#3235) * fix(deps): update module cloud.google.com/go/secretmanager to v1.14.0 (#3240) * fix(deps): update testcontainers-go monorepo to v0.33.0 (#3239) * fix(deps): update module google.golang.org/api to v0.193.0 (#3238) * fix(deps): update module google.golang.org/api to v0.192.0 (#3237) * fix(deps): update module github.com/prometheus/client_golang to v1.20.1 (#3236) * chore(deps): update golang docker tag to v1.23 (#3228) * fix(deps): update module github.com/charmbracelet/bubbletea to v0.27.0 (#3229) ------------------------------------------------------------------- Mon Aug 19 06:30:18 UTC 2024 - felix.niederwanger@suse.de - Update to version 3.81.9: * fix(deps): update module github.com/sendgrid/sendgrid-go to v3.15.0+incompatible (#3214) * Improve domain / url handling in detectors (#3221) * Support for kebab case and dot notation in permission generation tool (#3222) ------------------------------------------------------------------- Thu Aug 15 08:49:23 UTC 2024 - felix.niederwanger@suse.de - Update to version 3.81.8: * [chore] Ignore analyzer implementation tests in test-community (#3219) * [chore] Fix lint errors (#3218) * [analyze] Fix GitHub token expiration parsing (#3205) * [analyze] Capture the hierarchy of GitHub permissions (#3127) * chore(deps): update sigstore/cosign-installer action to v3.6.0 (#3211) * Add metrics for command invocation (#3185) * remove two letter keyword (#3210) * fix(deps): update module cloud.google.com/go/secretmanager to v1.13.6 (#3208) * Capture decoding time metric (#3209) * fix(deps): update module github.com/google/go-containerregistry to v0.20.2 (#3184) * [bug] - Correctly Handle Large Files in BufferedReadSeeker (#3203) * Log when a detector ignores the timeout (#3201) * fix(deps): update module go.mongodb.org/mongo-driver to v1.16.1 (#3197) * [analyze] Fix double-print in postgres analyzer (#3199) * fix(deps): update module golang.org/x/net to v0.28.0 (#3187) * [analyze] Deduplicate finegrained GitHub permissions (#3196) * Fixes for a few finegrained token issues (#3194) * [analyze] Add basic section to README (#3190) * [analyze] Bandaid solution for occasional slow startups (#3191) * Analyzer capitalization (#3188) * [analyze] Add analyze option to main TUI and unhide subcommand (#3186) * fix(deps): update module golang.org/x/text to v0.17.0 (#3183) * fix(deps): update module golang.org/x/crypto to v0.26.0 (#3182) * Improve finegrained token support (#3179) * [chore] Use custom HTTP client in sendgrid analyzer (#3178) * [analyze] Separate SID from token in twilio analyzer (#3177) * Analyze TUI (#3172) * fix(deps): update module github.com/envoyproxy/protoc-gen-validate to v1.1.0 (#3176) * Auth GitHub in Init (#3131) * Change log verbosity for detection errors (#3171) * fix(deps): update github.com/tailscale/depaware digest to 585336c (#3166) * fix(deps): update module golang.org/x/sync to v0.8.0 (#3169) * fix(deps): update module golang.org/x/oauth2 to v0.22.0 (#3168) * Update Zulip detector (#2897) * update pattern (#3167) * [analyze] Use permission enum values in openai analyzer (#3165) * [bug] - Create a new context with timeout per request (#3163) * [analyze] Fix off-by-one error in generated data structures (#3162) * fix(deps): update module github.com/schollz/progressbar/v3 to v3.14.6 (#3158) * Update README.md (#3160) * [bug] - add context timeout to ssh verification (#3161) * [chore] - log detector type on error (#3159) * [chore] - set custom transport for the Docker client (#3156) * Add Analyzers interface for HuggingFace (#3140) * quick patch for cfor enumeration (#3155) * fix(deps): update module google.golang.org/api to v0.190.0 (#3146) * Add Analyzers interface for Square (#3141) * enable mutex and block profiler (#3154) * [fix] Always configure the engine with the default detectors (#3152) * Add progress bar to CFOR (#3151) * [perf] - Leverage pgzip for Parallel decompression (#3149) * CFOR Commit Scanner (#3145) * [chore] Only set default detectors if none are provided (#3147) * add twilio analyze relationships (#3148) * [chore] - move automaxprocs to init (#3143) * [analyze] Combine access level into permission value (#3144) * Add Analyze interface to Stripe (#3132) * move concurrency (#3135) * [chore] - address linter (#3133) * [chore] - Set GOMAXPROCS (#3136) * Export maps from permission generation (#3137) * Add permissions lookup tables (#3125) * Separate out printing statements with anlayzer logic for SourceGraph (#3119) * nitro detector was removed and needed to be deprecated (#3102) * Separate out printing statements with anlayzer logic for Stripe (#3120) * Separate out printing statements with anlayzer logic for Slack (#3121) * Update GitHub integration tests (#3124) * Add new canary ID (#3117) * Separated printing and analyzes functionality for twilio (#3118) * Separated printing and analyzes functionality for square (#3122) * Separated printing and analyzes functionality for shopify (#3123) * fix(deps): update module github.com/aws/aws-sdk-go to v1.55.5 (#3116) * Analyzer partial implementations (#3114) * Include default detectors when using a config that contains detectors (#3115) * Use non-canary credentials for AWS tests (#3109) * fix dep versions (#3106) * [analyze] Add description and user to openai metadata (#3111) * Support openai project and fine grained tokens (#3112) * [analyze] Implement Analyzer interface for github (#3110) * fix(deps): update module github.com/aws/aws-sdk-go to v1.55.3 (#3107) * [chore] Move openai log message to proper function (#3105) * fix(deps): update module github.com/gabriel-vasile/mimetype to v1.4.5 (#3108) * Implement Analyzer interface for openai (#3101) * [chore] Fix Versioner interface for twitter (#3104) * fix(deps): update module cloud.google.com/go/secretmanager to v1.13.5 (#3096) * Analyze (#3099) * chore: fix some comments (#3098) * [bug]- Invalid Seek for Non-Seekable Readers (#3095) * remove deps from docker image (#3097) * fix(deps): update module github.com/aws/aws-sdk-go to v1.55.2 (#3094) * fix(deps): update module github.com/aws/aws-sdk-go to v1.55.1 (#3087) * fixed crash issue if data array is empty (#3091) * Remove onwater detector (#3088) * implemented a netsuite detector (#3068) * fix(deps): update module google.golang.org/api to v0.189.0 (#3086) * fix(deps): update module github.com/googleapis/gax-go/v2 to v2.13.0 (#3085) * fix(deps): update golang.org/x/exp digest to 8a7402a (#3083) * fix(deps): update module github.com/couchbase/gocb/v2 to v2.9.1 (#3078) * [chore] - Reduce `VerificationOverlapWorker`s (#3082) * add verify check (#3079) * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.20 (#3077) * Added Twitter v2 Detector (#3016) * chore: fix .goreleaser.yml and goreleaser usage for goreleaser v2 (#3073) * fix(deps): update golang.org/x/exp digest to e3f2596 (#3071) ------------------------------------------------------------------- Thu Aug 01 11:37:08 UTC 2024 - felix.niederwanger@suse.com - Update to version 3.80.5: * move concurrency (#3135) * [chore] - address linter (#3133) * [chore] - Set GOMAXPROCS (#3136) * Export maps from permission generation (#3137) * Add permissions lookup tables (#3125) ------------------------------------------------------------------- Wed Jul 31 19:33:22 UTC 2024 - felix.niederwanger@suse.com - Update to version 3.80.4: * Separate out printing statements with anlayzer logic for SourceGraph (#3119) * nitro detector was removed and needed to be deprecated (#3102) * Separate out printing statements with anlayzer logic for Stripe (#3120) * Separate out printing statements with anlayzer logic for Slack (#3121) * Update GitHub integration tests (#3124) ------------------------------------------------------------------- Wed Jul 31 08:21:51 UTC 2024 - felix.niederwanger@suse.com - Update to version 3.80.3: * Add new canary ID (#3117) * Separated printing and analyzes functionality for twilio (#3118) * Separated printing and analyzes functionality for square (#3122) * Separated printing and analyzes functionality for shopify (#3123) * fix(deps): update module github.com/aws/aws-sdk-go to v1.55.5 (#3116) * Analyzer partial implementations (#3114) * Include default detectors when using a config that contains detectors (#3115) * Use non-canary credentials for AWS tests (#3109) * fix dep versions (#3106) * [analyze] Add description and user to openai metadata (#3111) * Support openai project and fine grained tokens (#3112) * [analyze] Implement Analyzer interface for github (#3110) * fix(deps): update module github.com/aws/aws-sdk-go to v1.55.3 (#3107) * [chore] Move openai log message to proper function (#3105) * fix(deps): update module github.com/gabriel-vasile/mimetype to v1.4.5 (#3108) * Implement Analyzer interface for openai (#3101) * [chore] Fix Versioner interface for twitter (#3104) * fix(deps): update module cloud.google.com/go/secretmanager to v1.13.5 (#3096) * Analyze (#3099) * chore: fix some comments (#3098) * [bug]- Invalid Seek for Non-Seekable Readers (#3095) * remove deps from docker image (#3097) * fix(deps): update module github.com/aws/aws-sdk-go to v1.55.2 (#3094) * fix(deps): update module github.com/aws/aws-sdk-go to v1.55.1 (#3087) * fixed crash issue if data array is empty (#3091) * Remove onwater detector (#3088) * implemented a netsuite detector (#3068) * fix(deps): update module google.golang.org/api to v0.189.0 (#3086) * fix(deps): update module github.com/googleapis/gax-go/v2 to v2.13.0 (#3085) * fix(deps): update golang.org/x/exp digest to 8a7402a (#3083) * fix(deps): update module github.com/couchbase/gocb/v2 to v2.9.1 (#3078) * [chore] - Reduce `VerificationOverlapWorker`s (#3082) * add verify check (#3079) ------------------------------------------------------------------- Fri Jul 19 17:58:34 UTC 2024 - felix.niederwanger@suse.com - Update to version 3.80.1: * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.20 (#3077) * Added Twitter v2 Detector (#3016) * chore: fix .goreleaser.yml and goreleaser usage for goreleaser v2 (#3073) * fix(deps): update golang.org/x/exp digest to e3f2596 (#3071) * [perf] - Optimize MIME Type Detection to Reduce Allocations (#3048) * [feat] - Streamlined File Handling with BufferedReaderSeeker (#3041) * fix(deps): update module github.com/google/go-containerregistry to v0.20.1 (#3072) * Atlassian Token Detector (#3065) * fix(deps): update golang.org/x/exp digest to 1d5bc16 (#3070) * fix(deps): update module github.com/xanzy/go-gitlab to v0.107.0 (#3069) * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.19 (#3064) * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.18 (#3062) * fix(deps): update module cloud.google.com/go/secretmanager to v1.13.4 (#3059) * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.17 (#3057) * update package name (#3020) * Log more GitLab stuff (#3040) * Order GitLab repos by ID (#3047) * fix(deps): update module github.com/google/go-containerregistry to v0.20.0 (#3055) * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.16 (#3054) * fix(deps): update golang.org/x/exp digest to 46b0784 (#3053) * chore(deps): update goreleaser/goreleaser-action action to v6 (#3051) * remove dead code (#3044) * fix(deps): update testcontainers-go monorepo to v0.32.0 (#3050) * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.15 (#3049) * fix(deps): update module golang.org/x/crypto to v0.25.0 (#3045) * fix(deps): update module golang.org/x/net to v0.27.0 (#3046) * fix(deps): update module cloud.google.com/go/storage to v1.43.0 (#3043) * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.14 (#3042) * fix(deps): update module cloud.google.com/go/secretmanager to v1.13.3 (#3037) * fix(deps): update module go.mongodb.org/mongo-driver to v1.16.0 (#3036) * Elevenlabs detector (#3023) * fix(detectors): avoid race (#3028) * remove launchdarkly dep (#3034) * fix(deps): update module github.com/xanzy/go-gitlab to v0.106.0 (#3035) * fix(deps): update module github.com/wasilibs/go-re2 to v1.6.0 (#3033) * update LaunchDarkly detector to use the caller-identity API instead of the tokens API, and instantiating an SDK (#3018) * fix(deps): update module github.com/couchbase/gocb/v2 to v2.9.0 (#3030) * fix(deps): update module github.com/brianvoe/gofakeit/v7 to v7.0.4 (#3026) * fix(deps): update module cloud.google.com/go/secretmanager to v1.13.2 (#3024) * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.11 (#3025) * fix(deps): update module github.com/charmbracelet/bubbletea to v0.26.6 (#2998) * fixing docs (#3022) * Update README.md (#3019) * New Source: HuggingFace (#3000) * Add endorlabs detector (#3015) * added "example" (#3010) * ci(detector-tests): test detectors if integration fails (#2994) * Pin STARRY-S/zip #2999 * Adding Larksuite Detectors + Tests (#3008) * fix(git): set GIT_DIR based on ScanOptions.Bare (#3004) * Return targeted scan errors (#2995) * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.6 (#2996) * fix(deps): update module github.com/googleapis/gax-go/v2 to v2.12.5 (#2993) * ci(detector-tests): disambiguate step names (#2989) * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.5 (#2992) * clone more refs (#2988) * fix(deps): update module google.golang.org/api to v0.185.0 (#2987) * [feat] - Add Option to Retain False Positives During Detection (#2967) * fix(deps): update module github.com/getsentry/sentry-go to v0.28.1 (#2986) * fix(deps): update module github.com/elastic/go-elasticsearch/v8 to v8.14.0 (#2981) * fix(deps): update module github.com/bradleyfalzon/ghinstallation/v2 to v2.11.0 (#2980) * fix(deps): update module cloud.google.com/go/storage to v1.42.0 (#2977) * fix(deps): update module go.mongodb.org/mongo-driver to v1.15.1 (#2975) * fix(deps): update module github.com/google/go-containerregistry to v0.19.2 (#2973) * fix(deps): update golang.org/x/exp digest to 7f521ea (#2972) * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.2 (#2962) * patch dependency (#2971) * [fix] - implement MaxSecretSizeProvider for `auth0managementapitoken` detector (#2953) * Fix integration tests (#2970) * feat(detectors): log falsepositive reason (#2969) * fix(handlers): workaround for max archive depth (#2965) * add metrics to the pipeline (#2968) * adding eraser ai detector (#2961) * Modularize scanning engine (#2887) * test: fix compile errors (#2964) * adding twitter + Consumer key detector (#2963) * fix(deps): update golang.org/x/exp digest to fc45aab (#2931) * use @master (#2959) * pin archiver dependency (#2958) * [feat] - Update span calculation logic to use offset magnitude (#2957) * [fix] - Refactor Filtering Logic to Fix Known False Positive Handling in Overlapping Cases (#2946) * [chore] - Update `discordwebhook` detector keyword (#2954) * fix(maxmind): prevent npd panic (#2948) * refactor(filesystem): change symlink err handling (#2941) * [bug] - Ensure BufferedFileWriter Flushes Buffer Contents to File Correctly (#2943) * fix(deps): update module github.com/launchdarkly/go-server-sdk/v7 to v7.4.1 (#2947) * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.19 (#2944) * fix(deps): update module github.com/snowflakedb/gosnowflake to v1.10.1 (#2913) ------------------------------------------------------------------- Thu Jul 18 06:03:20 UTC 2024 - felix.niederwanger@suse.de - Update to version 3.80.0: * [perf] - Optimize MIME Type Detection to Reduce Allocations (#3048) * [feat] - Streamlined File Handling with BufferedReaderSeeker (#3041) * fix(deps): update module github.com/google/go-containerregistry to v0.20.1 (#3072) * Atlassian Token Detector (#3065) * fix(deps): update golang.org/x/exp digest to 1d5bc16 (#3070) * fix(deps): update module github.com/xanzy/go-gitlab to v0.107.0 (#3069) * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.19 (#3064) * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.18 (#3062) * fix(deps): update module cloud.google.com/go/secretmanager to v1.13.4 (#3059) * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.17 (#3057) * update package name (#3020) * Log more GitLab stuff (#3040) * Order GitLab repos by ID (#3047) * fix(deps): update module github.com/google/go-containerregistry to v0.20.0 (#3055) * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.16 (#3054) * fix(deps): update golang.org/x/exp digest to 46b0784 (#3053) * chore(deps): update goreleaser/goreleaser-action action to v6 (#3051) * remove dead code (#3044) * fix(deps): update testcontainers-go monorepo to v0.32.0 (#3050) * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.15 (#3049) * fix(deps): update module golang.org/x/crypto to v0.25.0 (#3045) * fix(deps): update module golang.org/x/net to v0.27.0 (#3046) * fix(deps): update module cloud.google.com/go/storage to v1.43.0 (#3043) * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.14 (#3042) * fix(deps): update module cloud.google.com/go/secretmanager to v1.13.3 (#3037) * fix(deps): update module go.mongodb.org/mongo-driver to v1.16.0 (#3036) * Elevenlabs detector (#3023) * fix(detectors): avoid race (#3028) * remove launchdarkly dep (#3034) * fix(deps): update module github.com/xanzy/go-gitlab to v0.106.0 (#3035) * fix(deps): update module github.com/wasilibs/go-re2 to v1.6.0 (#3033) * update LaunchDarkly detector to use the caller-identity API instead of the tokens API, and instantiating an SDK (#3018) * fix(deps): update module github.com/couchbase/gocb/v2 to v2.9.0 (#3030) * fix(deps): update module github.com/brianvoe/gofakeit/v7 to v7.0.4 (#3026) * fix(deps): update module cloud.google.com/go/secretmanager to v1.13.2 (#3024) * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.11 (#3025) * fix(deps): update module github.com/charmbracelet/bubbletea to v0.26.6 (#2998) * fixing docs (#3022) * Update README.md (#3019) * New Source: HuggingFace (#3000) ------------------------------------------------------------------- Thu Jun 27 06:31:25 UTC 2024 - felix.niederwanger@suse.de - Update to version 3.79.0: * Add endorlabs detector (#3015) * added "example" (#3010) ------------------------------------------------------------------- Tue Jun 25 06:26:55 UTC 2024 - felix.niederwanger@suse.de - Update to version 3.78.2: * ci(detector-tests): test detectors if integration fails (#2994) * Pin STARRY-S/zip #2999 * Adding Larksuite Detectors + Tests (#3008) * fix(git): set GIT_DIR based on ScanOptions.Bare (#3004) * Return targeted scan errors (#2995) * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.6 (#2996) * fix(deps): update module github.com/googleapis/gax-go/v2 to v2.12.5 (#2993) * ci(detector-tests): disambiguate step names (#2989) * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.5 (#2992) * clone more refs (#2988) * fix(deps): update module google.golang.org/api to v0.185.0 (#2987) * [feat] - Add Option to Retain False Positives During Detection (#2967) * fix(deps): update module github.com/getsentry/sentry-go to v0.28.1 (#2986) * fix(deps): update module github.com/elastic/go-elasticsearch/v8 to v8.14.0 (#2981) * fix(deps): update module github.com/bradleyfalzon/ghinstallation/v2 to v2.11.0 (#2980) * fix(deps): update module cloud.google.com/go/storage to v1.42.0 (#2977) * fix(deps): update module go.mongodb.org/mongo-driver to v1.15.1 (#2975) * fix(deps): update module github.com/google/go-containerregistry to v0.19.2 (#2973) * fix(deps): update golang.org/x/exp digest to 7f521ea (#2972) * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.2 (#2962) * patch dependency (#2971) * [fix] - implement MaxSecretSizeProvider for `auth0managementapitoken` detector (#2953) * Fix integration tests (#2970) * feat(detectors): log falsepositive reason (#2969) * fix(handlers): workaround for max archive depth (#2965) * add metrics to the pipeline (#2968) * adding eraser ai detector (#2961) * Modularize scanning engine (#2887) * test: fix compile errors (#2964) * adding twitter + Consumer key detector (#2963) * fix(deps): update golang.org/x/exp digest to fc45aab (#2931) ------------------------------------------------------------------- Wed Jun 12 06:57:02 UTC 2024 - felix.niederwanger@suse.de - Update to version 3.78.1: * use @master (#2959) * pin archiver dependency (#2958) * [feat] - Update span calculation logic to use offset magnitude (#2957) * [fix] - Refactor Filtering Logic to Fix Known False Positive Handling in Overlapping Cases (#2946) * [chore] - Update `discordwebhook` detector keyword (#2954) * fix(maxmind): prevent npd panic (#2948) * refactor(filesystem): change symlink err handling (#2941) * [bug] - Ensure BufferedFileWriter Flushes Buffer Contents to File Correctly (#2943) * fix(deps): update module github.com/launchdarkly/go-server-sdk/v7 to v7.4.1 (#2947) * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.19 (#2944) * fix(deps): update module github.com/snowflakedb/gosnowflake to v1.10.1 (#2913) * Make the github action work with a path as input (#2908) * feat(extensions): ignore dia diagrams (#2939) * [chore] Polish channelmetrics package (#2938) * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.17 (#2914) * refactor(cache): use generics (#2930) * [chore] - address comments (#2920) * feat(git): improve scan logging (#2923) * [fix] - Correctly calculate EntireSpanChunkCalculator span (#2924) * remove stutter in naming (#2926) * Update Jenkins in tui (#2925) * continue on error (#2921) * Go should be installed before codeql initializes (#2919) * [feat] - Optimize detector performance by reducing data passed to regex (#2812) * [feat] - Introduce `channelmetrics` Package for Channel Metrics Collection (#2889) * Add flag to get information if trufflehog being ran from TUI (#1644) * feat(openai): add project and service account keys (#2863) * refactor(github): improve wiki err handling (#2917) * Add elasticsearch to tui (#2915) * fix(deps): update module github.com/microsoft/go-mssqldb to v1.7.2 (#2912) * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.15 (#2911) * Add Jenkins scanning (#2892) * [chore] Always log git repositories being scanned (#2909) * chore: fix some comments (#2903) * fix(deps): update module github.com/azure/go-autorest/autorest/azure/auth to v0.5.13 (#2902) * integration testing for mongodb. (#2907) * fix(deps): update module github.com/hashicorp/go-retryablehttp to v0.7.7 (#2904) * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.14 (#2900) * refactor(github): enumerateWithToken flow & tests (#2880) * Redis integration test (#2901) * fix(falsepositives): remove 'www' (#2896) * fix(deps): update module github.com/charmbracelet/bubbletea to v0.26.4 (#2885) * consistent image of MSSQL for integration testing. (#2898) * Update metadata for DataDog for API + APPKey (#2879) * fix(deps): update golang.org/x/exp digest to fd00a4e (#2899) * chore(deps): update alpine docker tag to v3.20 (#2874) * Add postman to tui (#2895) ------------------------------------------------------------------- Fri Jun 07 18:28:18 UTC 2024 - felix.niederwanger@suse.com - Update to version 3.78.0: * Make the github action work with a path as input (#2908) * feat(extensions): ignore dia diagrams (#2939) * [chore] Polish channelmetrics package (#2938) * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.17 (#2914) * refactor(cache): use generics (#2930) * [chore] - address comments (#2920) * feat(git): improve scan logging (#2923) * [fix] - Correctly calculate EntireSpanChunkCalculator span (#2924) * remove stutter in naming (#2926) * Update Jenkins in tui (#2925) * continue on error (#2921) * Go should be installed before codeql initializes (#2919) * [feat] - Optimize detector performance by reducing data passed to regex (#2812) * [feat] - Introduce `channelmetrics` Package for Channel Metrics Collection (#2889) * Add flag to get information if trufflehog being ran from TUI (#1644) * feat(openai): add project and service account keys (#2863) * refactor(github): improve wiki err handling (#2917) * Add elasticsearch to tui (#2915) * fix(deps): update module github.com/microsoft/go-mssqldb to v1.7.2 (#2912) * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.15 (#2911) * Add Jenkins scanning (#2892) * [chore] Always log git repositories being scanned (#2909) * chore: fix some comments (#2903) * fix(deps): update module github.com/azure/go-autorest/autorest/azure/auth to v0.5.13 (#2902) * integration testing for mongodb. (#2907) * fix(deps): update module github.com/hashicorp/go-retryablehttp to v0.7.7 (#2904) * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.14 (#2900) * refactor(github): enumerateWithToken flow & tests (#2880) * Redis integration test (#2901) * fix(falsepositives): remove 'www' (#2896) * fix(deps): update module github.com/charmbracelet/bubbletea to v0.26.4 (#2885) * consistent image of MSSQL for integration testing. (#2898) * Update metadata for DataDog for API + APPKey (#2879) * fix(deps): update golang.org/x/exp digest to fd00a4e (#2899) * chore(deps): update alpine docker tag to v3.20 (#2874) * Add postman to tui (#2895) * feat: support docker image history scanning (#2882) * Added extra data for LaunchDarkly (#2836) * fix(deps): update module github.com/gabriel-vasile/mimetype to v1.4.4 (#2890) * fix(deps): update module github.com/elastic/go-elasticsearch/v8 to v8.13.1 (#2886) * fix(deps): update golang.org/x/exp digest to 4c93da0 (#2883) * fix(deps): update module cloud.google.com/go/secretmanager to v1.13.1 (#2884) * fix(deps): update module github.com/go-logr/logr to v1.4.2 (#2869) * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.10 (#2871) * test(github): fix some errors (#2774) * Improve handling of Gist URLs (#2653) * Elastic adapter (#2727) * fix(github): scan user repos (#2814) * Log reasons for GitLab repo exclusion (#2875) * adding Groq detector (#2873) * [chore] - Use http.NewRequestWithContext (#2870) * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.6 (#2867) * made changes in organization regex for azure devops. (#2866) * Update azure storage extra data (#2808) * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.5 (#2859) * fix(deps): update module google.golang.org/api to v0.181.0 (#2857) * fix(deps): update module github.com/wasilibs/go-re2 to v1.5.3 (#2861) * chore(engine): remove verbose log line (#2860) * remove redundant chunking (#2855) * [chore] - move buffers pkg out of writers pkg (#2826) * upgrade github dep (#2858) * Adding postman to sub-commands list (#2813) * add tolower to all keywords, and remove return on error for global vars (#2852) * deprecated Integromat detector becuase they are gone. (#2856) * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.3 (#2849) * [bug] - Handle empty reader case in newFileReader (#2854) * [refactor] - Create separate handler for non-archive data (#2825) * added email and location in metadata. (#2850) * chore: fix some typos in comments (#2851) ------------------------------------------------------------------- Wed May 29 06:51:32 UTC 2024 - felix.niederwanger@suse.de - Update to version 3.77.0: * feat: support docker image history scanning (#2882) * Added extra data for LaunchDarkly (#2836) * fix(deps): update module github.com/gabriel-vasile/mimetype to v1.4.4 (#2890) * fix(deps): update module github.com/elastic/go-elasticsearch/v8 to v8.13.1 (#2886) * fix(deps): update golang.org/x/exp digest to 4c93da0 (#2883) * fix(deps): update module cloud.google.com/go/secretmanager to v1.13.1 (#2884) * fix(deps): update module github.com/go-logr/logr to v1.4.2 (#2869) * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.10 (#2871) * test(github): fix some errors (#2774) * Improve handling of Gist URLs (#2653) * Elastic adapter (#2727) * fix(github): scan user repos (#2814) * Log reasons for GitLab repo exclusion (#2875) * adding Groq detector (#2873) * [chore] - Use http.NewRequestWithContext (#2870) * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.6 (#2867) ------------------------------------------------------------------- Tue May 21 06:38:19 UTC 2024 - felix.niederwanger@suse.de - Update to version 3.76.3: * made changes in organization regex for azure devops. (#2866) * Update azure storage extra data (#2808) * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.5 (#2859) * fix(deps): update module google.golang.org/api to v0.181.0 (#2857) * fix(deps): update module github.com/wasilibs/go-re2 to v1.5.3 (#2861) * chore(engine): remove verbose log line (#2860) * remove redundant chunking (#2855) * [chore] - move buffers pkg out of writers pkg (#2826) * upgrade github dep (#2858) * Adding postman to sub-commands list (#2813) * add tolower to all keywords, and remove return on error for global vars (#2852) * deprecated Integromat detector becuase they are gone. (#2856) ------------------------------------------------------------------- Thu May 16 08:09:47 UTC 2024 - Felix Niederwanger <felix.niederwanger@suse.de> - Update to version 3.76.2: * [bug] - Handle empty reader case in newFileReader (#2854) ------------------------------------------------------------------- Thu May 16 08:06:35 UTC 2024 - felix.niederwanger@suse.de - Update to version 3.76.1: * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.3 (#2849) * [bug] - Handle empty reader case in newFileReader (#2854) * [refactor] - Create separate handler for non-archive data (#2825) * added email and location in metadata. (#2850) * chore: fix some typos in comments (#2851) * Add "Intra42" detector (#2835) * [feat] - Support bearer auth for docker scans (#2848) * Use fake detectors in versioned detectors test (#2847) * switch to filesystem and specific tag when performance testing (#2846) * [bug] - Fix case-sensitivity issue in PrefixRegex function (#2811) * fix(deps): update module cloud.google.com/go/storage to v1.41.0 (#2843) * feat(sendgrid): update detector (#2833) * Bump up performance test threshold to 50% (#2839) * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.1 (#2841) * fix(deps): update module github.com/fatih/color to v1.17.0 (#2837) * Fixed the Now Scanning emoji (#2842) * [chore] - Update GitlabV2 detector (#2840) * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.0 (#2830) * Update results's extra data for Twilio (#2807) * fix(deps): update module github.com/google/go-github/v61 to v62 (#2832) * fix(deps): update module github.com/sassoftware/go-rpmutils to v0.4.0 (#2831) * fix(deps): update module google.golang.org/api to v0.180.0 (#2822) * fix(deps): update module github.com/xanzy/go-gitlab to v0.105.0 (#2824) * fix(deps): update testcontainers-go monorepo to v0.31.0 (#2823) * [refactor] - Refactor Archive Handling Logic (#2703) * Update postman flags to be less confusing (#2755) * fix(deps): update module github.com/prometheus/client_golang to v1.19.1 (#2821) * fix(deps): update module github.com/charmbracelet/bubbletea to v0.26.2 (#2818) * fix(deps): update module github.com/hashicorp/go-retryablehttp to v0.7.6 (#2819) * fix(deps): update module github.com/aws/aws-sdk-go to v1.52.6 (#2816) * test(common/http): fix panic (#2817) * fix(deps): update module github.com/snowflakedb/gosnowflake to v1.10.0 (#2810) * fix(deps): update module github.com/rabbitmq/amqp091-go to v1.10.0 (#2809) * fix(deps): update module github.com/xanzy/go-gitlab to v0.104.1 (#2784) * address linter (#2783) * chore(deps): update golangci/golangci-lint-action action to v6 (#2801) * Updating Enterprise Readme Link from Contact to Product Info Page (#2804) * Moved up enterprise section and added additional integrations (#2803) * fix(deps): update module google.golang.org/api to v0.178.0 (#2800) * fix(deps): update module github.com/aws/aws-sdk-go to v1.52.4 (#2794) * fix(deps): update module github.com/brianvoe/gofakeit/v7 to v7.0.3 (#2798) * fix(deps): update module golang.org/x/exp to v0.0.0-20240506185415-9bf2ced13842 (#2795) * increase test chan size (#2797) ------------------------------------------------------------------- Tue May 14 19:03:22 UTC 2024 - felix.niederwanger@suse.com - Update to version 3.76.0: * Add "Intra42" detector (#2835) * [feat] - Support bearer auth for docker scans (#2848) * Use fake detectors in versioned detectors test (#2847) * switch to filesystem and specific tag when performance testing (#2846) * [bug] - Fix case-sensitivity issue in PrefixRegex function (#2811) * fix(deps): update module cloud.google.com/go/storage to v1.41.0 (#2843) * feat(sendgrid): update detector (#2833) * Bump up performance test threshold to 50% (#2839) * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.1 (#2841) * fix(deps): update module github.com/fatih/color to v1.17.0 (#2837) * Fixed the Now Scanning emoji (#2842) * [chore] - Update GitlabV2 detector (#2840) * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.0 (#2830) * Update results's extra data for Twilio (#2807) * fix(deps): update module github.com/google/go-github/v61 to v62 (#2832) * fix(deps): update module github.com/sassoftware/go-rpmutils to v0.4.0 (#2831) * fix(deps): update module google.golang.org/api to v0.180.0 (#2822) * fix(deps): update module github.com/xanzy/go-gitlab to v0.105.0 (#2824) * fix(deps): update testcontainers-go monorepo to v0.31.0 (#2823) * [refactor] - Refactor Archive Handling Logic (#2703) * Update postman flags to be less confusing (#2755) * fix(deps): update module github.com/prometheus/client_golang to v1.19.1 (#2821) * fix(deps): update module github.com/charmbracelet/bubbletea to v0.26.2 (#2818) * fix(deps): update module github.com/hashicorp/go-retryablehttp to v0.7.6 (#2819) * fix(deps): update module github.com/aws/aws-sdk-go to v1.52.6 (#2816) * test(common/http): fix panic (#2817) * fix(deps): update module github.com/snowflakedb/gosnowflake to v1.10.0 (#2810) * fix(deps): update module github.com/rabbitmq/amqp091-go to v1.10.0 (#2809) * fix(deps): update module github.com/xanzy/go-gitlab to v0.104.1 (#2784) * address linter (#2783) * chore(deps): update golangci/golangci-lint-action action to v6 (#2801) * Updating Enterprise Readme Link from Contact to Product Info Page (#2804) * Moved up enterprise section and added additional integrations (#2803) * fix(deps): update module google.golang.org/api to v0.178.0 (#2800) * fix(deps): update module github.com/aws/aws-sdk-go to v1.52.4 (#2794) * fix(deps): update module github.com/brianvoe/gofakeit/v7 to v7.0.3 (#2798) * fix(deps): update module golang.org/x/exp to v0.0.0-20240506185415-9bf2ced13842 (#2795) * increase test chan size (#2797) * Add webhook source protos (#2789) * fix(deps): update module golang.org/x/net to v0.25.0 (#2792) * Use custom fp logic for private keys (#2793) * fix(deps): update module google.golang.org/protobuf to v1.34.1 (#2790) * fix(deps): update module golang.org/x/text to v0.15.0 (#2786) * fix(deps): update module golang.org/x/oauth2 to v0.20.0 (#2785) * fix(deps): update module github.com/charmbracelet/bubbletea to v0.26.1 (#2777) * fix(deps): update module github.com/googleapis/gax-go/v2 to v2.12.4 (#2781) * fix(deps): update module github.com/aws/aws-sdk-go to v1.52.2 (#2776) * fix(deps): update module cloud.google.com/go/secretmanager to v1.13.0 (#2775) * set default buffer size to 64 (#2778) * Update result's extra data for Slack (#2779) * fix for infinite recursion in Postman var sub (#2780) * Update rabbitmq.go regex detect amqps protocol (#2609) * adds build version to finished scanning log (#2773) * update imports (#2772) * fix(deps): update module google.golang.org/api to v0.177.0 (#2770) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.32 (#2769) * Detector-Competition-Fix - fixed the alchemy detector regex (#1821) * Detector-Fix: Reintroduce Cloudflareglobalapikey (#2101) * Expose detector-specific false positive logic (#2743) * fixed calendly api key (#2368) * [bug] - Improve BufferedFileReader Close Behavior (#2768) * fix(deps): update module google.golang.org/protobuf to v1.34.0 (#2766) * [feat] - Add ReadFrom method to BufferedFileWriter (#2759) * [feat] - buffered file reader (#2731) * test(git): change length of chunks (#2767) * [chore] Add some happy path logs to GitLab (#2765) * Update ignore extensions (#2764) * Correclty set metrics for enumerated orgs (#2757) * feat(git): scan commit metadata (#2754) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.31 (#2763) * ignore pbix and vsdx files (#2762) * pkg: fix function names in comment (#2761) * [chore] - add additional binary extension (#2760) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.30 (#2756) * update integration logos (#2752) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.29 (#2751) * [bug] - Fix the metric for buffered file writer writes (#2750) * [bug] - fix buffer size metric (#2749) * [chore] Remove broken test (#2748) * [refactor] - lazy buffer retrieval (#2745) * [chore] - update buffered file writer metric (#2740) * [bug] - Refactor newDiff constructor to avoid double initialization of contentWriter (#2742) * Revert "feat(git): scan commit metadata (#2713)" (#2747) * Fix SQL Server detector tests (#2716) * feat(git): scan commit metadata (#2713) * chore(deps): update golangci/golangci-lint-action action to v5 (#2744) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.28 (#2741) * update buffer metrics (#2737) * [bug] - Correctly return the checked out buffer to the pool (#2732) * fix(deps): update module google.golang.org/api to v0.176.1 (#2736) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.27 (#2735) * Make connection issues less jarring (#2730) * [bug] - Fix disk write metric and update BufferedFileWriter file field (#2733) * Add false positive info to proto (#2729) * [refactor] - Update Write method signature in contentWriter interface (#2721) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.26 (#2728) * Move detectors.IsKnownFalsePositive from the detectors and into the engine (#2643) * fix(deps): update module google.golang.org/api to v0.176.0 (#2726) * added onfleet api key detector (#2375) * fix(deps): update module google.golang.org/api to v0.175.0 (#2724) * fix(deps): update module github.com/microsoft/go-mssqldb to v1.7.1 (#2720) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.25 (#2723) * Detect Slack workflows webhook (#2569) * fix(deps): update module github.com/couchbase/gocb/v2 to v2.8.1 (#2714) * fix(deps): update module github.com/xanzy/go-gitlab to v0.103.0 (#2715) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.24 (#2717) * fix(deps): update module google.golang.org/api to v0.174.0 (#2712) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.23 (#2711) * fix(deps): update module google.golang.org/api to v0.173.0 (#2709) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.22 (#2708) * fix(deps): update module github.com/go-ldap/ldap/v3 to v3.4.8 (#2707) * fix(deps): update golang.org/x/exp digest to fe59bbe (#2706) * fix(deps): update module go.mongodb.org/mongo-driver to v1.15.0 (#2700) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.21 (#2699) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.20 (#2698) * fix(deps): update module github.com/launchdarkly/go-server-sdk/v7 to v7.4.0 (#2697) * Adding Pagarme API key detection (#2665) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.19 (#2694) * chore(deps): update sigstore/cosign-installer action to v3.5.0 (#2695) * [refactor] - template detector (#2692) * Remove unnecessary space in Vultr regex pattern (#2689) ------------------------------------------------------------------- Tue May 07 06:23:39 UTC 2024 - felix.niederwanger@suse.de - Update to version 3.75.1: * Add webhook source protos (#2789) * fix(deps): update module golang.org/x/net to v0.25.0 (#2792) * Use custom fp logic for private keys (#2793) * fix(deps): update module google.golang.org/protobuf to v1.34.1 (#2790) ------------------------------------------------------------------- Mon May 06 11:59:37 UTC 2024 - felix.niederwanger@suse.de - Update to version 3.75.0: * fix(deps): update module golang.org/x/text to v0.15.0 (#2786) * fix(deps): update module golang.org/x/oauth2 to v0.20.0 (#2785) * fix(deps): update module github.com/charmbracelet/bubbletea to v0.26.1 (#2777) * fix(deps): update module github.com/googleapis/gax-go/v2 to v2.12.4 (#2781) * fix(deps): update module github.com/aws/aws-sdk-go to v1.52.2 (#2776) * fix(deps): update module cloud.google.com/go/secretmanager to v1.13.0 (#2775) * set default buffer size to 64 (#2778) * Update result's extra data for Slack (#2779) * fix for infinite recursion in Postman var sub (#2780) * Update rabbitmq.go regex detect amqps protocol (#2609) * adds build version to finished scanning log (#2773) * update imports (#2772) * fix(deps): update module google.golang.org/api to v0.177.0 (#2770) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.32 (#2769) * Detector-Competition-Fix - fixed the alchemy detector regex (#1821) * Detector-Fix: Reintroduce Cloudflareglobalapikey (#2101) * Expose detector-specific false positive logic (#2743) * fixed calendly api key (#2368) * [bug] - Improve BufferedFileReader Close Behavior (#2768) * fix(deps): update module google.golang.org/protobuf to v1.34.0 (#2766) * [feat] - Add ReadFrom method to BufferedFileWriter (#2759) * [feat] - buffered file reader (#2731) * test(git): change length of chunks (#2767) * [chore] Add some happy path logs to GitLab (#2765) * Update ignore extensions (#2764) * Correclty set metrics for enumerated orgs (#2757) * feat(git): scan commit metadata (#2754) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.31 (#2763) * ignore pbix and vsdx files (#2762) * pkg: fix function names in comment (#2761) * [chore] - add additional binary extension (#2760) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.30 (#2756) * update integration logos (#2752) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.29 (#2751) * [bug] - Fix the metric for buffered file writer writes (#2750) * [bug] - fix buffer size metric (#2749) * [chore] Remove broken test (#2748) * [refactor] - lazy buffer retrieval (#2745) * [chore] - update buffered file writer metric (#2740) * [bug] - Refactor newDiff constructor to avoid double initialization of contentWriter (#2742) * Revert "feat(git): scan commit metadata (#2713)" (#2747) * Fix SQL Server detector tests (#2716) * feat(git): scan commit metadata (#2713) * chore(deps): update golangci/golangci-lint-action action to v5 (#2744) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.28 (#2741) * update buffer metrics (#2737) ------------------------------------------------------------------- Wed Apr 24 06:40:13 UTC 2024 - felix.niederwanger@suse.de - Update to version 3.74.0: * [bug] - Correctly return the checked out buffer to the pool (#2732) * fix(deps): update module google.golang.org/api to v0.176.1 (#2736) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.27 (#2735) * Make connection issues less jarring (#2730) * [bug] - Fix disk write metric and update BufferedFileWriter file field (#2733) * Add false positive info to proto (#2729) * [refactor] - Update Write method signature in contentWriter interface (#2721) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.26 (#2728) * Move detectors.IsKnownFalsePositive from the detectors and into the engine (#2643) * fix(deps): update module google.golang.org/api to v0.176.0 (#2726) * added onfleet api key detector (#2375) * fix(deps): update module google.golang.org/api to v0.175.0 (#2724) * fix(deps): update module github.com/microsoft/go-mssqldb to v1.7.1 (#2720) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.25 (#2723) * Detect Slack workflows webhook (#2569) * fix(deps): update module github.com/couchbase/gocb/v2 to v2.8.1 (#2714) * fix(deps): update module github.com/xanzy/go-gitlab to v0.103.0 (#2715) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.24 (#2717) * fix(deps): update module google.golang.org/api to v0.174.0 (#2712) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.23 (#2711) * fix(deps): update module google.golang.org/api to v0.173.0 (#2709) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.22 (#2708) * fix(deps): update module github.com/go-ldap/ldap/v3 to v3.4.8 (#2707) * fix(deps): update golang.org/x/exp digest to fe59bbe (#2706) * fix(deps): update module go.mongodb.org/mongo-driver to v1.15.0 (#2700) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.21 (#2699) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.20 (#2698) * fix(deps): update module github.com/launchdarkly/go-server-sdk/v7 to v7.4.0 (#2697) * Adding Pagarme API key detection (#2665) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.19 (#2694) * chore(deps): update sigstore/cosign-installer action to v3.5.0 (#2695) * [refactor] - template detector (#2692) * Remove unnecessary space in Vultr regex pattern (#2689) * Add Wiz detector (#2691) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.18 (#2690) * fix(deps): update golang.org/x/exp digest to 93d18d7 (#2688) * Update README.md with Windows-specific Docker installation instructions (#2674) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.17 (#2686) * fix(deps): update module github.com/go-ldap/ldap/v3 to v3.4.7 (#2684) * fix(deps): update testcontainers-go monorepo to v0.30.0 (#2685) * fix(deps): update module github.com/xanzy/go-gitlab to v0.102.0 (#2682) * Enrich Gitlab enumeration logging (#2678) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.16 (#2680) * fix(deps): update golang.org/x/exp digest to c0f41cb (#2672) * fix(deps): update module github.com/wasilibs/go-re2 to v1.5.2 (#2681) * fix(deps): update module github.com/thezeroslave/zapsentry to v1.23.0 (#2667) * fix(deps): update module golang.org/x/net to v0.24.0 (#2662) * Handle inactive Slack account tokens (#2668) * [bug] - Add ASCII validation check for base64 decoding (#2671) * fix(deps): update module golang.org/x/oauth2 to v0.19.0 (#2670) * chore: fix some typos (#2666) * [chore] - update go-github dep manually (#2664) * fix(deps): update module github.com/google/go-github/v57 to v61 (#2652) * fix(deps): update module github.com/launchdarkly/go-server-sdk/v7 to v7.3.0 (#2660) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.14 (#2659) * upgrade launchdarkly dep (#2650) * chore: remove duplicate jiratoken.v2 detector (#2657) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.13 (#2655) * fix(deps): update module github.com/thezeroslave/zapsentry to v1.22.1 (#2654) * Add GitLab CI Pipeline Example in Documentation (#2601) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.12 (#2651) * add GCP application default credentials detector (#2530) * fix(deps): update module github.com/go-git/go-git/v5 to v5.12.0 (#2649) * fix(deps): update module github.com/thezeroslave/zapsentry to v1.22.0 (#2648) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.11 (#2646) * Add JupiterOne detector (#2446) * fix(deps): update module cloud.google.com/go/storage to v1.40.0 (#2645) * fix(deps): update module github.com/launchdarkly/go-server-sdk/v6 to v6.2.0 (#2638) * Fix GitHub enumeration & rate-limiting logic (#2625) * build: fix 'toolchair not available' error (#2642) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.10 (#2636) * make postman source public (#2635) * fix(deps): update module google.golang.org/api to v0.172.0 (#2634) * Fixing nitro check (#2631) * Link to GitHub contribution guide in CONTRIBUTING (#2632) ------------------------------------------------------------------- Wed Apr 10 18:53:46 UTC 2024 - felix.niederwanger@suse.com - Update to version 3.73.0: * Add Wiz detector (#2691) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.18 (#2690) * fix(deps): update golang.org/x/exp digest to 93d18d7 (#2688) * Update README.md with Windows-specific Docker installation instructions (#2674) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.17 (#2686) * fix(deps): update module github.com/go-ldap/ldap/v3 to v3.4.7 (#2684) * fix(deps): update testcontainers-go monorepo to v0.30.0 (#2685) * fix(deps): update module github.com/xanzy/go-gitlab to v0.102.0 (#2682) * Enrich Gitlab enumeration logging (#2678) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.16 (#2680) * fix(deps): update golang.org/x/exp digest to c0f41cb (#2672) * fix(deps): update module github.com/wasilibs/go-re2 to v1.5.2 (#2681) * fix(deps): update module github.com/thezeroslave/zapsentry to v1.23.0 (#2667) * fix(deps): update module golang.org/x/net to v0.24.0 (#2662) * Handle inactive Slack account tokens (#2668) * [bug] - Add ASCII validation check for base64 decoding (#2671) * fix(deps): update module golang.org/x/oauth2 to v0.19.0 (#2670) * chore: fix some typos (#2666) * [chore] - update go-github dep manually (#2664) * fix(deps): update module github.com/google/go-github/v57 to v61 (#2652) * fix(deps): update module github.com/launchdarkly/go-server-sdk/v7 to v7.3.0 (#2660) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.14 (#2659) * upgrade launchdarkly dep (#2650) * chore: remove duplicate jiratoken.v2 detector (#2657) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.13 (#2655) * fix(deps): update module github.com/thezeroslave/zapsentry to v1.22.1 (#2654) * Add GitLab CI Pipeline Example in Documentation (#2601) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.12 (#2651) * add GCP application default credentials detector (#2530) * fix(deps): update module github.com/go-git/go-git/v5 to v5.12.0 (#2649) * fix(deps): update module github.com/thezeroslave/zapsentry to v1.22.0 (#2648) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.11 (#2646) * Add JupiterOne detector (#2446) * fix(deps): update module cloud.google.com/go/storage to v1.40.0 (#2645) * fix(deps): update module github.com/launchdarkly/go-server-sdk/v6 to v6.2.0 (#2638) * Fix GitHub enumeration & rate-limiting logic (#2625) * build: fix 'toolchair not available' error (#2642) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.10 (#2636) ------------------------------------------------------------------- Thu Mar 28 20:38:32 UTC 2024 - felix.niederwanger@suse.com - Update to version 3.72.0: * make postman source public (#2635) * fix(deps): update module google.golang.org/api to v0.172.0 (#2634) * Fixing nitro check (#2631) * Link to GitHub contribution guide in CONTRIBUTING (#2632) * Use Lstat to identify non-regular files in filesystem source (#2628) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.8 (#2630) * [bugfix] - Update the Anthropic detector (#2629) * fix(deps): update module github.com/charmbracelet/glamour to v0.7.0 (#2627) * fix(deps): update module github.com/go-sql-driver/mysql to v1.8.1 (#2626) * Fix incorrect regular expression with missing closing bracket (#2616) ------------------------------------------------------------------- Wed Mar 27 08:02:16 UTC 2024 - felix.niederwanger@suse.de - Update to version 3.71.1: * Use Lstat to identify non-regular files in filesystem source (#2628) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.8 (#2630) * [bugfix] - Update the Anthropic detector (#2629) * fix(deps): update module github.com/charmbracelet/glamour to v0.7.0 (#2627) * fix(deps): update module github.com/go-sql-driver/mysql to v1.8.1 (#2626) * Fix incorrect regular expression with missing closing bracket (#2616) * fix(deps): update golang.org/x/exp digest to a685a6e (#2621) * [chore] - upgrade dep (#2618) * Fix additional GitHub test errors #2614 * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.7 (#2623) ------------------------------------------------------------------- Mon Mar 25 15:00:59 UTC 2024 - felix.niederwanger@suse.de - Update to version 3.71.0: * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.6 (#2615) * fix(deps): update module github.com/xanzy/go-gitlab to v0.101.0 (#2617) * fix(github): resolve panic & test failures (#2608) * Dockerhub v2 detector (#2361) * fix(deps): update module github.com/brianvoe/gofakeit/v6 to v7 (#2612) * Update Snyk detector (#2559) * MaxMind detector uses the right endpoint (#2577) * feat(gitparse): avoid uneeded calls to strconv.Unquote (#2605) * fix(deps): update module github.com/bradleyfalzon/ghinstallation/v2 to v2.10.0 (#2607) * fix(deps): update module google.golang.org/api to v0.171.0 (#2611) * fix(deps): update module github.com/brianvoe/gofakeit/v6 to v7 (#2524) * fix(deps): update module github.com/launchdarkly/go-server-sdk/v6 to v7 (#2590) * Use go 1.22 (#2599) * Refactor GitHub source (#2379) * Bump github.com/docker/docker (#2603) * [chore] Fix potential resource leak in postman source (#2606) * strings contain keyword check, add collection name to keywords (#2602) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.4 (#2604) * Postman Source (#2579) ------------------------------------------------------------------- Wed Mar 20 15:00:57 UTC 2024 - felix.niederwanger@suse.de - Update to version 3.70.3: * fix(deps): update module github.com/wasilibs/go-re2 to v1.5.1 (#2596) ------------------------------------------------------------------- Wed Mar 20 09:30:28 UTC 2024 - felix.niederwanger@suse.de - Update to version 3.70.2: * fix(deps): update module cloud.google.com/go/secretmanager to v1.12.0 (#2595) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.3 (#2594) * fix(git): decode unicode paths (#2585) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.2 (#2593) * fix(deps): update golang.org/x/exp digest to a85f2c6 (#2592) * [chore] Replace "Trufflehog" with "TruffleHog" (#2584) * fix(deps): update module github.com/wasilibs/go-re2 to v1.5.0 (#2591) * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.1 (#2588) * fix(deps): update module google.golang.org/api to v0.170.0 (#2589) * fix(deps): update module github.com/googleapis/gax-go/v2 to v2.12.3 (#2587) * fix(deps): update module github.com/google/go-containerregistry to v0.19.1 (#2586) * fix(deps): update module cloud.google.com/go/secretmanager to v1.11.6 (#2578) * fix(deps): update module github.com/launchdarkly/go-server-sdk/v7 to v7.1.1 (#2576) * fix(github): response can be nil (#2583) * fix(cli): properly parse --results (#2582) * pull out verification logic from github detectors (#2554) * Add `--results` flag (#2372) * fix(deps): update golang.org/x/exp digest to c7f7c64 (#2575) * fix(deps): update module github.com/couchbase/gocb/v2 to v2.8.0 (#2573) * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.38 (#2572) * fix(deps): update module github.com/xanzy/go-gitlab to v0.100.0 (#2567) * fix(deps): update module github.com/launchdarkly/go-server-sdk/v6 to v7 (#2568) * [chore] - Record metrics before reset (#2556) * Fix flaky test. (#2564) * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.36 (#2566) * fix(deps): update module cloud.google.com/go/storage to v1.39.1 (#2565) * fix(deps): update module github.com/go-sql-driver/mysql to v1.8.0 (#2561) * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.35 (#2560) * fix(deps): update module github.com/google/go-github/v57 to v60 (#2551) * use custom grow method (#2555) * fix(deps): update module github.com/golang-jwt/jwt/v4 to v5 (#2550) * fix(deps): update module google.golang.org/protobuf to v1.33.0 (#2548) * fix(deps): update testcontainers-go monorepo to v0.29.1 (#2549) * Canary verification (#2531) * fix(deps): update module google.golang.org/api to v0.169.0 (#2547) * fix(deps): update module golang.org/x/oauth2 to v0.18.0 (#2546) * fix(deps): update module github.com/xanzy/go-gitlab to v0.99.0 (#2543) * fix(deps): update module golang.org/x/crypto to v0.21.0 (#2544) * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.34 (#2541) * fix(deps): update module github.com/charmbracelet/lipgloss to v0.10.0 (#2542) * fix(deps): update module github.com/golang-jwt/jwt/v4 to v5 (#2535) * fix(deps): update module github.com/launchdarkly/go-server-sdk/v6 to v7 (#2499) * add version to extra data + moving existing versioned detectors into subdirectory format (#2471) ------------------------------------------------------------------- Sat Mar 16 08:40:46 UTC 2024 - Felix Niederwanger <felix.niederwanger@suse.com> - Update to version 3.70.1 * pull out verification logic from github detectors (#2554) * Fix --results not behaving as expected (#2582) * Fix GitHub detector npe (#2583) ------------------------------------------------------------------- Sat Mar 16 08:34:52 UTC 2024 - felix.niederwanger@suse.com - Update to version 3.70.0: * fix(github): response can be nil (#2583) * fix(cli): properly parse --results (#2582) * pull out verification logic from github detectors (#2554) * Add `--results` flag (#2372) * fix(deps): update golang.org/x/exp digest to c7f7c64 (#2575) * fix(deps): update module github.com/couchbase/gocb/v2 to v2.8.0 (#2573) * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.38 (#2572) * fix(deps): update module github.com/xanzy/go-gitlab to v0.100.0 (#2567) * fix(deps): update module github.com/launchdarkly/go-server-sdk/v6 to v7 (#2568) * [chore] - Record metrics before reset (#2556) * Fix flaky test. (#2564) * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.36 (#2566) * fix(deps): update module cloud.google.com/go/storage to v1.39.1 (#2565) ------------------------------------------------------------------- Sun Mar 10 08:53:55 UTC 2024 - felix.niederwanger@suse.com - Update to version 3.69.0: * fix(deps): update module github.com/go-sql-driver/mysql to v1.8.0 (#2561) * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.35 (#2560) * fix(deps): update module github.com/google/go-github/v57 to v60 (#2551) * use custom grow method (#2555) * fix(deps): update module github.com/golang-jwt/jwt/v4 to v5 (#2550) * fix(deps): update module google.golang.org/protobuf to v1.33.0 (#2548) * fix(deps): update testcontainers-go monorepo to v0.29.1 (#2549) * Canary verification (#2531) * fix(deps): update module google.golang.org/api to v0.169.0 (#2547) * fix(deps): update module golang.org/x/oauth2 to v0.18.0 (#2546) ------------------------------------------------------------------- Thu Mar 07 10:24:49 UTC 2024 - felix.niederwanger@suse.de - Update to version 3.68.5: * DB is not needed for ping command (#2540) * Redact secret in git command output (#2539) * Add naive S3 ignorelist (#2536) * fix(deps): update module github.com/stretchr/testify to v1.9.0 (#2534) * fix(deps): update module cloud.google.com/go/storage to v1.39.0 (#2533) * fix(deps): update module github.com/felixge/fgprof to v0.9.4 (#2532) * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.30 (#2529) * Create basic escaped unicode decoder (#2456) * [feat] - Make the client configurable (#2528) ------------------------------------------------------------------- Tue Mar 05 13:39:33 UTC 2024 - felix.niederwanger@suse.com - Update to version 3.68.4: * Add naive S3 ignorelist (#2536) * fix(deps): update module github.com/stretchr/testify to v1.9.0 (#2534) * fix(deps): update module cloud.google.com/go/storage to v1.39.0 (#2533) * fix(deps): update module github.com/felixge/fgprof to v0.9.4 (#2532) * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.30 (#2529) * Create basic escaped unicode decoder (#2456) * [feat] - Make the client configurable (#2528) * Ignore canary IDs in notifications (#2526) * Fix minor typo (#2527) * Remove one filter word (#2525) * fix(deps): update module golang.org/x/crypto to v0.20.0 (#2523) * fix(deps): update module github.com/prometheus/client_golang to v1.19.0 (#2522) * fix(deps): update module github.com/googleapis/gax-go/v2 to v2.12.2 (#2521) * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.28 (#2520) * fix(deps): update module github.com/golang-jwt/jwt/v4 to v5 (#2513) * Improve Gitlab default URL handling (#2491) * Implement detectors.EndpointCustomizer on datadogtoken (#2510) * JDBC test and parsing improvements (#2516) * Improve monogo and snowflake detectors (#2518) * fix(deps): update module google.golang.org/api to v0.167.0 (#2512) * fix(deps): update module github.com/xanzy/go-gitlab to v0.98.0 (#2511) * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.25 (#2509) * fix(deps): update golang.org/x/exp digest to 814bf88 (#2508) * fix(deps): update module github.com/golang-jwt/jwt/v4 to v5 (#2455) * fix(deps): update module github.com/google/go-github/v57 to v59 (#2464) * fix prefix check when returning early (#2503) ------------------------------------------------------------------- Thu Feb 29 08:01:06 UTC 2024 - felix.niederwanger@suse.de - Update to version 3.68.3: * Ignore canary IDs in notifications (#2526) * Fix minor typo (#2527) * Remove one filter word (#2525) * fix(deps): update module golang.org/x/crypto to v0.20.0 (#2523) * fix(deps): update module github.com/prometheus/client_golang to v1.19.0 (#2522) * fix(deps): update module github.com/googleapis/gax-go/v2 to v2.12.2 (#2521) * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.28 (#2520) * fix(deps): update module github.com/golang-jwt/jwt/v4 to v5 (#2513) * Improve Gitlab default URL handling (#2491) * Implement detectors.EndpointCustomizer on datadogtoken (#2510) * JDBC test and parsing improvements (#2516) * Improve monogo and snowflake detectors (#2518) ------------------------------------------------------------------- Tue Feb 27 07:37:39 UTC 2024 - felix.niederwanger@suse.de - Update to version 3.68.2: * fix(deps): update module google.golang.org/api to v0.167.0 (#2512) * fix(deps): update module github.com/xanzy/go-gitlab to v0.98.0 (#2511) * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.25 (#2509) * fix(deps): update golang.org/x/exp digest to 814bf88 (#2508) * fix(deps): update module github.com/golang-jwt/jwt/v4 to v5 (#2455) * fix(deps): update module github.com/google/go-github/v57 to v59 (#2464) * fix prefix check when returning early (#2503) * Clean up some detectors (#2501) * Gitlab scan targets (#2470) * Tell git to ignore directory ownership (fixes #2495) (#2496) ------------------------------------------------------------------- Sat Feb 24 08:18:37 UTC 2024 - felix.niederwanger@suse.com - Update to version 3.68.1: * Clean up some detectors (#2501) * Gitlab scan targets (#2470) * Tell git to ignore directory ownership (fixes #2495) (#2496) * Identify some canary tokens without detonation (#2500) * fix(deps): update module go.uber.org/zap to v1.27.0 (#2498) * fix(deps): update module github.com/snowflakedb/gosnowflake to v1.8.0 (#2497) * fix(deps): update module github.com/couchbase/gocb/v2 to v2.7.2 (#2493) ------------------------------------------------------------------- Thu Feb 22 07:47:17 UTC 2024 - felix.niederwanger@suse.de - Update to version 3.68.0: * Identify some canary tokens without detonation (#2500) * fix(deps): update module go.uber.org/zap to v1.27.0 (#2498) * fix(deps): update module github.com/snowflakedb/gosnowflake to v1.8.0 (#2497) * fix(deps): update module github.com/couchbase/gocb/v2 to v2.7.2 (#2493) * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.22 (#2492) * fix(deps): update module github.com/launchdarkly/go-server-sdk/v6 to v7 (#2490) * Add Display method to SourceUnit and Kind member to the CommonSourceUnit (#2450) * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.21 (#2489) * fix(deps): update module github.com/hashicorp/golang-lru to v2 (#2486) * concurrency uint8 to int (#2488) * use read full (#2474) * [chore] - upgrade lru cache version (#2487) * fix(deps): update module github.com/azuread/microsoft-authentication-library-for-go to v1.2.2 (#2484) * fix(deps): update module github.com/hashicorp/golang-lru to v2 (#2483) * fix(deps): update module github.com/hashicorp/golang-lru to v0.6.0 (#2482) * fix(deps): update module github.com/hashicorp/golang-lru to v2 (#2481) * fix(deps): update module google.golang.org/api to v0.165.0 (#2480) * fix(deps): update module go.mongodb.org/mongo-driver to v1.14.0 (#2479) * fix(deps): update module github.com/hashicorp/golang-lru to v0.6.0 (#2478) * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.20 (#2477) * fix(deps): update module github.com/hashicorp/golang-lru to v2 (#2462) * move clenaup outside the engine (#2475) * tighten keyword match (#2473) * [chore] Increase TestMaxDiffSize timeout (#2472) * add lazy quantifier to prefixregex (#2466) * [cleanup] - Extract buffer logic (#2409) * update gitlab proto (#2469) * add missing prefixregex (#2468) * Remove some noisy / less useful detectors (#2467) * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.18 (#2463) * fix(deps): update module github.com/google/go-github/v57 to v59 (#2449) * fix(deps): update module github.com/aymanbagabas/go-osc52 to v1.2.2 (#2460) * fix(deps): update module github.com/aymanbagabas/go-osc52 to v2 (#2459) * fix(deps): update module go.mongodb.org/mongo-driver to v1.13.2 (#2458) * fix(deps): update module github.com/aymanbagabas/go-osc52 to v1.2.2 (#2457) * fix(deps): update module github.com/aymanbagabas/go-osc52 to v2 (#2447) * fix(deps): update module github.com/googleapis/gax-go/v2 to v2.12.1 (#2454) * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.17 (#2453) * fix(deps): update golang.org/x/exp digest to ec58324 (#2452) * fix(deps): update module github.com/golang-jwt/jwt/v4 to v5 (#2448) * [chore] Add some doc comments to source manager (#2434) * 2396 since commit stopped working (#2402) * Update custom detector example (#2435) * chore(deps): update golangci/golangci-lint-action action to v4 (#2445) * chore(deps): update github/codeql-action action to v3 (#2444) * fix(deps): update module google.golang.org/api to v0.164.0 (#2442) * fix(deps): update module golang.org/x/oauth2 to v0.17.0 (#2441) * chore(deps): update actions/setup-go action to v5 (#2443) * fix(deps): update module golang.org/x/net to v0.21.0 (#2440) * fix(deps): update module golang.org/x/crypto to v0.19.0 (#2439) * fix(deps): update module cloud.google.com/go/storage to v1.38.0 (#2438) * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.16 (#2436) * fix(deps): update module go.uber.org/mock to v0.4.0 (#2437) * fix(deps): update module go.mongodb.org/mongo-driver to v1.13.1 (#2433) * fix(deps): update module github.com/xanzy/go-gitlab to v0.97.0 (#2432) * fix(deps): update module github.com/prometheus/client_golang to v1.18.0 (#2429) * fix(deps): update module github.com/snowflakedb/gosnowflake to v1.7.2 (#2430) * fix(deps): update module github.com/thezeroslave/zapsentry to v1.20.2 (#2431) * fix(deps): update module github.com/hashicorp/golang-lru to v0.6.0 (#2428) * fix(deps): update module github.com/google/uuid to v1.6.0 (#2427) * chore(gcp): ignore known test creds (#2413) * [fix] Add unit information to error returned by ChunkUnit (#2410) * fix(deps): update module github.com/google/go-containerregistry to v0.19.0 (#2425) * fix(deps): update module github.com/getsentry/sentry-go to v0.27.0 (#2424) * fix(deps): update module cloud.google.com/go/storage to v1.37.0 (#2423) * chore(deps): update sigstore/cosign-installer action to v3.4.0 (#2421) * chore(deps): update golang docker tag to v1.22 (#2420) * fix(deps): update module github.com/aymanbagabas/go-osc52 to v1.2.2 (#2416) * fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.22 (#2417) * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.15 (#2415) * fix(deps): update module cloud.google.com/go/secretmanager to v1.11.5 (#2414) * fix(deps): update golang.org/x/exp digest to 2c58cdc (#2412) * fix(deps): update github.com/lrstanley/bubblezone digest to b7bafc4 (#2411) * fix(deps): update module github.com/aymanbagabas/go-osc52 to v2 (#2048) * fix(deps): update module github.com/charmbracelet/bubbles to v0.18.0 (#2296) * fix(deps): update module github.com/charmbracelet/bubbletea to v0.25.0 (#2326) * [chore] Ensure Postgres detector respects context deadline (#2408) * [chore] Rename file to legacy_reporters.go (#2406) * Add flag to write job reports to disk (#2298) * Implement SourceUnitEnumChunker for GitLab (#2367) * Update brew install instructions (#2404) * Refactor UnitHook to block the scan if finished metrics aren't handled (#2309) * skip community PR (forks) secret scans for now (#2401) * [feat] - buffered file writer metrics (#2395) * Update GitParse to handle quoted binary filenames (#2391) * Allow multiple domains for Forager (#2400) * prevent concurrent map writes (#2399) * Allow CLI version pinning in GHA (#2397) (#2398) * Set GHA workdir (#2393) * Fix handling of GitHub ratelimit information (#2041) ------------------------------------------------------------------- Wed Feb 21 06:27:30 UTC 2024 - felix.niederwanger@suse.com - Update to version 3.67.7: * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.22 (#2492) * fix(deps): update module github.com/launchdarkly/go-server-sdk/v6 to v7 (#2490) * Add Display method to SourceUnit and Kind member to the CommonSourceUnit (#2450) * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.21 (#2489) * fix(deps): update module github.com/hashicorp/golang-lru to v2 (#2486) * concurrency uint8 to int (#2488) * use read full (#2474) * [chore] - upgrade lru cache version (#2487) * fix(deps): update module github.com/azuread/microsoft-authentication-library-for-go to v1.2.2 (#2484) * fix(deps): update module github.com/hashicorp/golang-lru to v2 (#2483) * fix(deps): update module github.com/hashicorp/golang-lru to v0.6.0 (#2482) * fix(deps): update module github.com/hashicorp/golang-lru to v2 (#2481) * fix(deps): update module google.golang.org/api to v0.165.0 (#2480) * fix(deps): update module go.mongodb.org/mongo-driver to v1.14.0 (#2479) * fix(deps): update module github.com/hashicorp/golang-lru to v0.6.0 (#2478) * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.20 (#2477) * fix(deps): update module github.com/hashicorp/golang-lru to v2 (#2462) * move clenaup outside the engine (#2475) * tighten keyword match (#2473) * [chore] Increase TestMaxDiffSize timeout (#2472) * add lazy quantifier to prefixregex (#2466) * [cleanup] - Extract buffer logic (#2409) * update gitlab proto (#2469) * add missing prefixregex (#2468) * Remove some noisy / less useful detectors (#2467) * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.18 (#2463) * fix(deps): update module github.com/google/go-github/v57 to v59 (#2449) * fix(deps): update module github.com/aymanbagabas/go-osc52 to v1.2.2 (#2460) * fix(deps): update module github.com/aymanbagabas/go-osc52 to v2 (#2459) * fix(deps): update module go.mongodb.org/mongo-driver to v1.13.2 (#2458) * fix(deps): update module github.com/aymanbagabas/go-osc52 to v1.2.2 (#2457) * fix(deps): update module github.com/aymanbagabas/go-osc52 to v2 (#2447) * fix(deps): update module github.com/googleapis/gax-go/v2 to v2.12.1 (#2454) * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.17 (#2453) * fix(deps): update golang.org/x/exp digest to ec58324 (#2452) * fix(deps): update module github.com/golang-jwt/jwt/v4 to v5 (#2448) ------------------------------------------------------------------- Tue Feb 13 20:23:07 UTC 2024 - felix.niederwanger@suse.com - Update to version 3.67.6: * [chore] Add some doc comments to source manager (#2434) * 2396 since commit stopped working (#2402) * Update custom detector example (#2435) * chore(deps): update golangci/golangci-lint-action action to v4 (#2445) * chore(deps): update github/codeql-action action to v3 (#2444) * fix(deps): update module google.golang.org/api to v0.164.0 (#2442) * fix(deps): update module golang.org/x/oauth2 to v0.17.0 (#2441) * chore(deps): update actions/setup-go action to v5 (#2443) * fix(deps): update module golang.org/x/net to v0.21.0 (#2440) * fix(deps): update module golang.org/x/crypto to v0.19.0 (#2439) * fix(deps): update module cloud.google.com/go/storage to v1.38.0 (#2438) * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.16 (#2436) * fix(deps): update module go.uber.org/mock to v0.4.0 (#2437) * fix(deps): update module go.mongodb.org/mongo-driver to v1.13.1 (#2433) * fix(deps): update module github.com/xanzy/go-gitlab to v0.97.0 (#2432) * fix(deps): update module github.com/prometheus/client_golang to v1.18.0 (#2429) * fix(deps): update module github.com/snowflakedb/gosnowflake to v1.7.2 (#2430) * fix(deps): update module github.com/thezeroslave/zapsentry to v1.20.2 (#2431) * fix(deps): update module github.com/hashicorp/golang-lru to v0.6.0 (#2428) * fix(deps): update module github.com/google/uuid to v1.6.0 (#2427) * chore(gcp): ignore known test creds (#2413) * [fix] Add unit information to error returned by ChunkUnit (#2410) * fix(deps): update module github.com/google/go-containerregistry to v0.19.0 (#2425) * fix(deps): update module github.com/getsentry/sentry-go to v0.27.0 (#2424) * fix(deps): update module cloud.google.com/go/storage to v1.37.0 (#2423) * chore(deps): update sigstore/cosign-installer action to v3.4.0 (#2421) * chore(deps): update golang docker tag to v1.22 (#2420) * fix(deps): update module github.com/aymanbagabas/go-osc52 to v1.2.2 (#2416) * fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.22 (#2417) * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.15 (#2415) * fix(deps): update module cloud.google.com/go/secretmanager to v1.11.5 (#2414) * fix(deps): update golang.org/x/exp digest to 2c58cdc (#2412) * fix(deps): update github.com/lrstanley/bubblezone digest to b7bafc4 (#2411) * fix(deps): update module github.com/aymanbagabas/go-osc52 to v2 (#2048) * fix(deps): update module github.com/charmbracelet/bubbles to v0.18.0 (#2296) * fix(deps): update module github.com/charmbracelet/bubbletea to v0.25.0 (#2326) * [chore] Ensure Postgres detector respects context deadline (#2408) * [chore] Rename file to legacy_reporters.go (#2406) * Add flag to write job reports to disk (#2298) * Implement SourceUnitEnumChunker for GitLab (#2367) * Update brew install instructions (#2404) ------------------------------------------------------------------- Fri Feb 09 13:05:22 UTC 2024 - felix.niederwanger@suse.com - Update to version 3.67.5: * Refactor UnitHook to block the scan if finished metrics aren't handled (#2309) * skip community PR (forks) secret scans for now (#2401) * [feat] - buffered file writer metrics (#2395) * Update GitParse to handle quoted binary filenames (#2391) * Allow multiple domains for Forager (#2400) * prevent concurrent map writes (#2399) * Allow CLI version pinning in GHA (#2397) (#2398) * Set GHA workdir (#2393) * Fix handling of GitHub ratelimit information (#2041) * [feat] - use diff chan (#2387) * [not-fixup] - Reduce memory consumption for Buffered File Writer (#2377) * fix: case-insensitive ext check (#2383) * tightening opsgenie detection and verification (#2389) * Fix binary file hanging bug in git sources (#2388) * Disable GitHub wiki scanning by default (#2386) ------------------------------------------------------------------- Wed Feb 07 09:23:59 UTC 2024 - felix.niederwanger@suse.de - Update to version 3.67.4: * [feat] - use diff chan (#2387) * [not-fixup] - Reduce memory consumption for Buffered File Writer (#2377) * fix: case-insensitive ext check (#2383) * tightening opsgenie detection and verification (#2389) * Fix binary file hanging bug in git sources (#2388) * Disable GitHub wiki scanning by default (#2386) * [fixup] - correctly use the buffered file writer (#2373) * custom detector dogs (#2376) * use only the DetectorKey as a map field (#2374) * [feat] - concurently scan the filesystem source (#2364) * [chore] Cleanup GitLab source errors (#2345) * [bug] - use DetectorKey as the key in the detectorKeysWithResults map (#2366) * Add s3 credential validation (#2362) * Polite Verification (#2356) * Make AzureDevopsPersonalAccessToken verification more robust (#2359) * fix (#2360) * update azure test files to check rawV2 (#2353) * [chore] Add filesystem integration test (#2358) * Scan GitHub wikis #2233 * added flyio protos (#2357) * Allow for configuring the buffered file writer (#2319) * [feat] - tmp file diffs (#2306) * Fix filesystem enumeration ignore paths bug (#2355) * Detectors Updates 1 for Tristate Verification (#2187) * feat(detectors): update template (#2342) * Azure function key is throwing FPs (#2352) * Improve fp ignore logic (#2351) * added azuresearchquerykey detector (#2349) * added azuresearchadminkey detector (#2348) * added azurefunctionkey detector (#2337) * updates to plain and json printing to include verification error (#2335) * Add the new MaxMind license key format (#2181) * Prevent print or logging in detectors (#2341) * make sure to close connections after testing (#2343) * Fix test (#2339) * add tri-state verification to yelp (#1736) * Improve GitHub scan logging (#2220) * Update DockerHub detector logic (#2266) * Add Google oauth2 token detector (#2274) * add priority semaphore (#2336) * updating doppler logic (#2329) * added azuredevopspersonalaccesstoken detector (#2315) * Walk directories in filesystem source enumeration (#2313) * [feat] - Replace regexp pkg w/ go-re2 in detectors (#2324) * Update Gitlab repo count in tests #2333 * Narrow Postgres detector to only look for URIs (#2314) * fixing incorrect acct num id for some aws keys (#2332) * updating detector logic for zenscrape (#2316) * Add prometheus metrics to measure hook execution time (#2312) * [chore] - reduce test time (#2321) * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.0 (#2325) * fix(deps): update module github.com/envoyproxy/protoc-gen-validate to v1.0.4 (#2322) * fix(deps): update module github.com/couchbase/gocb/v2 to v2.7.1 (#2320) * fix(deps): update golang.org/x/exp digest to 1b97071 (#2318) * [chore] - Update Chunk struct comment (#2317) * fix(deps): update module github.com/hashicorp/golang-lru to v2 (#2054) * save 8 bytes per chunk (#2310) * [chore] - Add regex and keyword for api_org tokens (#2240) * Assume unauthenticated github scans have public visibility (#2308) * [fixup ] - Allow ssh cloning with AWS Code Commit (#2307) * added azure protos (#2304) * Disable recently added postgres detector because it it too sensitive (#2303) * [feat] - Provide CLI flag to only use custom verifiers (#2299) * Individuate archive tests #2293 * [feat] - Allow for the use of include/exclude path files for filesystem scans (#2297) * [chore] - small updates (#2288) * fix(deps): update module github.com/bradleyfalzon/ghinstallation/v2 to v2.9.0 (#2295) * fix(deps): update module github.com/aws/aws-sdk-go to v1.49.19 (#2294) * feat(installation): Implement checksum signature verification (#2157) * fix(deps): update module github.com/aws/aws-sdk-go to v1.49.18 (#2292) * fix(deps): update module cloud.google.com/go/storage to v1.36.0 (#2291) * chore(deps): update sigstore/cosign-installer action to v3.3.0 (#2290) * chore(deps): update alpine docker tag to v3.19 (#2287) * fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.19 (#2286) * Extend memory cache (#2275) * fix(deps): update module github.com/gabriel-vasile/mimetype to v1.4.3 (#2285) * fix(deps): update golang.org/x/exp digest to 0dcbfd6 (#2284) * fix(deps): update module github.com/azuread/microsoft-authentication-library-for-go to v1.2.1 (#2282) * adding postgres detector (#2108) * update test (#2283) * fix(deps): update golang.org/x/exp digest to be819d1 (#2281) * fix(signable): ignore common false positives (#2230) * fix(parseur): ignore false positives (#2229) * [chore] - update docs for pre-commit (#2280) * 1833 Fix syslog udp (#1835) * Wrap temp deletion err #2277 * Bump github.com/dvsekhvalnov/jose2go from 1.5.0 to 1.6.0 (#2279) * Bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 (#2278) * Updated trufflehog sourcegraph secret format (#2254) * Update stripe detector regex (#2261) * [chore] Add test to check all versioned detectors are non-zero (#2272) * fix(gitparse): handle fromFileLine edge case (#2206) * Fix non-ASCII whitespace on GitHub Action (#2270) * fix(deps): update module github.com/go-git/go-git/v5 to v5.11.0 [security] (#2263) * Fix commit message single quote escaping on GitHub Action (#2259) * Use directory iterator instead of walkdir (#2260) * Add handlerOpts back (#2258) * Skip all binaries (#2256) * Add skip archive support (#2257) * use walk dir for tmp cleanup (#2255) * [fixup] - Refactor to Pass Reader for Binary Diffs and Archived Data; Optimize /tmp Directory Cleanup (#2253) * Dedupe some source log keys (#2250) * Fix goroutine leak (#2251) * [chore] - lower logging level (#2249) * [chore] - add additional binary extensions to skip (#2235) * use snake_case for naming (#2238) * [bug] - Bug archive handler memory leak (#2247) * Add missing import (#2246) * fix(snowflake): avoid extraneous attempts (#2057) * feat(github): update extradata (#2219) * shallow cloning + GitHub Action (#2138) ------------------------------------------------------------------- Mon Feb 05 20:02:07 UTC 2024 - felix.niederwanger@suse.com - Update to version 3.67.2: * [fixup] - correctly use the buffered file writer (#2373) * custom detector dogs (#2376) * use only the DetectorKey as a map field (#2374) * [feat] - concurently scan the filesystem source (#2364) ------------------------------------------------------------------- Sat Feb 03 08:36:22 UTC 2024 - felix.niederwanger@suse.com - Update to version 3.67.1: * Add s3 credential validation (#2362) * [bug] - use DetectorKey as the key in the detectorKeysWithResults map (#2366) ------------------------------------------------------------------- Sat Feb 03 08:35:21 UTC 2024 - felix.niederwanger@suse.com - Update to version 3.67.0: * [chore] Cleanup GitLab source errors (#2345) * [bug] - use DetectorKey as the key in the detectorKeysWithResults map (#2366) * Add s3 credential validation (#2362) * Polite Verification (#2356) * Make AzureDevopsPersonalAccessToken verification more robust (#2359) ------------------------------------------------------------------- Thu Feb 1 06:37:58 UTC 2024 - Felix Niederwanger <felix.niederwanger@suse.com> - Update to version 3.66.3 * Allow for configuring the buffered file writer (#2319) * added flyio protos (#2357) * Scan GitHub wikis (#2233) * [chore] Add filesystem integration test (#2358) * update azure test files to check rawV2 (#2353) * [bug] fix script change (#2360) ------------------------------------------------------------------- Thu Feb 01 06:29:26 UTC 2024 - felix.niederwanger@suse.com - Update to version 3.66.2: * fix (#2360) * update azure test files to check rawV2 (#2353) * [chore] Add filesystem integration test (#2358) * Scan GitHub wikis #2233 * added flyio protos (#2357) * Allow for configuring the buffered file writer (#2319) * [feat] - tmp file diffs (#2306) * Fix filesystem enumeration ignore paths bug (#2355) * Detectors Updates 1 for Tristate Verification (#2187) ------------------------------------------------------------------- Tue Jan 30 08:03:19 UTC 2024 - Felix Niederwanger <felix.niederwanger@suse.com> - Update to version 3.66.1: * Azure function key is throwing FPs (#2352) ------------------------------------------------------------------- Tue Jan 30 07:42:21 UTC 2024 - felix.niederwanger@suse.com - Update to version 3.66.0: * feat(detectors): update template (#2342) * Azure function key is throwing FPs (#2352) * Improve fp ignore logic (#2351) * added azuresearchquerykey detector (#2349) * added azuresearchadminkey detector (#2348) * added azurefunctionkey detector (#2337) * updates to plain and json printing to include verification error (#2335) ------------------------------------------------------------------- Sun Jan 28 07:31:50 UTC 2024 - felix.niederwanger@suse.com - Update to version 3.65.0: * Add the new MaxMind license key format (#2181) * Prevent print or logging in detectors (#2341) * make sure to close connections after testing (#2343) * Fix test (#2339) * add tri-state verification to yelp (#1736) * Improve GitHub scan logging (#2220) * Update DockerHub detector logic (#2266) * Add Google oauth2 token detector (#2274) ------------------------------------------------------------------- Thu Jan 25 10:34:16 UTC 2024 - felix.niederwanger@suse.com - Update to version 3.64.0: * add priority semaphore (#2336) * updating doppler logic (#2329) * added azuredevopspersonalaccesstoken detector (#2315) * Walk directories in filesystem source enumeration (#2313) * [feat] - Replace regexp pkg w/ go-re2 in detectors (#2324) * Update Gitlab repo count in tests #2333 * Narrow Postgres detector to only look for URIs (#2314) * fixing incorrect acct num id for some aws keys (#2332) ------------------------------------------------------------------- Tue Jan 23 13:21:14 UTC 2024 - felix.niederwanger@suse.com - Update to version 3.63.11: * updating detector logic for zenscrape (#2316) * Add prometheus metrics to measure hook execution time (#2312) * [chore] - reduce test time (#2321) * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.0 (#2325) * fix(deps): update module github.com/envoyproxy/protoc-gen-validate to v1.0.4 (#2322) * fix(deps): update module github.com/couchbase/gocb/v2 to v2.7.1 (#2320) * fix(deps): update golang.org/x/exp digest to 1b97071 (#2318) * [chore] - Update Chunk struct comment (#2317) * fix(deps): update module github.com/hashicorp/golang-lru to v2 (#2054) * save 8 bytes per chunk (#2310) ------------------------------------------------------------------- Thu Jan 18 13:29:28 UTC 2024 - felix.niederwanger@suse.com - Update to version 3.63.10: * [chore] - Add regex and keyword for api_org tokens (#2240) * Assume unauthenticated github scans have public visibility (#2308) * [fixup ] - Allow ssh cloning with AWS Code Commit (#2307) * added azure protos (#2304) * Disable recently added postgres detector because it it too sensitive (#2303) * [feat] - Provide CLI flag to only use custom verifiers (#2299) * Individuate archive tests #2293 * [feat] - Allow for the use of include/exclude path files for filesystem scans (#2297) * [chore] - small updates (#2288) * fix(deps): update module github.com/bradleyfalzon/ghinstallation/v2 to v2.9.0 (#2295) * fix(deps): update module github.com/aws/aws-sdk-go to v1.49.19 (#2294) * feat(installation): Implement checksum signature verification (#2157) * fix(deps): update module github.com/aws/aws-sdk-go to v1.49.18 (#2292) * fix(deps): update module cloud.google.com/go/storage to v1.36.0 (#2291) * chore(deps): update sigstore/cosign-installer action to v3.3.0 (#2290) * chore(deps): update alpine docker tag to v3.19 (#2287) * fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.19 (#2286) * Extend memory cache (#2275) * fix(deps): update module github.com/gabriel-vasile/mimetype to v1.4.3 (#2285) * fix(deps): update golang.org/x/exp digest to 0dcbfd6 (#2284) * fix(deps): update module github.com/azuread/microsoft-authentication-library-for-go to v1.2.1 (#2282) * adding postgres detector (#2108) * update test (#2283) * fix(deps): update golang.org/x/exp digest to be819d1 (#2281) * fix(signable): ignore common false positives (#2230) * fix(parseur): ignore false positives (#2229) * [chore] - update docs for pre-commit (#2280) * 1833 Fix syslog udp (#1835) * Wrap temp deletion err #2277 * Bump github.com/dvsekhvalnov/jose2go from 1.5.0 to 1.6.0 (#2279) * Bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 (#2278) * Updated trufflehog sourcegraph secret format (#2254) * Update stripe detector regex (#2261) * [chore] Add test to check all versioned detectors are non-zero (#2272) * fix(gitparse): handle fromFileLine edge case (#2206) * Fix non-ASCII whitespace on GitHub Action (#2270) * fix(deps): update module github.com/go-git/go-git/v5 to v5.11.0 [security] (#2263) * Fix commit message single quote escaping on GitHub Action (#2259) ------------------------------------------------------------------- Sat Dec 23 19:28:02 UTC 2023 - felix.niederwanger@suse.com - Update to version 3.63.7: * Use directory iterator instead of walkdir (#2260) * Add handlerOpts back (#2258) * Skip all binaries (#2256) * Add skip archive support (#2257) ------------------------------------------------------------------- Fri Dec 22 19:34:15 UTC 2023 - felix.niederwanger@suse.com - Update to version 3.63.6: * use walk dir for tmp cleanup (#2255) * [fixup] - Refactor to Pass Reader for Binary Diffs and Archived Data; Optimize /tmp Directory Cleanup (#2253) * Dedupe some source log keys (#2250) * Fix goroutine leak (#2251) * [chore] - lower logging level (#2249) * [chore] - add additional binary extensions to skip (#2235) * use snake_case for naming (#2238) * [bug] - Bug archive handler memory leak (#2247) * Add missing import (#2246) * fix(snowflake): avoid extraneous attempts (#2057) ------------------------------------------------------------------- Tue Dec 19 07:49:30 UTC 2023 - felix.niederwanger@suse.de - Update to version 3.63.5: * move cleanup to run (#2245) * Adds basic if/else check if pid slice is empty (#2244) * fix(deps): update module golang.org/x/crypto to v0.17.0 [security] (#2243) * add secretID to chunk (#2242) ------------------------------------------------------------------- Mon Dec 18 12:33:54 UTC 2023 - felix.niederwanger@suse.de - Update to version 3.63.4: * feat(shortcut): use tri-state verification (#2211) * feat(huggingface): enhance extradata (#2222) * fix(myfreshworks): check for valid JSON (#2212) * ci: don't run detector tests on forks (#2234) * [chore] Add skip_binaries field to AzureRepos proto message (#2232) * [feat] - Make skipping binaries configurable (#2226) * [chore] Prevent panic when ChunkError has a nil Unit (#2227) * chore: don't run test workflow in forks (#2221) * fix(github): remove unused 'members' var (#2202) * Check for SourceUnit support dynamically in the SourceManager (#2205) * fix(gitlab): check for valid JSON (#2218) * Avoid reading decompressed data into memory (#2196) * fix(gitparse): don't trim filename (#2201) * fix(giturl): encode '%' in path (#2214) * build: upgrade bodgit/sevenzip to v1.4.5 (#2215) * Fix emoji in README (#2217) ------------------------------------------------------------------- Thu Dec 14 15:05:21 UTC 2023 - felix.niederwanger@suse.de - Update to version 3.63.3: * Bump github.com/docker/docker (#2213) * Update metabase verification to check for a valid JSON response (#2210) * [chore] Remove unnecessary string conversion in tefter detector (#2209) * fix and refactor browserstack detector (#2208) * Fix azurestorage detector (#2207) * [chore] Remove omitempty tags on JobProgressMetrics and UnitMetrics (#2204) * Add disk buffer tempfile cleanup (#2130) * Use bad json in slackwebhooks (#2193) * [bug] - close file after reading (#2203) * chore: propagate log context to handlers (#2191) * feat(privatekey): run checks concurrently (#2139) * [fixup] - skip files in the archive handler (#2195) * move logic to main Chunks method (#2194) * add metrics for gitlab (#2190) * [chore] - Refactor common code into a separate function (#2179) * Remove java archives from ignored extensions (#2188) * [chore] - Compile regex once (#2176) ------------------------------------------------------------------- Thu Dec 07 10:40:06 UTC 2023 - felix.niederwanger@suse.de - Update to version 3.63.2: * update regex (#2184) * Deprecate some detectors (#2186) * allow targets for the source manager (#2182) * use https for verification endpoints (#2185) * remove unnecessary Git cmd check (#2175) * [feat] - Remove go-git dependency (#2174) * Skip trying to determine MIME type for directories (#2178) * fixing how to rotate URL (#2183) * Use forked sevenzip (#2180) * [thog-1548] add auto redaction for verification errors (#2106) * fix(deps): update module github.com/google/go-github/v42 to v57 (#2172) * chore(deps): update google-github-actions/auth action to v2 (#2171) * skip files we can't scan (#2170) * fix(deps): update module google.golang.org/api to v0.152.0 (#2169) * [chore] - remove deprecated types (#2168) * fix(deps): update module golang.org/x/oauth2 to v0.15.0 (#2167) * fix(deps): update module github.com/aws/aws-sdk-go to v1.48.12 (#2166) * fix(deps): update module github.com/xanzy/go-gitlab to v0.94.0 (#2165) * fix(deps): update module github.com/trufflesecurity/disk-buffer-reader to v0.2.1 (#2163) * Ignore images and binaries (#2162) * [chore] - Increase pagination limit (#2154) * fix(deps): update module github.com/google/go-containerregistry to v0.17.0 (#2160) * update forager types (#2159) * fix(deps): update module github.com/go-logr/zapr to v1.3.0 (#2158) * fix(deps): update module github.com/fatih/color to v1.16.0 (#2155) * fix(deps): update module github.com/couchbase/gocb/v2 to v2.7.0 (#2153) * fix(deps): update module github.com/aws/aws-sdk-go to v1.48.11 (#2152) * fix(deps): update module github.com/alecthomas/kingpin/v2 to v2.4.0 (#2151) * fix(deps): update module cloud.google.com/go/storage to v1.35.1 (#2150) * make empty slice delcration consistent (#2144) * chore(deps): update sigstore/cosign-installer action to v3.2.0 (#2149) * fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.18 (#2148) * fix(deps): update module github.com/hashicorp/go-retryablehttp to v0.7.5 (#2147) * fix(deps): update module github.com/go-git/go-git/v5 to v5.10.1 (#2146) * [chore] - fix error comparisons (#2142) * fix(deps): update module cloud.google.com/go/secretmanager to v1.11.4 (#2145) * fix(deps): update golang.org/x/exp digest to 6522937 (#2140) * [chore] - fix import name clashes (#2143) * fix(deps): update module github.com/google/go-github/v42 to v56 (#2049) * Fix azure panic when invalid URL is constructed (#2137) * fixup cleantemp (#2136) * Fix nil pointer dereference when checking if a unit IsFinished (#2135) * [chore] Minor cleanup of source_manager.go (#2134) * Simplify temp dir cleaning (#2133) * Add new auth method to source (#2132) * add extradata nil check and use make (#2129) * added ci scanning info to readme (#2126) * Call Finish in SourceManager after the semaphore is released (#2121) * chore(github): add a newline between titles and bodies (#2124) ------------------------------------------------------------------- Thu Nov 23 12:29:15 UTC 2023 - felix.niederwanger@suse.de - Update to version 3.63.1: * feat(github): scan issue & pr titles (#1899) ------------------------------------------------------------------- Wed Nov 22 17:14:15 UTC 2023 - felix.niederwanger@suse.de - Update to version 3.63.0: * use camelcase var names (#2123) * Remove unused functions (#2122) * [chore] - update readme help flags (#2120) * feat(signing): Sign checksum (#1894) * import missing detectors (#2119) * Fix forks and repos counter, add metric for orgs enumerated (#2118) * feat(telegram): add username to extradata (#2100) * add extra data to github detector (#1909) * fixed gist direct link generation (#2115) * fix nil map assignment (#2117) * [chore] Add JSON tags to job metrics (#2114) * move all Git setup into Init method (#2105) * add proto fields for Git (#2104) * extract AWS account number from ID without verification (#2091) * Adding Sumo Logic how to rotate (#2103) * update protos so we can use the git source for CI (#2102) * Detector-Competition-Feat: Added Replicate API token detector (#2021) * Detector-Competition-Feat: Added Ngrok API token detector (#2024) * Competition-Detector-New:added v2 version for fullstory (#2067) * Add support for user:pass@host to postgres JDBC detector (#2089) * Detector-Competition-Feat: Add Overloop detector (#2080) * Detector-Competition-Feat: Added Request.Finance API token detector (#2020) * Detector-Competition-New : created grafana service account detector (#1960) * Detector-Competition-Fix: fixed zulipchat detector (#1990) * Grafana (#2096) * Competition-Detector-New: added eventbrite detector (#2072) * logz.io detector (#2076) * Coda Detector (#2075) * fix (#2094) * Detector-Competition-Fix: Fix LiveAgent Detector & Verifier (#2001) * pulling short lived AWS keys into their own thing, fixes #1224 (#2088) * Support multiple detectors per match (#2065) * [chore] Speedup IsKnownFalsePositive using sets (#2090) * Detector-Competition-Fix: Fix ScraperSite (deprecated) (#2074) * Detector-Competition-Fix: Fix PassBase (acquired, deprecated) (#2079) * Detector-Competition-New - Created Grafana Cloud API Key detector (#1959) * Detector-Competition-Fix: Fix/Deprecate Prospect.io (#2081) * added resource type mapping to extraData in AWS (#2087) * Detector-Competition-Fix: Fix FakeJSON (deprecated) (#2073) * fixed helpscout detector regex and verifier (#2056) * Detector-Competition-Fix: fixed regex for databricks domain and fixed tests (#1965) * modified regex (#2033) * Detector-Competition-Feat: Adding Azure Container Registry Password Detector (#1958) * Detector-Competition-Fix: Fix SentimentInvestor (deprecated) (#2078) * Refactor git source to support scanning units (#2083) * [chore] Replace chunks channel with ChunkReporter in git based sources (#2082) * update comment (#2084) * use rawv2 for pubnubpublish (#2062) ------------------------------------------------------------------- Wed Nov 01 10:39:23 UTC 2023 - felix.niederwanger@suse.de - Update to version 3.62.1: * [chore] - correctly handle input shorter than 512 bytes (#2077) * [chore] - add binutils dep to dockerfile (#2061) * update braintreepayments detector to tri-state verification (#1834) * Detector-Competition-Feat: Adding Azure Batch keys (#1956) * Detector-Competition-Fix: Fix redis to now support SSL, and look for azure redis connection strings (#1957) * Detector-Competition-Fix: Fix AppFollow Detection & Verification (#1933) * Centralize logic for checking archive extraction tools (#2063) * [chore] Fix SourceManager flaky test (#2059) * Support multiple custom detectors (#2064) * Detector-Competition-Fix: Fix SalesBlink Detection & Verification (#1950) ------------------------------------------------------------------- Mon Oct 30 16:57:30 UTC 2023 - Jan Engelhardt <jengelh@inai.de> - Clarify description's "entire tech stack". ------------------------------------------------------------------- Mon Oct 30 14:52:09 UTC 2023 - felix.niederwanger@suse.de - Update to version 3.62.0: * Add TravisCI source (#1877) * Remove verify flag from Aho-Corasick core (#2010) ------------------------------------------------------------------- Mon Oct 30 13:46:56 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com> - Packaging improvements: * _service change disabled to manual per osc deprecation warning: WARNING: Command 'disabledrun/dr' is obsolete, please convert your _service to use 'manual' and then 'manualrun/mr' instead. * _service reorder move set_version earlier so go_modules sees updated version * Summary and Description clarify the purpose of this CLI tool * Use %%name macro where applicable to normalize common lines across Go app packages. Also makes renaming binary easier when required to handle package name conflict. * Drop BuildRequires: libpcre1. libpcre2 is already included during build, and there is no mention in upstream source or docs that only libpcre1 is supported. Since upstream uses CGO_ENABLED=0 in their Makefile, it is not clear if or how libpcre would be a required dependency. * Drop BuildRequires: golang-packaging. The original macros for file movements into GOPATH are obsolete with Go modules. Macro go_nostrip is no longer needed with current binutils and Go. * Remove %%{go_nostrip} macro which is no longer recommended * Extract go build command from upstream Makefile. The go build command straightforward in this package. Calling go build directly from packaging where possible helps package maintainers review usage and normalize packaging standards. Makefiles often have targets for building container images, running tests, etc. Makefiles can include assumptions of online access that do not hold for the OBS build environment. * Build PIE with pattern that may become recommended procedure: %%ifnarch ppc64 GOFLAGS="-buildmode=pie" %%endif go build A go toolchain buildmode default config would be preferable but none exist at this time. * Drop mod=vendor, go1.14+ will detect vendor dir and auto-enable * Drop export CGO_ENABLED="0" used by Makefile. Use the default unless there is a defined requirement or benefit. ------------------------------------------------------------------- Mon Oct 30 10:34:22 UTC 2023 - felix.niederwanger@suse.de - Update to version 3.61.0: * adding 'token' keyword to regex for github_old (#2037) * Update module github.com/go-git/go-git/v5 to v5.10.0 (#2023) * Detector-Competition-Feat: Added Reply.io API token detector (#2019) * fix(deps): update module sigs.k8s.io/yaml to v1.4.0 (#2047) * Detector-Competition-Feat: Added Stripo API token detector (#2018) * feat: deno deploy detector (#2040) * Update module google.golang.org/api to v0.148.0 (#2045) * Update module go.uber.org/zap to v1.26.0 (#2044) * Update module github.com/launchdarkly/go-server-sdk/v6 to v6.1.1 (#2043) * Update module github.com/snowflakedb/gosnowflake to v1.6.25 (#2042) * Update module github.com/xanzy/go-gitlab to v0.93.2 (#2031) * Update module go.uber.org/mock to v0.3.0 (#2038) * Update github.com/bodgit/sevenzip to v1.4.3 (#2039) * Detector-Competition-Feat: Added Budibase API token detector (#2016) * Update module github.com/prometheus/client_golang to v1.17.0 (#2029) * Detector-Competition-Feat: Added LemonSqueezy API token detector (#2017) * Update module github.com/rabbitmq/amqp091-go to v1.9.0 (#2030) * Update module github.com/hashicorp/golang-lru to v0.6.0 (#2028) * Update module github.com/google/uuid to v1.4.0 (#2027) * Update module github.com/google/go-containerregistry to v0.16.1 (#2026) * Update module github.com/getsentry/sentry-go to v0.25.0 (#2022) * Update module github.com/go-logr/logr to v1.3.0 (#2025) * Update module github.com/charmbracelet/lipgloss to v0.9.1 (#2015) * Update module github.com/bradleyfalzon/ghinstallation/v2 to v2.8.0 (#2014) * Update module github.com/aws/aws-sdk-go to v1.46.6 (#2013) * Update module cloud.google.com/go/secretmanager to v1.11.3 (#2011) * Update module github.com/TheZeroSlave/zapsentry to v1.19.0 (#2012) * Chore(deps): Bump google.golang.org/grpc from 1.56.2 to 1.56.3 (#2009) * Add Coinbase Wallet-as-a-Service detector (#1895) * Detector-Competition-Feat: Add Metabase Session Secret Detector (#1902) * Detector-Competition-Feat: Added AppOptics API token detector (#1989) * Detector-Competition-Feat: Added ZeroTier API token detector (#1988) * Detector-Competition-Feat: Added BetterStack API token detector (#1987) * Detector-Competition-Fix: Fix SurveyBot Verification (#1948) * Fix binary handling (#1999) * Add temp directory management (#1878) ------------------------------------------------------------------- Thu Oct 26 14:49:43 UTC 2023 - felix.niederwanger@suse.de - Update to version 3.60.4: * loggly detector by @ankushgoel27 in #1782 * Detector-Competition-Feat: Added OpenVPN API Detector by @fumblehool in #1940 * deprecate scan_interval field by @ahrav in #1984 * Detector-Competition-Feat: Added Portainer Detector by @fumblehool in #1936 * Detector-Competition-Fix: Fix/Remove baseapi detector (no longer exists) by @lc in #1992 * remove detector by @ahrav in #1993 * Detector-Competition-Feat: Added Vagrant Cloud Access Token Detector by @fumblehool in #1941 * Detector-Competition-Fix : fixed monday.com regex by @ankushgoel27 in #1961 * Detector-Competition-Fix: Fix ScreenshotAPI Verification by @lc in #1949 * Detector-Competition-Fix: Fix MeaningCloud Verification by @lc in #1946 * Detector-Competition-Fix: Deprecate Glitterly by @lc in #2000 * Detector-Competition-Fix: Fix/Remove BlaBlaBus, API retired by @lc in #1996 * make protos for deprecating Blablabus by @0x1 in #2002 * Detector-Competition-Fix: Fix/Remove QuickMetrics (shutdown) by @lc in #1997 * update renovate config and remove dependabot by @dustin-decker in #1994 * Detector-Competition-Fix: Fix/Remove DataFire, API retired by @lc in #1995 - Update to version 3.60.3: * Use latest dbr by @bill-rich in #1955 * Revert "Fix wrong line number" by @rosecodym in #1963 * Upgrade gocb and gocbcore by @nyanshak in #1952 * Detector-Competition-Fix: Fix CloudSmith verification by @lc in #1944 * Detector-Competition-fix: NewRelic Detector -fallback to EU Api for verification by @fumblehool in #1932 * fix #1751: update facebookOauth Detector by @fumblehool in #1921 * Dockerfiles - Alpine Linux 3.15 EoL by @nfsec in #1914 * Remove docker container after make protos finishes by @fumblehool in #1964 * Configure Renovate by @renovate in #1966 * fix(deps): update golang.org/x/exp digest to 7918f67 by @renovate in #1968 * fix(deps): update github.com/lrstanley/bubblezone digest to e3824f1 by @renovate in #1967 * fix(deps): update module cloud.google.com/go/secretmanager to v1.11.2 by @renovate in #1970 * fix(deps): update module github.com/aymanbagabas/go-osc52 to v1.2.2 by @renovate in #1971 * fix(deps): update module github.com/go-errors/errors to v1.5.1 by @renovate in #1972 * fix(deps): update module golang.org/x/oauth2 to v0.13.0 by @renovate in #1974 * Detector-Competition-Feat: Added PortainerToken Detector by @fumblehool in #1938 * fix(deps): update module github.com/snowflakedb/gosnowflake to v1.6.25 by @renovate in #1981 * fix(deps): update module github.com/google/go-github/v42 to v56 by @renovate in #1975 * chore(deps): update alpine docker tag to v3.18 by @renovate in #1982 * fix(deps): update module github.com/mattn/go-isatty to v0.0.20 by @renovate in #1980 * chore(deps): update module github.com/trufflesecurity/overseer to v1.2.7 by @renovate in #1983 * fix(deps): update module github.com/google/go-cmp to v0.6.0 by @renovate in #1973 * fix(deps): update module github.com/azure/go-autorest/autorest/azure/auth to v0.5.12 by @renovate in #1977 * fix(deps): update module github.com/launchdarkly/go-server-sdk/v6 to v6.1.1 by @renovate in #1978 * add rpm2cpio as dependency to dockerfile by @ahrav in #1985 - Update to version 3.60.2: * Detector-Competition-Fix: Fix/Remove Flowdock detector (#2004) * Detector-Competition-Fix: Fix/Remove Happi Detection & Verification (#2003) * Detector-Competition-Fix: Fix/Remove DataFire, API retired (#1995) * update renovate config and remove dependabot (#1994) * Detector-Competition-Fix: Fix/Remove QuickMetrics (shutdown) (#1997) * make protos for deprecating Blablabus (#2002) * Detector-Competition-Fix: Fix/Remove BlaBlaBus, API retired (#1996) * Detector-Competition-Fix: Depreciate Glitterly (#2000) * Detector-Competition-Fix: Fix MeaningCloud Verification (#1946) * Detector-Competition-Fix: Fix ScreenshotAPI Verification (#1949) * Detector-Competition-Fix : fixed monday.com regex (#1961) * Detector-Competition-Feat: Added Vagrant Cloud Access Token Detector (#1941) * remove detector (#1993) * Detector-Competition-Fix: Fix/Remove baseapi detector (no longer exists) (#1992) * Detector-Competition-Feat: Added Portainer Detector (#1936) * deprecate scan_interval field (#1984) * Detector-Competition-Feat: Added OpenVPN API Detector (#1940) * loggly detector (#1782) * add rpm2cpio as dependency to dockerfile (#1985) * fix(deps): update module github.com/launchdarkly/go-server-sdk/v6 to v6.1.1 (#1978) * fix(deps): update module github.com/azure/go-autorest/autorest/azure/auth to v0.5.12 (#1977) * fix(deps): update module github.com/google/go-cmp to v0.6.0 (#1973) * chore(deps): update module github.com/trufflesecurity/overseer to v1.2.7 (#1983) * fix(deps): update module github.com/mattn/go-isatty to v0.0.20 (#1980) * chore(deps): update alpine docker tag to v3.18 (#1982) * fix(deps): update module github.com/google/go-github/v42 to v56 (#1975) * fix(deps): update module github.com/snowflakedb/gosnowflake to v1.6.25 (#1981) * Detector-Competition-Feat: Added PortainerToken Detector (#1938) * fix(deps): update module golang.org/x/oauth2 to v0.13.0 (#1974) * fix(deps): update module github.com/go-errors/errors to v1.5.1 (#1972) * fix(deps): update module github.com/aymanbagabas/go-osc52 to v1.2.2 (#1971) * fix(deps): update module cloud.google.com/go/secretmanager to v1.11.2 (#1970) * fix(deps): update github.com/lrstanley/bubblezone digest to e3824f1 (#1967) * fix(deps): update golang.org/x/exp digest to 7918f67 (#1968) * Add renovate.json (#1966) * Remove docker container after make protos finishes (#1964) * Dockerfiles - Alpine Linux 3.15 EoL (#1914) * fix #1751: update facebookOauth Detector (#1921) * fix: NewRelic Detector: fallback to EU Api for verification (#1932) * Detector-Competition-Fix: Fix CloudSmith detection (#1944) * Upgrade gocb and gocbcore (#1952) * Revert "Fix off by one (#1891)" (#1963) * Use latest dbr (#1955) * export ShouldVerify (#1962) * export struct (#1954) * Detector-Competition-Fix: Fix CodeClimate verification (#1945) * Detector-Competition-Feat: Add InstaMojo Payment Detector (#1905) * Detector-Competition-Fix: Fix SuperNotes API verification (#1947) * Add UnitHook and NoopHook implementations (#1930) * Detector-Competition-New: add IP2Location api key detector (#1915) * [chore] Fix glob package name (#1931) * Filter unique detectors by keywords in chunk (#1711) * Detector-Competition-Feat: Add ipinfo.io API key detector (#1889) * Fix README.md typo (#1942) * Use the configured include repositories in the GitHub filter (#1926) * chore(github): reduce comment log verbosity (#1922) * Detector-Competition-Feat: Add Privacy.com API key detector (#1888) * Move Github comments check to fix a test #1927 * Handle secondary GitHub ratelimits (#1912) * Export ChunkError fields and add ErrorsFor convenience method (#1920) * Detector-Competition-Fix: Fix plaid.com API key detection (#1916) * update regex (#1919) ------------------------------------------------------------------- Thu Oct 19 11:59:15 UTC 2023 - felix.niederwanger@suse.de - Update to version 3.60.1: * feat(voiceflow): basic detector (#1900) * Fix for #1526: Update Posthog detector (#1910) * Add generic glob filter (#1858) * Tighten up regex for twist detector (#1908) * Added Support for '-h' Option for Help Documentation (#1901) * feat(git): only generate line numbers > 0 (#1898) * fix(github): normalize repo cache (#1897) * Fix off by one (#1891) ------------------------------------------------------------------- Tue Oct 17 12:16:21 UTC 2023 - felix.niederwanger@suse.de - Update to version 3.60.0: * Add ShannonEntropy test for an empty string (#1893) * [chore] Add SourceUnitEnumChunker filesystem tests (#1873) * Detector-Competition-Fix: Add Personal Access Tokens (API Tokens Depr… (#1871) * [bug] - Don't modify global client var (#1890) * added cody gateway token detection code (#1883) * Bump golang.org/x/net from 0.15.0 to 0.17.0 (#1886) * Detector-Competition-Feat: Add Klaviyo API Secret Detector (#1870) ------------------------------------------------------------------- Mon Oct 09 09:08:20 UTC 2023 - felix.niederwanger@suse.com - Update to version 3.59.0: * Add an option to filter unverified results using shannon entropy (#1875) * [chore] Fix flaky TestJobProgressElapsedTime (#1872) * Tighten up keywords (#1874) * Detector-Competition-Fix: fix notion.so false negative verification (#1866) * Detector-Competition-New: add anthropic api key detector (#1861) * Detector-Competition-New: add ramp.com client id & secret detector (#1862) * use Repositories field from conn. (#1860) * Add include and ignore list to Artifactory (#1857) * support insecure TLS for Jira and Jenkins (#1856) * add tristate verification to postman (#1837) * Use placeholder as default if field left empty and is required (#1642) * implemented planet scale creds (passwords and API keys) (#1841) * adding azure storage detector (#1840) * Adding Howtorotate Guides to TruffleHog (#1839) * update pagerdutyapikey detector to tri-state verification (#1836) * Fix bug in chunker that surfaces with a flaky passed in io.Reader (#1838) * Bump github.com/AzureAD/microsoft-authentication-library-for-go (#1850) * Bump github.com/bradleyfalzon/ghinstallation/v2 from 2.6.0 to 2.7.0 (#1851) * Bump go.mongodb.org/mongo-driver from 1.12.0 to 1.12.1 (#1848) * Bump github.com/aws/aws-sdk-go from 1.44.83 to 1.45.19 (#1847) * Bump docker/setup-qemu-action from 2 to 3 (#1845) * Bump goreleaser/goreleaser-action from 4 to 5 (#1844) * Bump mikepenz/action-junit-report from 3 to 4 (#1843) * Bump docker/login-action from 2 to 3 (#1846) * Bump github.com/xanzy/go-gitlab from 0.88.0 to 0.92.3 (#1849) * Bump actions/checkout from 3 to 4 (#1842) * fixing razorpay (#1852) * add tristate verification to twitch (#1830) * chore(ReadMe): Update installation Doc (#1818) * Separate gitlab detectors (#1819) * [chore] add figmav2 to defaults (#1820) * Cleanup jiratoken detector (#1832) * cleanup nesting (#1831) * Cleanup pubnub detector (#1826) * Update alchemy_test.go to use detectors5 (#1829) * Update web3storage_test.go (#1828) - Update to version 3.58.0: * update figma to use tri-state verification by @0x1 in (#1814) * updating myfreshworks detector to use tri-state verification by @0x1 in (#1779) * updating microsoft teams webhook detector to use tri-state verification by @0x1 in (#1792) * updating browserstack detector to use tri-state verification by @0x1 in (#1785) * Implement an installation script with CheckSum Validation by @hibare in (#1808) * Update Adding_Detectors_external.md by @zricethezav in (#1817) * added PR and Issue body scanning by @joeleonjr in (#1816) * Github partial scan by @ahrav in (#1804) * Update Adding_Detectors_external.md by @zricethezav in (#1822) * added Web3 Storage detector by @ankushgoel27 in (#1789) * consolidated pr and issue descr/comment flags by @joeleonjr in (#1827) * Use S3 credentials waterfall by @rosecodym in (#1823) * [bug] - correctly check err by @ahrav in (#1824) * Update web3storage_test.go with detectors5 by @zricethezav in (#1828) * Update alchemy_test.go to use detectors5 by @zricethezav in (#1829) * Cleanup pubnub detector by @0x1 in (#1826) * cleanup myfreshworks detector by @0x1 in (#1831) * Cleanup jiratoken detector by @0x1 in (#1832) * [chore] add figmav2 to defaults by @0x1 in (#1820) * Separate gitlab detectors by @0x1 in (#1819) * chore(ReadMe): Update installation Doc by @varmakarthik12 in (#1818) * add tristate verification to twitch by @0x1 in (#1830) * fixing razorpay by @dxa4481 in (#1852) * Bump actions/checkout from 3 to 4 by @dependabot in (#1842) * Bump github.com/xanzy/go-gitlab from 0.88.0 to 0.92.3 by @dependabot in (#1849) * Bump docker/login-action from 2 to 3 by @dependabot in (#1846) * Bump mikepenz/action-junit-report from 3 to 4 by @dependabot in (#1843) * Bump goreleaser/goreleaser-action from 4 to 5 by @dependabot in (#1844) * Bump docker/setup-qemu-action from 2 to 3 by @dependabot in (#1845) * Bump github.com/aws/aws-sdk-go from 1.44.83 to 1.45.19 by @dependabot in (#1847) * Bump go.mongodb.org/mongo-driver from 1.12.0 to 1.12.1 by @dependabot in (#1848) ------------------------------------------------------------------- Thu Sep 28 12:53:35 UTC 2023 - felix.niederwanger@suse.com - Update to version 3.57.0: * [bug] - correctly check err (#1824) * Use S3 credentials waterfall (#1823) * consolidated pr and issue descr/comment flags (#1827) * added Web3 Storage detector (#1789) * Update Adding_Detectors_external.md (#1822) * Github partial scan (#1804) * added PR and Issue body scanning (#1816) * Update Adding_Detectors_external.md (#1817) * Implement an installation script with CheckSum Validation (#1808) * updating browserstack detector to use tri-state verification (#1785) * updating microsoft teams webhook detector to use tri-state verification (#1792) * updating myfreshworks detector to use tri-state verification (#1779) * update figma to use tri-state verification (#1814) * adding support for new version of figma token (#1813) * Update README.md (#1811) * examples folder (#1734) * Update protos image to use correct go version (#1810) * add line to link for azure repos. (#1801) * fix detector test action (#1805) * aggregate detector tests daily (#1800) * Adding new function SetProgressOngoing to be used when the source does not yet know how many items it is scanning and does not want to display a percentage complete. (#1802) * updating uri detector to use tri-state verification (#1791) * Bump golang.org/x/oauth2 from 0.10.0 to 0.12.0 (#1799) * Bump github.com/go-ldap/ldap/v3 from 3.4.5 to 3.4.6 (#1796) * Bump github.com/charmbracelet/bubbletea from 0.24.1 to 0.24.2 (#1798) * Bump github.com/getsentry/sentry-go from 0.22.0 to 0.24.1 (#1797) * Bump cloud.google.com/go/storage from 1.31.0 to 1.33.0 (#1795) * Bump github.com/mattn/go-isatty from 0.0.18 to 0.0.19 (#1794) * Add ability to dynamically scale concurrently running sources (#1790) * [bug] - fix link line (#1793) * Ability to update line number in link (#1788) * fixed rubygems detector (#1781) * Update sonarcloud.go (#1784) * [bug] - correclty handle nested archived directories (#1778) * replace interface{} with any. (#1771) ------------------------------------------------------------------- Fri Sep 15 07:13:56 UTC 2023 - felix.niederwanger@suse.com - Update to version 3.56.0: * Update Source interface to use SourceID and JobID types (#1774) * migrate buildpulse to integration test suite (#1775) * add buildpulse config to sources (#1764) * Implement Gitlab source validation (#1765) * fix: add missing error check in archive handler (#1770) * Add a SourceType constant to all source packages (#1768) * Refactor SourceManager to remove Enrollment (#1740) * updating sendbirdorganizationapi detector to use tri-state verification (#1763) ------------------------------------------------------------------- Tue Sep 12 07:24:02 UTC 2023 - felix.niederwanger@suse.com - Update to version 3.55.1 * [chore] - fix slackwebhook detector by @ahrav in #1761 * Add log verbosity by @codevbus in #1750 - Update to version 3.55.0 * [chore] - Sentry detector update by @ahrav in #1746 * Always close AWS response body by @rosecodym in #1758 * [chore] - add test for custom providers by @ahrav in #1759 * cache dupes w/ different decoders by @ahrav in #1754 * add tri state verification to slack (not slack webhook) by @zubairk14 in #1731 * Improve private key detector by @dustin-decker in #1760 - Update to version 3.54.4: * verbosity updates to s3 source (#1750) * [chore] - fix slackwebhook detector (#1761) * Improve private key detector (#1760) * add tri state verification to slack (not slack webhook) (#1731) * cache dupes w/ different decoders (#1754) * add test for custom providers. (#1759) * always close aws response body (#1758) * [chore] - Sentry detector update (#1746) * Retry AWS verification 403s (#1757) * Always attempt to return a git link (#1756) * Add Tailscale detector (#1719) * updating sendgrid detector to use tri-state verification (#1735) * Add optional param to Chunks (#1747) * Use common chunker for archive handler (#1717) * Fix pagerdutyapikey Detector (#1749) * updating jiratoken and jiratokenV2 to use tri-state verification + updating tests (#1744) * [chore] - update Docker source (#1708) * updating sendbird detector to use tri-state verification (#1737) * Validate S3 source (#1715) ------------------------------------------------------------------- Mon Sep 4 07:12:28 UTC 2023 - Felix Niederwanger <felix.niederwanger@suse.com> - Update to version 3.54.3 * Sourcegraph Detectors Iterations by @shivasurya in #1742 * [chore] - fix sentry detector by @ahrav in #1738 * [bug] - Correctly create azure git links by @ahrav in #1743 ------------------------------------------------------------------- Mon Sep 04 06:42:13 UTC 2023 - felix.niederwanger@suse.com - Update to version 3.54.2: * Correctly create azure git links. (#1743) * [chore] - fix sentry detector (#1738) * iterating on suggestions (#1742) * update jira detector to match new variable tokens (#1720) ------------------------------------------------------------------- Fri Sep 01 08:04:07 UTC 2023 - felix.niederwanger@suse.com - Update to version 3.54.1: * add tri-state verification for twilio detector (#1729) * added sourcegraph token verification detection (#1730) * Update to Go 1.21 (#1733) * update slack webhook with tri-state verification (#1724) * Unify S3 client creation logic (#1657) * Add a cancel cause to job cancellation (#1728) * Add the 'Cause' family of functions to the context wrapper library (#1725) * remove fmt.Print (#1727) * Optimize read to max (#1714) * Add AvailableCapacity method to SourceManager (#1665) * Add jobID to chunk. (#1721) ------------------------------------------------------------------- Tue Aug 29 07:17:15 UTC 2023 - felix.niederwanger@suse.com - Update to version 3.54.0: * buffer channel. (#1718) * add detectors that were missed (#1716) * Expired invite link fix (#1713) ------------------------------------------------------------------- Mon Aug 28 15:05:32 UTC 2023 - felix.niederwanger@suse.com - Update to version 3.53.0: * [chore] - Prevent nil deref panic (#1709) * Support cancelling a run from a JobProgressRef (#1663) * Test S3 role assumption (#1655) * Add SourceName to JobProgressRef (#1664) * Support azure git links (#1662) * Capture source-reported progress in JobProgress snapshot (#1661) * Add ElapsedTime method to JobProgressMetrics (#1660) * add snowflake detector (#1653) * Update launchdarkly regex, support sdk keys, add tri-state verification (#1645) * [chore] - update benchmarks. (#1641) * [chore] - update comments and logs. (#1654) * Include the job ID in a chunk (#1652) * add rate limit and consumption metrics for GitHub (#1651) * update s3 test bucket (#1649) * Fix reversed ordering of arguments (#1648) * add thog CLI support for GitHub config validate (#1626) * wait before finishing s3 test (#1647) * Add tri-state verification to sqlserver detector (#1624) * Only scan gist comments or repo comments. (#1646) ------------------------------------------------------------------- Fri Aug 18 08:06:27 UTC 2023 - felix.niederwanger@suse.com - Update to version 3.52.0: * add role assumption for s3 source (#1477) * [bug] - handle IOOR panic (#1639) * updat test file. (#1637) * [bug] - Correctly reset reader before handling archive chunk data (#1636) ------------------------------------------------------------------- Thu Aug 17 13:04:29 UTC 2023 - felix.niederwanger@suse.com - Update to version 3.47: * [bug] - copy chunk before sending on chunksChan (#1633) * Add ScanChunk to allow injecting Chunks into the SourceManager's channel (#1634) * correct logging output for github comments and add oss flags (#1632) * [chore] - Use custom context for archive handler of specialized archives (#1629) * add salesforce detector (#1608) * Integration of SpecializedHandler for Enhanced Archive Processing (#1625) * fix github org placeholder (#1627) * bump go to 1.21 (#1623) * change verification endpoint (#1611) * add huggingface detector (#1621) * Refactor FragmentLineOffset to match multiline secrets (#1612) * fix alchemy test error message (#1622) * Docker scanning by digest (#1615) * Use the common chunker for scanning the filesystem source (#1619) * Support indeterminate verification in Gitlab detector (#1613) * stop saving alchemy url (#1614) * Add tri-state verification to pubnub publish key detector (#1616) * fix error msg in alchemy test (#1617) * Add terminal UI (#1593) * implement tri-state verification in FTP detector (#1604) * Move commits_scanned to ScanRepo (#1610) * Use common chunk reader (#1596) * Tweak template detector test code (#1609) ------------------------------------------------------------------- Fri Aug 04 08:05:50 UTC 2023 - felix.niederwanger@suse.com - Update to version 3.46.3: * Detect API keys without app keys (#1605) * Adjust regex and add tests (#1602) * Use SourceManager in engine (#1586) * implement indeterminate LDAP verification (#1574) * Fix nil pointer dereference to git ScanOptions (#1603) * initial support for bare repositories (#1499) * Common chunk reader (#1594) * Add commits scanned to log (#1600) * include scan duration in output log (#1598) * Make prints to stdout serial. (#1597) - Update to version 3.46.2: * add tri-state verification to mongodb detector by @rosecodym in #1575 * create hidden debug flag to disable overseer by @zubairk14 in #1582 * Fix VirusTotal deetector by @ahrav in #1585 * Refactor git source to allow ScanOptions and use source in engine by @mcastorina in #1518 * S3 panic send on closed channel by @ahrav in #1589 - Update to version 3.46.1: * [bug] - Fix unlocking an unlocked mutex by @ahrav in #1583 - Update to version 3.46.0: * Increase log level of engine messages by @dustin-decker in #1576 * Initialize the default logger to output to stderr by @mcastorina in #1569 * Fix runtime error when scanning Gist comments by @rgmz in #1552 * Do not nest transports for Github installation client by @rosecodym in #1564 * Identify transient AWS verification failures by @rosecodym in #1563 * Support fatal errors in job reports by @mcastorina in #1562 * Fix pubnub regular expression by @mcastorina in #1565 * gitparse: Use an object for currentDiff by @mcastorina in #1573 * Concurrent detection by @ahrav in #1580 * Replace magic strings with const by @ahrav in #1568 * [bug] - fix data races by @ahrav in #1577 * [bug] - fix shodan detector by @ahrav in #1579 ------------------------------------------------------------------- Fri Jul 28 09:49:25 UTC 2023 - Felix Niederwanger <felix.niederwanger@suse.com> - trufflehog-v3.35.2 * Pass GitHub apiEndpoint for basic or no auth by @rgmz in #1454 * Bump github.com/xanzy/go-gitlab from 0.86.0 to 0.88.0 by @dependabot in #1522 * Bump github.com/google/go-containerregistry from 0.14.0 to 0.15.2 by @dependabot in #1504 * Add SourceManager tests for Run and Wait methods by @mcastorina in #1530 * Improve log message when scanning GitHub comments by @rgmz in #1553 * Bump github.com/bradleyfalzon/ghinstallation/v2 from 2.4.0 to 2.6.0 by @dependabot in #1503 * Bump github.com/go-git/go-git/v5 from 5.8.0 to 5.8.1 by @dependabot in #1554 * [MongoDB] Detect CosmoDB access keys by @rgmz in #1511 * Override broken dependency version by @dustin-decker in #1558 * Add azure repos protos by @ahrav in #1559 * add merge support by @zricethezav in #1561 ------------------------------------------------------------------- Fri Jul 28 09:45:30 UTC 2023 - Felix Niederwanger <felix.niederwanger@suse.com> - trufflehog-v3.35.1 * [chore] - optimize chunker by @ahrav in #1535 * Add commitsScanned metrics by @bill-rich in #1533 * Make Ahocorasick matching case insensitive by @zricethezav in #1547 * Fix data race in context wrapper library by @mcastorina in #1546 * Update gitparse logic by @rgmz in #1486 ------------------------------------------------------------------- Tue Jul 25 07:00:24 UTC 2023 - Felix Niederwanger <felix.niederwanger@suse.com> - trufflehog-v3.35.0 * [chore] - Update loop to switch. by @ahrav in #1487 * Rewrite SourceUnitEnumerator to use UnitReporter instead of a channel by @mcastorina in #1485 * Define SourceUnit chunking interface by @mcastorina in #1484 * fix twilio verification side effect by @brandonjyan in #1494 * Fix URI detector false positives when the redacted password has been URL encoded by @trufflesteeeve in #1489 * add envoy api key scanner by @brandonjyan in #1482 * add couchbase scanner to defaults by @brandonjyan in #1497 * tweak jdbc redaction by @rosecodym in #1490 * add launch_darkly keyword to launchdarkly scanner by @brandonjyan in #1495 * [chore] - update detector template file by @ahrav in #1500 * add thog enterprise detector for web keys by @zubairk14 in #1448 * use Go 1.20 for all github workflows by @rosecodym in #1508 * unify JDBC detector ping logic by @rosecodym in #1506 * add dockerhub scanner by @brandonjyan in #1496 * JDBC indeterminacy by @rosecodym in #1507 * [chore] Remove parent setting / getting in Context wrapper by @mcastorina in #1516 * Revert "[chore] Remove parent setting / getting in Context wrapper (#… by @mcastorina in #1519 * Bump github.com/googleapis/gax-go/v2 from 2.11.0 to 2.12.0 by @dependabot in #1501 * Bump google.golang.org/api from 0.130.0 to 0.131.0 by @dependabot in #1502 * Bump github.com/go-git/go-git/v5 from 5.7.0 to 5.8.0 by @dependabot in #1523 * capture JSON error in AWS detector by @rosecodym in #1509 * Decrease frequency of dependabot alerts to monthly by @zricethezav in #1524 * Support indeterminacy in alchemy and update detector docs by @rosecodym in #1510 * [chore] Remove parent manipulation in context package by @mcastorina in #1525 * Implement SourceManager basics by @mcastorina in #1515 * Correctly route pprof endpoint by @mcastorina in #1527 * [chore] - Remove password info from log by @ahrav in #1528 * continue scanning on detector / decoder panic by @dustin-decker in #863 * Add match boundary to okta regular expressions by @mcastorina in #1531 * Replace aho-corasick library by @zricethezav in #1538 ------------------------------------------------------------------- Tue Jul 18 11:37:25 UTC 2023 - Felix Niederwanger <felix.niederwanger@suse.com> - trufflehog-v3.44.0 * fix typo * Remove additional apk clean up in Dockerfile * Remove the Image4 detector * tighten up Shortcut API detector * additional similarity check for base64 and plain * Add new verification error message field * Bump golang.org/x/crypto from 0.10.0 to 0.11.0 * Bump github.com/jlaffaye/ftp from 0.1.0 to 0.2.0 * Bump github.com/TheZeroSlave/zapsentry from 1.15.0 to 1.17.0 * remove old detector * Bump google.golang.org/api from 0.129.0 to 0.130.0 * Define SourceUnit enumeration interface * Update tests for forks so we don't fail on everything * scan GitHub PR and issue comments * Report indeterminacy in AWS verifier * do not report AWS 403s as indeterminate * Dedupe results * Include the line number GitHub & Gitlab links ------------------------------------------------------------------- Thu Jul 6 07:57:21 UTC 2023 - Felix Niederwanger <felix.niederwanger@suse.com> - trufflehog-v3.43.0 * Introduce trufflehog:ignore tag feature * remove HEAD from git diff command, rename unstaged to staged * Bump github.com/envoyproxy/protoc-gen-validate from 1.0.1 to 1.0.2 * Bump cloud.google.com/go/secretmanager from 1.11.0 to 1.11.1 * Bump google.golang.org/protobuf from 1.30.0 to 1.31.0 * Add missing keywords for sqlserver * Bump google.golang.org/api from 0.128.0 to 0.129.0 * Bump cloud.google.com/go/storage from 1.30.1 to 1.31.0 ------------------------------------------------------------------- Thu Jul 6 07:56:15 UTC 2023 - Felix Niederwanger <felix.niederwanger@suse.com> - trufflehog-v3.42.0 * Exit with non-zero exit code on chunk source error * Fix docker source to return any chunk errors * Add Couchbase Detector * Bump github.com/xanzy/go-gitlab from 0.85.0 to 0.86.0 * Use url redaction in git * Fix stripPassword * Don't return on okta credential failed verification * verify response body with expected keywords * added opsgenie detector ------------------------------------------------------------------- Tue Jun 27 07:15:30 UTC 2023 - Felix Niederwanger <felix.niederwanger@suse.com> - trufflehog-v3.41.1 * Bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible * Implement SourceUnitUnmarshaller for all sources * Ensure results are collected correctly when verification is off, and ... * prevent www from being a key to prevent fp * Bump github.com/go-ldap/ldap/v3 from 3.4.4 to 3.4.5 * Bump go.mongodb.org/mongo-driver from 1.11.6 to 1.12.0 * Bump golang.org/x/sync from 0.2.0 to 0.3.0 * Update Slack webhook error text for verification * Bump cloud.google.com/go/storage from 1.29.0 to 1.30.1 ------------------------------------------------------------------- Mon Jun 26 09:43:12 UTC 2023 - Felix Niederwanger <felix.niederwanger@suse.com> - trufflehog-v3.41.0 * Make trace error message so newlines aren't escaped * Add Validator interface and example * Setup SourceUnit interface * Bump github.com/getsentry/sentry-go from 0.21.0 to 0.22.0 * Bump golang.org/x/oauth2 from 0.8.0 to 0.9.0 * update discord invite link to one that doesn't expire * Custom detector name * Bump github.com/googleapis/gax-go/v2 from 2.10.0 to 2.11.0 * Bump google.golang.org/api from 0.125.0 to 0.128.0 * add new key pat for mailgun detector * remove gorilla mux * fix spelling errors * tada Add Docker image scanning tada ------------------------------------------------------------------- Fri Jun 16 06:34:37 UTC 2023 - Felix Niederwanger <felix.niederwanger@suse.com> - trufflehog-v3.40.0 * Bump github.com/mattn/go-sqlite3 from 1.14.16 to 1.14.17 * Bump github.com/stretchr/testify from 1.8.3 to 1.8.4 * [chore] - fix test * Add DocuSign detector * fix plusfile git bug * Update sqlserver redaction, deduplication, and URI redaction * Split files instead of using ReadAll * add a custom detector check for logging duplicate detector * Bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 * Bump github.com/hashicorp/go-retryablehttp from 0.7.2 to 0.7.4 * Bump github.com/xanzy/go-gitlab from 0.83.0 to 0.85.0 * Bump cloud.google.com/go/secretmanager from 1.10.1 to 1.11.0 * Use heuristic to choose the most likely UTF-16 decoded string ------------------------------------------------------------------- Mon Jun 5 09:33:58 UTC 2023 - Felix Niederwanger <felix.niederwanger@suse.com> - trufflehog-v3.38.0 * [chore] - update Float detector regex by @ahrav in #1368 * Check that git meets version requirements by @dustin-decker in #1373 - trufflehog-v3.39.0 * Loosen up version check for git ------------------------------------------------------------------- Thu Jun 1 07:25:59 UTC 2023 - Felix Niederwanger <felix.niederwanger@suse.com> - trufflehog-v3.37.0 * [chore] - Use correct detector proto by @ahrav in #1347 * Add message for discord server in readme by @zricethezav in #1344 * [chore] - Replace context.TODO by @ahrav in #1349 * needed perms for running workflows against forks by @codevbus in #1348 * Bump github.com/go-logr/zapr from 1.2.3 to 1.2.4 by @dependabot in #1355 * Bump github.com/stretchr/testify from 1.8.2 to 1.8.3 by @dependabot in #1353 * Bump golang.org/x/oauth2 from 0.7.0 to 0.8.0 by @dependabot in #1352 * Make OpenAI regex more specific by @nyanshak in #1345 * Bump github.com/getsentry/sentry-go from 0.20.0 to 0.21.0 by @dependabot in #1351 * Bump golang.org/x/crypto from 0.8.0 to 0.9.0 by @dependabot in #1354 * adds linting for workflow and actions by @codevbus in #1356 * Add Data member to ResultsMetadata struct. by @strazzere in #1358 * Surface missing git as an error during source initialization by @dustin-decker in #1362 * Bump go.mongodb.org/mongo-driver from 1.11.4 to 1.11.6 by @dependabot in #1367 * Bump github.com/envoyproxy/protoc-gen-validate from 1.0.0 to 1.0.1 by @dependabot in #1366 * Bump cloud.google.com/go/secretmanager from 1.10.0 to 1.10.1 by @dependabot in #1365 * fix mockaroo fps by @dustin-decker in #1370 * Bump github.com/googleapis/gax-go/v2 from 2.8.0 to 2.9.1 by @dependabot in #1363- ------------------------------------------------------------------- Wed May 24 08:24:26 UTC 2023 - Felix Niederwanger <felix.niederwanger@suse.com> - trufflehog-v3.36.0 * Check to see if StructuredData exists before attempting to print it by @trufflesteeeve in #1346 - trufflehog-v3.35.0 * added pulumi cloud Access token detector by @vickygoel in #1295 * Bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 by @dependabot in #1339 * Bump google.golang.org/api from 0.114.0 to 0.122.0 by @dependabot in #1342 * Bump github.com/go-sql-driver/mysql from 1.7.0 to 1.7.1 by @dependabot in #1336 * Bump github.com/rabbitmq/amqp091-go from 1.8.0 to 1.8.1 by @dependabot in #1335 * Bump golang.org/x/sync from 0.1.0 to 0.2.0 by @dependabot in #1334 * [chore] - move objectManager interface by @ahrav in #1332 * use md5 hash for checking if key exists by @ahrav in #1257 * Add buildkitev2 detector for newer tokens by @ahrav in #1341 * GitHub basic auth by @dustin-decker in #1337 * Add extra data and structured data to plain output by @nyanshak in #1316 * [oc-313] - Add GitHub metrics by @ahrav in #1324 * Updating generic.go by @RuchitaKshirsagarTR in #1343 * Add Base64URLSafe decoder by @nyanshak in #1292 - trufflehog-v3.34.0 * Fixed contentfulpersonalaccesstoken regex by @amansakhuja in #1199 * Add max object size flag for s3 bucket scanning by @nyanshak in #1294 * add scripts to benchmark and plot performance across tags by @dustin-decker in #1293 * Implement EndpointCustomizer by @mcastorina in #1291 * add additional logging by @ahrav in #1298 * [chore] - format log msg by @ahrav in #1299 * Bump github.com/bradleyfalzon/ghinstallation/v2 from 2.3.0 to 2.4.0 by @dependabot in #1306 * add tineswebhook detector by @jsolis in #1304 * Bump github.com/mholt/archiver/v4 from 4.0.0-alpha.7 to 4.0.0-alpha.8 by @dependabot in #1305 * Bump github.com/lib/pq from 1.10.8 to 1.10.9 by @dependabot in #1307 * Scan only for verified secrets in our CI by @dustin-decker in #1310 * add performance test by @zricethezav in #1301 * Add log to track git log size by @ahrav in #1325 * Extend cache interface by @ahrav in #1318 * Normalize GitHub repos during enumeration by @ahrav in #1269 * Output git timestamps as UTC times by @nyanshak in #1323 * Fix how we scan orgs by @ahrav in #1327 * [bug] - Update regex for ipstack by @ahrav in #1328 * Fix SquareApp detector type return value by @nyanshak in #1322 * Generate protos by @mcastorina in #1329 * Make sure context lines are properly handled by @bill-rich in #1331 * Do extraction after decompression by @nyanshak in #1320 * git worktree scanning fix for #827 by @nyanshak in #1315 * Support line numbers in filesystem source by @nyanshak in #1297 - trufflehog-v3.33.0 * improve sqlserver detection and testing by @dustin-decker in #1285 * Added a new detector for percy.io by @shabbirbs in #1284 * update jira detector by @ahrav in #1288 * update proto to allow for ignoring projects by @ahrav in #1289 * Fix include and exclude detector logic by @mcastorina in #1267 * Updated BrowserStack verified detector endpoint by @shabbirbs in #1290 - trufflehog-v3.32.2 * Bump google.golang.org/api from 0.118.0 to 0.119.0 by @dependabot in #1279 * Bump github.com/envoyproxy/protoc-gen-validate from 0.10.1 to 1.0.0 by @dependabot in #1280 * Bump cloud.google.com/go/storage from 1.29.0 to 1.30.1 by @dependabot in #1282 * Small optimizations for the base64 decoder by @ahrav in #1278 - trufflehog-v3.32.1 * Add RawV2 Results to the JSON Output by @yilmi in #1273 * optimize utf-8 decoder by @ahrav in #1275 * optimize base64 decoder by @ahrav in #1277 - trufflehog-v3.32.0 * Use md5 hash for resuming key by @ahrav in #1203 * [chore] - use hex encode vs base64 by @ahrav in #1256 * Remove toLower call on decoded chunk by @zricethezav in #1254 * git output []bytes were being logged as b64ed string by @dustin-decker in #1255 * Add team name to proto by @ahrav in #1258 * Only add detectors once by @bill-rich in #1265 * Bump google.golang.org/api from 0.114.0 to 0.118.0 by @dependabot in #1261 * Bump github.com/xanzy/go-gitlab from 0.81.0 to 0.82.0 by @dependabot in #1262 * [chore] Log possible duplicate detectors by @mcastorina in #1266 * Bump github.com/lib/pq from 1.10.7 to 1.10.8 by @dependabot in #1260 * Bump github.com/xanzy/go-gitlab from 0.81.0 to 0.83.0 by @dependabot in #1268 * Adding Google drive to MetaData proto by @0x1 in #1264 * Allow multiple team IDs for MS Teams by @ahrav in #1259 * Switch Endpoint Field to Client ID by @zubairk14 in #1270 * Add configurable detectors by @bill-rich in #1139 * Add utf16 decoder by @ahrav in #1274 * Ensure multipart credentials are deduplicated correctly by @dustin-decker in #1271 * Add utf16 decoder proto by @ahrav in #1276 - trufflehog-v3.31.6 * optimize gitparse handling of diffs by @zricethezav in #1253 - trufflehog-v3.31.5 * Use persistable cache for GCS progress tracking by @ahrav in #1204 * Bump golang.org/x/text from 0.8.0 to 0.9.0 by @dependabot in #1246 * Bump golang.org/x/oauth2 from 0.6.0 to 0.7.0 by @dependabot in #1243 * Bump golang.org/x/crypto from 0.7.0 to 0.8.0 by @dependabot in #1244 * Bump github.com/bradleyfalzon/ghinstallation/v2 from 2.2.0 to 2.3.0 by @dependabot in #1245 * Bump go.mongodb.org/mongo-driver from 1.11.3 to 1.11.4 by @dependabot in #1247 * THOG-920/add oss proto by @zubairk14 in #1240 * Generate protos by @mcastorina in #1250 * update circle test because workflows expire and need re-running by @dustin-decker in #1251 - trufflehog-v3.31.4 * fix linting step by @dustin-decker in #1235 * Resolve #1167 by adding support for the AWS_SESSION_TOKEN by @iamjpotts in #1170 * Use default endpoints when no custom verifier provided by @ahrav in #1242 - trufflehog-v3.31.3 * Run golang lint on entire repo instead of patches by @zricethezav in #1214 * add CLI switch to actions config by @codevbus in #1215 * Update verification endpoint - BrowserStack Detector by @gobind-singh in #1179 * Allow for custom verifier by @ahrav in #1070 * Add oauth2 cred as auth type for Teams. by @ahrav in #1221 * Use OAuth2 http client with GCS by @ahrav in #1220 * Add DetectorName to Result by @bill-rich in #1223 * Bump github.com/envoyproxy/protoc-gen-validate from 0.9.1 to 0.10.1 by @dependabot in #1207 * Bump github.com/TheZeroSlave/zapsentry from 1.14.0 to 1.15.0 by @dependabot in #1229 * Bump github.com/go-logr/logr from 1.2.3 to 1.2.4 by @dependabot in #1226 * Bump google.golang.org/api from 0.109.0 to 0.114.0 by @dependabot in #1228 * Bump go from 1.18 to 1.20 by @bceylan in #1230 * Bump github.com/googleapis/gax-go/v2 from 2.7.0 to 2.8.0 by @dependabot in #1227 * Bump cloud.google.com/go/storage from 1.29.0 to 1.30.1 by @dependabot in #1225 * Bump github.com/getsentry/sentry-go from 0.19.0 to 0.20.0 by @dependabot in #1231 * forager requires direct access to gitparse.FromReader by @dustin-decker in #1233 * Add lint for exporting loop references by @mcastorina in #1232 * readme improvements by @dustin-decker in #1234 - trufflehog-v3.31.2 * revert to original entrypoint config by @codevbus in #1219 - trufflehog-v3.31.1 * ensure stdout is still provided by @codevbus in #1217 - trufflehog-v3.31.0 * Bump cloud.google.com/go/storage from 1.30.0 to 1.30.1 by @dependabot in #1209 * Support for exclude globs at the git log level by @zricethezav in #1202 * Add GitHub Actions output by @dustin-decker in #1201 - trufflehog-v3.30.0 * update integration test excludes by @dustin-decker in #1169 * Bump github.com/googleapis/gax-go/v2 from 2.7.0 to 2.7.1 by @dependabot in #1171 * Bump github.com/fatih/color from 1.13.0 to 1.15.0 by @dependabot in #1174 * Bump github.com/xanzy/go-gitlab from 0.80.2 to 0.81.0 by @dependabot in #1172 * [chore] - Add unauth GCS source type by @ahrav in #1178 * Fix git commit date string formatting by @fearnoeval in #1181 * Bump google.golang.org/protobuf from 1.29.0 to 1.29.1 by @dependabot in #1182 * [chore] Log git output on error by @mcastorina in #1180 * [chore] Add a break statement when iterating through keywords by @zricethezav in #1184 * [chore] Ignore errors from CustomRegex so the channel doesn't leak by @mcastorina in #1149 * updating browserstack detector user and key PrefixRegex strings by @raju-kamble in #1176 * [chore] - add support for json service account and service account file by @ahrav in #1185 * Add resuming capability to GCS source by @ahrav in #1161 * Add OpenAI API Tokens detector by @yilmi in #1142 * added new detectors and fixed mesibo detector by @garg472 in #1166 * Bump go.mongodb.org/mongo-driver from 1.11.2 to 1.11.3 by @dependabot in #1196 * Bump cloud.google.com/go/storage from 1.29.0 to 1.30.0 by @dependabot in #1195 * Bump github.com/go-git/go-git/v5 from 5.6.0 to 5.6.1 by @dependabot in #1194 * Bump google.golang.org/protobuf from 1.29.1 to 1.30.0 by @dependabot in #1193 * Bump github.com/googleapis/gax-go/v2 from 2.7.1 to 2.8.0 by @dependabot in #1192 * Add in-memory caching pkg by @ahrav in #1189 * [chore] - log enumeration duration by @ahrav in #1187 * Bump actions/setup-go from 3 to 4 by @dependabot in #1191 * Fix OpenAI test by @dustin-decker in #1186 * Bump google.golang.org/api from 0.111.0 to 0.114.0 by @dependabot in #1210 * Bump github.com/rabbitmq/amqp091-go from 1.7.0 to 1.8.0 by @dependabot in #1208 * [bug] - Use correct date format for Date posted by @ahrav in #1211 * Add Oauth creds to GCS by @ahrav in #1212 * Delete progress tracking from GCS source by @ahrav in #1190 - trufflehog-v3.29.1 * Make slack webhook detector regex more specific by @trufflesteeeve in #1168 - trufflehog-v3.29.0 * Remove period from file extension by @ahrav in #1154 * Bump golang.org/x/crypto from 0.6.0 to 0.7.0 by @dependabot in #1158 * Bump github.com/go-git/go-git/v5 from 5.5.2 to 5.6.0 by @dependabot in #1147 * Bump github.com/bradleyfalzon/ghinstallation/v2 from 2.1.0 to 2.2.0 by @dependabot in #1148 * Bump github.com/getsentry/sentry-go from 0.18.0 to 0.19.0 by @dependabot in #1157 * Add gcs scanning integration by @ahrav in #1153 - trufflehog-v3.28.7 Support filtering detectors by version by @mcastorina in #1150 - trufflehog-v3.28.6 * Rename .pre-commit-hooks.yml to .pre-commit-hooks.yaml by @zhuwenxing in #1141 * Keyword optimization by @zricethezav in #1144 * Release should only run on tags by @dustin-decker in #1146 - trufflehog-v3.28.5 [chore] - Only scanned staged git changes by @ahrav in #1143 - trufflehog-v3.28.4 * [chore] Address more linter errors by @mcastorina in #1134 * Custom regex parallel verify by @0x1 in #1127 * [chore] Close response bodies by @mcastorina in #1137 * Bump github.com/stretchr/testify from 1.8.1 to 1.8.2 by @dependabot in #1130 * Add pre-commit yml config by @ahrav in #1138 * Disable profiler in debug mode and add profile switch by @yilmi in #1136 - trufflehog-v3.28.3 * Support file scanning in filesystem source by @mcastorina in #1030 * Add ability to include and exclude detectors by @mcastorina in #1106 * [chore] Implement String for ScanErrors by @mcastorina in #1131 * [chore] Update docs for individual file scanning by @mcastorina in #1132 * [chore] Address lint errors by @mcastorina in #1133 - trufflehog-v3.28.2 * Bump github.com/xanzy/go-gitlab from 0.78.0 to 0.80.2 by @dependabot in #1117 * Gitparse message fix by @bill-rich in #1125 - trufflehog-v3.28.1 * Bump github.com/xanzy/go-gitlab from 0.78.0 to 0.80.2 by @dependabot in #1117 * Gitparse message fix by @bill-rich in #1125 ------------------------------------------------------------------- Thu Feb 23 11:56:28 UTC 2023 - Pavel Dostál <pdostal@suse.com> - trufflehog-v3.28.0 * add smoke test by @dustin-decker in #1099 * Remove duplicated detectors by @trufflesteeeve in #1092 * adds TESTING doc w. steps for local GHA tests by @codevbus in #1093 * add more confluence options by @dustin-decker in #1105 * Github filter support for exclude and include by @MetinSAYGIN in #1087 * Fix nil scan options by @mcastorina in #1107 * [chore] Remove logrus from trufflehog by @mcastorina in #1095 * Bump golang.org/x/text from 0.6.0 to 0.7.0 by @dependabot in #1100 * Bump golang.org/x/crypto from 0.5.0 to 0.6.0 by @dependabot in #1101 * Bump github.com/getsentry/sentry-go from 0.17.0 to 0.18.0 by @dependabot in #1102 * [chore] - Add the unit for max archive size by @ahrav in #1108 * [chore] - archive size helper text by @ahrav in #1110 * [chore] - Update helper text for max-archive-size. by @ahrav in #1114 * Correctly parse most filenames with ' and ' by @bill-rich in #1113 * Drop tabs for filenames with spaces by @bill-rich in #1115 * Bump golang.org/x/oauth2 from 0.4.0 to 0.5.0 by @dependabot in #1116 * fix browserstack detector by @raju-kamble in #1120 * Bump golang.org/x/net from 0.6.0 to 0.7.0 by @dependabot in #1122 * Bump go.mongodb.org/mongo-driver from 1.11.1 to 1.11.2 by @dependabot in #1119 * Bump github.com/TheZeroSlave/zapsentry from 1.12.0 to 1.14.0 by @dependabot in #1118 * Bump github.com/rabbitmq/amqp091-go from 1.6.0 to 1.7.0 by @dependabot in #1103 * Adding initial protos for Google Drive scanner by @0x1 in #1121 * fixing browserstack regex username detection by @raju-kamble in #1123 - trufflehog-v3.27.1 * Revert "Make detectors configurable" by @dustin-decker in #1097 - trufflehog-v3.27.0 * Bump golang.org/x/oauth2 from 0.3.0 to 0.4.0 by @dependabot in #1039 * add bodyclose linter to help prevent file handle leaks by @dustin-decker in #1048 * braintree detector: use production API URL instead of the test sandbo… by @swdbo in #1054 * Update float detector with correct User-Agent and regex by @ahrav in #1061 * update webex detector regex by @ahrav in #1062 * Handle errors in a thread safe manner by @ahrav in #1052 * Add TruffleHog version input for GitHub action by @mcastorina in #1064 * Revert "Add TruffleHog version input for GitHub action (#1064)" by @mcastorina in #1068 * Pull gitparse config options out of pkg consts by @bill-rich in #1072 * Add include exclude spaces for confluence source. by @ahrav in #1073 * Add max commit size by @bill-rich in #1079 * Make archive handler configurable by @bill-rich in #1077 * [chore] - Add tests for errors by @ahrav in #1071 * Skip repo and continue scanning when encountering an error by @mcastorina in #1080 * [chore] - Dont pre-allocate errors slice by @ahrav in #1083 * Add Type() to detector interface by @trufflesteeeve in #1088 * [chore] Remove logrus from engine package by @mcastorina in #1085 * [chore] Remove logrus from github source by @mcastorina in #1086 * Bump github.com/joho/godotenv from 1.4.0 to 1.5.1 by @dependabot in #1075 * [chore] Remove logrus from circleci, filesystem, gitlab, and s3 sources by @mcastorina in #1089 * [chore] - Remove monolithic config struct by @ahrav in #1091 * Make detectors configurable by @ahrav in #1084 - trufflehog-v3.26.0 * Add openssh-client to trufflehog container by @mcastorina in #1045 * Bump github.com/rabbitmq/amqp091-go from 1.5.0 to 1.6.0 by @dependabot in #1036 * filesystem support for exclude and include filters (2nd attemp) by @mac2000 in #1033 * Fix the typo "programatic" by @nezakoo in #1046 * Add file to confluence proto. by @ahrav in #1049 * Remove false positive detection for CustomRegex by @mcastorina in #1050 - trufflehog-v3.25.4 * fix github integration tests by @dustin-decker in #1042 * Full git log when targeting base merge commit by @bill-rich in #1044 - trufflehog-v3.25.3 * [chore] - Small cleanup of CircleCi source by @ahrav in #1028 * Add concurrency to CircleCi source by @ahrav in #1029 * Bump github.com/getsentry/sentry-go from 0.16.0 to 0.17.0 by @dependabot in #1022 * Bump github.com/xanzy/go-gitlab from 0.77.0 to 0.78.0 by @dependabot in #1024 * Bump github.com/sergi/go-diff from 1.2.0 to 1.3.1 by @dependabot in #1023 * Updated stdout to print results in alphabetical order for consistent output by @0x1 in #1032 * Add location to Teams source metadata by @ahrav in #1034 * Limit diff size to prevent out of control memory use. by @bill-rich in #1035 - trufflehog-v3.25.2 * Use access-token endpoint for validity check by @clonsdale-canva in #991 * Record timestamp when a context was cancelled by @mcastorina in #1018 * remove logger from retryable client, it is not respecting loglevels by @dustin-decker in #1020 ------------------------------------------------------------------- Thu Jan 12 13:41:09 UTC 2023 - Pavel Dostál <pdostal@suse.com> - trufflehog-v3.25.1 * Update entrypoint by @ahrav in #1013 * Copy metadata for line number aware sources by @bill-rich in #1011 * Rename and export isGitSource by @bill-rich in #1016 * Fix GitUrl Return by @pulkitanz in #987 * Bump goreleaser/goreleaser-action from 3 to 4 by @dependabot in #980 * Switch to retryableHttpClient for GitHub AuthN API Client + More Logs by @yilmi in #995 * Bump cloud.google.com/go/secretmanager from 1.9.0 to 1.10.0 by @dependabot in #1006 * Bump github.com/go-git/go-git/v5 from 5.5.1 to 5.5.2 by @dependabot in #1007 * Bump github.com/hashicorp/go-retryablehttp from 0.7.1 to 0.7.2 by @dependabot in #1008 * Bump golang.org/x/crypto from 0.4.0 to 0.5.0 by @dependabot in #1009 * Handle invalid regex for custom detector. by @ahrav in #1005 * Capture callstack of canceled contexts by @mcastorina in #979 * Validate custom regular expressions on detector initialization by @mcastorina in #1010 * fix: do not override base parameter with default in GitHub Action by @clarkedb in #1004 * Fix GitUrl Return by @pulkitanz in #987 * Bump goreleaser/goreleaser-action from 3 to 4 by @dependabot in #980 * Switch to retryableHttpClient for GitHub AuthN API Client + More Logs by @yilmi in #995 * Bump cloud.google.com/go/secretmanager from 1.9.0 to 1.10.0 by @dependabot in #1006 * Bump github.com/go-git/go-git/v5 from 5.5.1 to 5.5.2 by @dependabot in #1007 * Bump github.com/hashicorp/go-retryablehttp from 0.7.1 to 0.7.2 by @dependabot in #1008 * Bump golang.org/x/crypto from 0.4.0 to 0.5.0 by @dependabot in #1009 * Handle invalid regex for custom detector. by @ahrav in #1005 * Capture callstack of canceled contexts by @mcastorina in #979 * Validate custom regular expressions on detector initialization by @mcastorina in #1010 * Allow for default value to be used in GHA Workflow by @ahrav in #999 * Add Circle CI source by @dustin-decker in #997 * Remove ctx from source structs by @ahrav in #986 * Removing Debug version Println to logrus debug - Issue #992 by @yilmi in #993 * Make GA action default base an empty string. by @ahrav in #996 ------------------------------------------------------------------- Thu Dec 22 16:46:59 UTC 2022 - Pavel Dostál <pdostal@suse.com> - Change the minimal version of Go from 1.14 to 1.18 ------------------------------------------------------------------- Thu Dec 22 15:51:49 UTC 2022 - Pavel Dostál <pdostal@suse.com> - Bump github.com/xanzy/go-gitlab from 0.76.0 to 0.77.0 by @dependabot in #981 - Bump golang.org/x/crypto from 0.3.0 to 0.4.0 by @dependabot in #982 - Add configuration parsing and custom detectors to engine by @mcastorina in #968 - Add custom regex detector docs by @mcastorina in #983 - Remove custom log leveler by @mcastorina in #985
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor