From d7990edd7642336a2e421ebb17ce2bff71053c9f40c84dbcf7aac13e55e421be Mon Sep 17 00:00:00 2001 From: Jeff Kowalczyk Date: Tue, 11 Feb 2025 14:58:40 +0000 Subject: [PATCH] - Update to version 3.88.6: * optimized and updated mailgun analyzer (#3899) * fix(deps): update module github.com/go-ldap/ldap/v3 to v3.4.10 (#3896) * fix(deps): update module github.com/go-git/go-git/v5 to v5.13.2 (#3895) * fix(deps): update module github.com/gabriel-vasile/mimetype to v1.4.8 (#3894) * fix(deps): update module github.com/aws/aws-sdk-go to v1.55.6 (#3893) * chore(deps): update dependency go to v1.23.6 (#3889) * fixed square analyzer client error (#3887) * Merge analyze tui with trufflehog tui (#3735) * Exported Ahocorasick core in engine (#3880) * fixed sourcegraph analyzer (#3877) OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/trufflehog?expand=0&rev=179 --- .gitattributes | 23 + .gitignore | 1 + _service | 17 + _servicedata | 4 + trufflehog-3.79.0.obscpio | 3 + trufflehog-3.80.0.obscpio | 3 + trufflehog-3.80.1.obscpio | 3 + trufflehog-3.80.5.obscpio | 3 + trufflehog-3.81.10.obscpio | 3 + trufflehog-3.81.9.obscpio | 3 + trufflehog-3.82.1.obscpio | 3 + trufflehog-3.82.11.obscpio | 3 + trufflehog-3.82.12.obscpio | 3 + trufflehog-3.82.13.obscpio | 3 + trufflehog-3.82.6.obscpio | 3 + trufflehog-3.82.7.obscpio | 3 + trufflehog-3.82.9.obscpio | 3 + trufflehog-3.83.2.obscpio | 3 + trufflehog-3.83.4.obscpio | 3 + trufflehog-3.83.5.obscpio | 3 + trufflehog-3.83.6.obscpio | 3 + trufflehog-3.83.7.obscpio | 3 + trufflehog-3.84.1.obscpio | 3 + trufflehog-3.84.2.obscpio | 3 + trufflehog-3.85.0.obscpio | 3 + trufflehog-3.86.0.obscpio | 3 + trufflehog-3.86.1.obscpio | 3 + trufflehog-3.87.2.obscpio | 3 + trufflehog-3.88.0.obscpio | 3 + trufflehog-3.88.1.obscpio | 3 + trufflehog-3.88.2.obscpio | 3 + trufflehog-3.88.3.obscpio | 3 + trufflehog-3.88.4.obscpio | 3 + trufflehog-3.88.5.obscpio | 3 + trufflehog-3.88.6.obscpio | 3 + trufflehog.changes | 3528 ++++++++++++++++++++++++++++++++++++ trufflehog.obsinfo | 4 + trufflehog.spec | 55 + vendor.tar.gz | 3 + 39 files changed, 3728 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 _service create mode 100644 _servicedata create mode 100644 trufflehog-3.79.0.obscpio create mode 100644 trufflehog-3.80.0.obscpio create mode 100644 trufflehog-3.80.1.obscpio create mode 100644 trufflehog-3.80.5.obscpio create mode 100644 trufflehog-3.81.10.obscpio create mode 100644 trufflehog-3.81.9.obscpio create mode 100644 trufflehog-3.82.1.obscpio create mode 100644 trufflehog-3.82.11.obscpio create mode 100644 trufflehog-3.82.12.obscpio create mode 100644 trufflehog-3.82.13.obscpio create mode 100644 trufflehog-3.82.6.obscpio create mode 100644 trufflehog-3.82.7.obscpio create mode 100644 trufflehog-3.82.9.obscpio create mode 100644 trufflehog-3.83.2.obscpio create mode 100644 trufflehog-3.83.4.obscpio create mode 100644 trufflehog-3.83.5.obscpio create mode 100644 trufflehog-3.83.6.obscpio create mode 100644 trufflehog-3.83.7.obscpio create mode 100644 trufflehog-3.84.1.obscpio create mode 100644 trufflehog-3.84.2.obscpio create mode 100644 trufflehog-3.85.0.obscpio create mode 100644 trufflehog-3.86.0.obscpio create mode 100644 trufflehog-3.86.1.obscpio create mode 100644 trufflehog-3.87.2.obscpio create mode 100644 trufflehog-3.88.0.obscpio create mode 100644 trufflehog-3.88.1.obscpio create mode 100644 trufflehog-3.88.2.obscpio create mode 100644 trufflehog-3.88.3.obscpio create mode 100644 trufflehog-3.88.4.obscpio create mode 100644 trufflehog-3.88.5.obscpio create mode 100644 trufflehog-3.88.6.obscpio create mode 100644 trufflehog.changes create mode 100644 trufflehog.obsinfo create mode 100644 trufflehog.spec create mode 100644 vendor.tar.gz diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/_service b/_service new file mode 100644 index 0000000..9c6677b --- /dev/null +++ b/_service @@ -0,0 +1,17 @@ + + + https://github.com/trufflesecurity/trufflehog.git + git + main + v3.88.6 + v(.*) + enable + + + + + *.tar + gz + + + diff --git a/_servicedata b/_servicedata new file mode 100644 index 0000000..911e64b --- /dev/null +++ b/_servicedata @@ -0,0 +1,4 @@ + + + https://github.com/trufflesecurity/trufflehog.git + f3237c5f1eab4a6ea214fb0fe3508e299335db86 \ No newline at end of file diff --git a/trufflehog-3.79.0.obscpio b/trufflehog-3.79.0.obscpio new file mode 100644 index 0000000..d941ced --- /dev/null +++ b/trufflehog-3.79.0.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:be54ea22e90d969f34cd9f2b393a62c56394cd03bc05f7413f9c2a817e39e609 +size 10210317 diff --git a/trufflehog-3.80.0.obscpio b/trufflehog-3.80.0.obscpio new file mode 100644 index 0000000..ecb6d73 --- /dev/null +++ b/trufflehog-3.80.0.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:af283aded7f06f784f832e48ec4db8ee79d32d845d41b883367bb6e039aa7426 +size 10375181 diff --git a/trufflehog-3.80.1.obscpio b/trufflehog-3.80.1.obscpio new file mode 100644 index 0000000..3e5972a --- /dev/null +++ b/trufflehog-3.80.1.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6d6f98d5e9967905dfa87b8ea2c3d4249c23a4c8d133610dc7c7fd0a6b340fc8 +size 10382349 diff --git a/trufflehog-3.80.5.obscpio b/trufflehog-3.80.5.obscpio new file mode 100644 index 0000000..3eb97af --- /dev/null +++ b/trufflehog-3.80.5.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3499aafdf1491843151553aa5db49314c4a7bd0af69dd43a5887d62ef1acdc51 +size 10788877 diff --git a/trufflehog-3.81.10.obscpio b/trufflehog-3.81.10.obscpio new file mode 100644 index 0000000..5703790 --- /dev/null +++ b/trufflehog-3.81.10.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7fd233766cc0eed0385867043d4fcfae6d12bcb5dc3e669ff1a3eb966fe466a3 +size 12038669 diff --git a/trufflehog-3.81.9.obscpio b/trufflehog-3.81.9.obscpio new file mode 100644 index 0000000..d1cd04b --- /dev/null +++ b/trufflehog-3.81.9.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:54b8053e27cd296356171f82951125ef6d203b8adab7791563b5fd47f6fdc818 +size 10887181 diff --git a/trufflehog-3.82.1.obscpio b/trufflehog-3.82.1.obscpio new file mode 100644 index 0000000..b2f6da0 --- /dev/null +++ b/trufflehog-3.82.1.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8100af3bb00ce17e76440de51064ebb43208a39276c10263d9c0a25a5f2962b2 +size 14098957 diff --git a/trufflehog-3.82.11.obscpio b/trufflehog-3.82.11.obscpio new file mode 100644 index 0000000..bda1f6c --- /dev/null +++ b/trufflehog-3.82.11.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7571d2cf9b77e0f05bdbeeaa9172b33fbacc3b84a9f2d2b0de07991254ab8d93 +size 14547469 diff --git a/trufflehog-3.82.12.obscpio b/trufflehog-3.82.12.obscpio new file mode 100644 index 0000000..f21d5a3 --- /dev/null +++ b/trufflehog-3.82.12.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c085ec55b7149b724a7df8b0817d628b6ab984fdbe970d7fa98ffe66961ad7ba +size 14542861 diff --git a/trufflehog-3.82.13.obscpio b/trufflehog-3.82.13.obscpio new file mode 100644 index 0000000..9924826 --- /dev/null +++ b/trufflehog-3.82.13.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2feadfad9b0fd5f1602ccb7228d6b21da9f67608e173f3f62e34df3fd438c7e1 +size 14537741 diff --git a/trufflehog-3.82.6.obscpio b/trufflehog-3.82.6.obscpio new file mode 100644 index 0000000..9541846 --- /dev/null +++ b/trufflehog-3.82.6.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7f6d290eb2ac6018e183eefd5d2e47110d750c45504a28bf2ddae83be756c6b4 +size 14388237 diff --git a/trufflehog-3.82.7.obscpio b/trufflehog-3.82.7.obscpio new file mode 100644 index 0000000..960070b --- /dev/null +++ b/trufflehog-3.82.7.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7814725204a4a7f8b2a19dae6b06bc47602d1636b031cdeacf4a837379b9be35 +size 14482445 diff --git a/trufflehog-3.82.9.obscpio b/trufflehog-3.82.9.obscpio new file mode 100644 index 0000000..06c719e --- /dev/null +++ b/trufflehog-3.82.9.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:23a3ecddd86e5d3a7ef75dc23b359eb62705be4d58caabc8e0faf1500013d8cc +size 14541325 diff --git a/trufflehog-3.83.2.obscpio b/trufflehog-3.83.2.obscpio new file mode 100644 index 0000000..01f925a --- /dev/null +++ b/trufflehog-3.83.2.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:abd0c001871755386fa8c8217026609f4ff01298200dc20629f8d5528c9b43bb +size 14600205 diff --git a/trufflehog-3.83.4.obscpio b/trufflehog-3.83.4.obscpio new file mode 100644 index 0000000..bb9e448 --- /dev/null +++ b/trufflehog-3.83.4.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b6a8f786c327ea3825c7043698e4621b8866d03802f6edb8cb9f312f9cb886cd +size 14838797 diff --git a/trufflehog-3.83.5.obscpio b/trufflehog-3.83.5.obscpio new file mode 100644 index 0000000..b4d287f --- /dev/null +++ b/trufflehog-3.83.5.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1e70e2548652a08e1f4879af9a8f59d30ad17ac268b4e10998d31554cdf4b2a3 +size 15040525 diff --git a/trufflehog-3.83.6.obscpio b/trufflehog-3.83.6.obscpio new file mode 100644 index 0000000..f2885c3 --- /dev/null +++ b/trufflehog-3.83.6.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:78c441c0d2946aa08b0012943d3ea50283d8a2546d6f827c2922fe565d1960ba +size 15040525 diff --git a/trufflehog-3.83.7.obscpio b/trufflehog-3.83.7.obscpio new file mode 100644 index 0000000..047ac7a --- /dev/null +++ b/trufflehog-3.83.7.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a4bc84fbcb19d3e3879fad684585a752c9ffaa02899c5e01eda14dbda116fdb4 +size 15480845 diff --git a/trufflehog-3.84.1.obscpio b/trufflehog-3.84.1.obscpio new file mode 100644 index 0000000..b7e993b --- /dev/null +++ b/trufflehog-3.84.1.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:825a8c5045e5bb3628f425f3be8696498b936c21b28c7f31be50f73f31670ae7 +size 15887373 diff --git a/trufflehog-3.84.2.obscpio b/trufflehog-3.84.2.obscpio new file mode 100644 index 0000000..7334892 --- /dev/null +++ b/trufflehog-3.84.2.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:be43272e85e50db4db4bf97445edd209703e5853eb07d68d4810754086335f41 +size 16176653 diff --git a/trufflehog-3.85.0.obscpio b/trufflehog-3.85.0.obscpio new file mode 100644 index 0000000..64253d9 --- /dev/null +++ b/trufflehog-3.85.0.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5a6bd900fba8ce87d1ab18de5e53fa02d43e69cfcc490542571cfdd9f3d8eabd +size 16190989 diff --git a/trufflehog-3.86.0.obscpio b/trufflehog-3.86.0.obscpio new file mode 100644 index 0000000..d5ab14b --- /dev/null +++ b/trufflehog-3.86.0.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:eee771ffeb4ff8bcc4bc223fd579986ee0d65caf71c4ca159c4df02cd55ce3c6 +size 16406541 diff --git a/trufflehog-3.86.1.obscpio b/trufflehog-3.86.1.obscpio new file mode 100644 index 0000000..1d05a93 --- /dev/null +++ b/trufflehog-3.86.1.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6a9939467a308b71b57da092531ed148199822579023b84d01f4fcfd31de1bb0 +size 16410125 diff --git a/trufflehog-3.87.2.obscpio b/trufflehog-3.87.2.obscpio new file mode 100644 index 0000000..2b70a17 --- /dev/null +++ b/trufflehog-3.87.2.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2400e963fc83b71bedd47573613207c0c7f82a7b7f910a74dddaed3e21c8ff88 +size 16832013 diff --git a/trufflehog-3.88.0.obscpio b/trufflehog-3.88.0.obscpio new file mode 100644 index 0000000..fd64043 --- /dev/null +++ b/trufflehog-3.88.0.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0a8c57c47aa56c514a6801c2a5990a6d7998281f0c8a0ee0817aef5ba9de84ec +size 16864269 diff --git a/trufflehog-3.88.1.obscpio b/trufflehog-3.88.1.obscpio new file mode 100644 index 0000000..f39cea0 --- /dev/null +++ b/trufflehog-3.88.1.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:875106a1841b72cd756a00ed931e95195284dcd65d204559e8e7713ca48b0e3e +size 16854029 diff --git a/trufflehog-3.88.2.obscpio b/trufflehog-3.88.2.obscpio new file mode 100644 index 0000000..5a61f7b --- /dev/null +++ b/trufflehog-3.88.2.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1d8aa2dbdbc4555e6a4fccdcbee6d2553d40c7f668f8c671552ef7ec09a9dbf1 +size 16863757 diff --git a/trufflehog-3.88.3.obscpio b/trufflehog-3.88.3.obscpio new file mode 100644 index 0000000..26e5fd5 --- /dev/null +++ b/trufflehog-3.88.3.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b2f68a773c6fedb2c2206a4e52841124bfe88be73b89c64f31a0e92325dbcaa0 +size 16828429 diff --git a/trufflehog-3.88.4.obscpio b/trufflehog-3.88.4.obscpio new file mode 100644 index 0000000..424819d --- /dev/null +++ b/trufflehog-3.88.4.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9b5d90a41a89be9b9d9c1f41c7736da810881e169d304c4d68dd960959ddba79 +size 16866829 diff --git a/trufflehog-3.88.5.obscpio b/trufflehog-3.88.5.obscpio new file mode 100644 index 0000000..0e5ed7a --- /dev/null +++ b/trufflehog-3.88.5.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b69c7ea428edd8b7efac675a86ba1f03d8e1de881cdc4966615cf868e74a8ab0 +size 16936973 diff --git a/trufflehog-3.88.6.obscpio b/trufflehog-3.88.6.obscpio new file mode 100644 index 0000000..8371e9d --- /dev/null +++ b/trufflehog-3.88.6.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:41fffc95b6e11bfd6874145e3aefa31520fc486404ea33c0d5b35d3694ca1768 +size 16942093 diff --git a/trufflehog.changes b/trufflehog.changes new file mode 100644 index 0000000..d9716c7 --- /dev/null +++ b/trufflehog.changes @@ -0,0 +1,3528 @@ +------------------------------------------------------------------- +Tue Feb 11 07:18:11 UTC 2025 - felix.niederwanger@suse.de + +- Update to version 3.88.6: + * optimized and updated mailgun analyzer (#3899) + * fix(deps): update module github.com/go-ldap/ldap/v3 to v3.4.10 (#3896) + * fix(deps): update module github.com/go-git/go-git/v5 to v5.13.2 (#3895) + * fix(deps): update module github.com/gabriel-vasile/mimetype to v1.4.8 (#3894) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.55.6 (#3893) + * chore(deps): update dependency go to v1.23.6 (#3889) + * fixed square analyzer client error (#3887) + * Merge analyze tui with trufflehog tui (#3735) + * Exported Ahocorasick core in engine (#3880) + * fixed sourcegraph analyzer (#3877) + +------------------------------------------------------------------- +Fri Feb 07 10:39:37 UTC 2025 - felix.niederwanger@suse.com + +- Update to version 3.88.5: + * fix(deps): update github.com/tailscale/depaware digest to b748de0 (#3883) + * Feature: Airtable OAuth Detector (#3868) + * disable noisy detector (#3876) + * Compress release with UPX (#3456) + * Use smaller array to count commits in the GHA action (#3864) + * [SCAN-165] Use Err Reporting (#3862) + * [Feat] PrivateKey Analyzer (#3854) + * fix base on initial commits (#3586) + * feat(detectors): create azure refresh token (#2978) + * Enable Auth0 (#3857) + +------------------------------------------------------------------- +Fri Jan 31 10:48:12 UTC 2025 - felix.niederwanger@suse.de + +- Update to version 3.88.4: + * Support exclude regexes, excludewords, and entropy filters for custom detectors (#3860) + * Update postman metadata (#3852) + +------------------------------------------------------------------- +Thu Jan 30 07:13:22 UTC 2025 - felix.niederwanger@suse.de + +- Update to version 3.88.3: + * [Fix] use unrestricted http client only for non-safe requests (#3847) + * update jenkins err message (#3855) + * use first capture group in custom detector regex if available (#3853) + * fix typo (#3846) + * fixed sentry auth token detector (#3827) + * Removed global variable scanning implementationfor Postman (#3843) + * raw (#3845) + * fix(ngrok): panic from broken pattern (#3844) + * chore(detectors): remove match len check (#2746) + * feat(uri): update detector (#3656) + * fix import issue (#3842) + * create new unrestricted analyzer client to not filter out unsafe success requests (#3841) + * issue:3838 - fixed common email pattern (#3840) + * Run detector tests from test workflow #3839 + * chore: run unit tests (#3773) + * fixed jirav1 detector email pattern (#3826) + * Support for Customize Endpoint in Gitlab Analyzer (#3832) + +------------------------------------------------------------------- +Sat Jan 11 20:58:18 UTC 2025 - felix.niederwanger@suse.com + +- Update to version 3.88.2: + * oss-87: added new sanity detector (#3836) + * Update log for large s3 file (#3835) + * [chore] Use static token in GitHub source (#3834) + +------------------------------------------------------------------- +Tue Jan 07 19:03:23 UTC 2025 - felix.niederwanger@suse.com + +- Update to version 3.88.1: + * added token_revoke status condition in slack api detector (#3831) + * feat(scrapingbee): tweak detections (#3820) + * [chore] - remove resumption option (#3830) + * Deprecated RockSet and RestPack detectors (#3812) + * fix(deps): update module github.com/go-git/go-git/v5 to v5.13.0 [security] (#3829) + * stop using context.TODO in archive handler (#3809) + * fixed bombbomb detector pattern test as part of issue 3817 (#3825) + * fixed github issue 3821 for string shannon entropy test (#3824) + * fixed github issue 3819 for endpoint customizer tests (#3823) + * fixed github issue 3774 for custom detector secret size (#3816) + +------------------------------------------------------------------- +Mon Dec 23 06:44:33 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.88.0: + * Implement verification cache (#3801) + * fix(deps): update module github.com/googleapis/gax-go/v2 to v2.14.1 (#3805) + * fix(deps): update module google.golang.org/api to v0.214.0 (#3806) + * [Fix] detector's integration tests starting with alphabet 'm' (#3807) + * Disabled blocknative detector (#3804) + * fixed website pulse detector integration tests (#3776) + * fixed netlify detector integration tests (#3797) + * fixed integration test for neutrinoapi detector (#3796) + * fixed integration test for opsgenie detector (#3795) + * fixed plivo detector integration test (#3794) + * Update docs from --only-verified with --results (#3798) + * Added new detector for Twilio APIKey (#3803) + +------------------------------------------------------------------- +Thu Dec 19 09:54:15 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.87.2: + * fix(deps): update module golang.org/x/net to v0.33.0 [security] (#3800) + * [fix] - integer types (#3793) + +------------------------------------------------------------------- +Wed Dec 18 15:37:48 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.87.0: + * fix(deps): update module github.com/elastic/go-elasticsearch/v8 to v8.17.0 (#3789) + * fix const type (#3792) + * fix(deps): update module google.golang.org/api to v0.213.0 (#3790) + * fix(deps): update golang.org/x/exp digest to b2144cd (#3788) + * fix(deps): update module google.golang.org/protobuf to v1.36.0 (#3787) + * fix(deps): update module google.golang.org/api to v0.212.0 (#3786) + * fix(deps): update github.com/mholt/archives digest to 23e0af8 (#3785) + * fix(deps): update golang.org/x/exp digest to 4a55095 (#3779) + * fix(deps): update module github.com/go-ldap/ldap/v3 to v3.4.9 (#3781) + * feat(engine): make |detectionTimeout| configurable (#3768) + * updated pusher channel key detector and fixed it's integration tests (#3782) + * fix: corrected verification endpoint & validation logic for bombbomb (#3462) + * fix test (#3780) + * fix(deps): update module pault.ag/go/debian to v0.18.0 (#3778) + * fix(deps): update module github.com/jedib0t/go-pretty/v6 to v6.6.5 (#3777) + * fixed vouchery detector integration tests (#3775) + * updated and added pattern tests for detectors w-z (#3771) + * updated and fixed typeform detectors (#3769) + * [UPDATE] Updated plaidkey detector results, and added uniqueness check (#3709) + * Added pattern unit tests for detectors starting with the letters r through s (#3752) + +------------------------------------------------------------------- +Thu Dec 12 08:00:04 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.86.1: + * updated tickettailor detector (#3766) + * fix(deps): update module golang.org/x/crypto to v0.31.0 (#3767) + * fix(deps): update golang.org/x/exp digest to 1829a12 (#3761) + * [refactor] - s3 metrics (#3760) + * [Fix] detector's integration tests starting with alphabet 'g' (#3765) + * [Fix] detector's integration tests starting with alphabet 'e' & 'f' (#3764) + * updated testingbot detector and it's integration tests (#3763) + * fix(deps): update module google.golang.org/api to v0.211.0 (#3759) + * fix(deps): update golang.org/x/exp digest to 1443442 (#3758) + +------------------------------------------------------------------- +Tue Dec 10 19:57:40 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.86.0: + * Add new detector for Twitch OAuth Access Tokens (#3756) + * Fix SatisMeter Detector (#3692) + * updated and added pattern tests for detectors t-v (#3753) + * Fixed stripe detector integration tests (#3754) + * fixed scrapingAnt detector (#3736) + * [chore] - Upgrade `Archiver` dependency (#3743) + * fix(deps): update module github.com/jedib0t/go-pretty/v6 to v6.6.4 (#3751) + * fixed slack detector integration tests (#3748) + * fixed skybiometery detector and integration tests (#3747) + * [Fix] detector's integration tests starting with alphabet 'd' (#3750) + * [Fix] detector's integration tests starting with alphabet 'c' (#3749) + * [Fix] detector's integration tests starting with alphabet 'b' (#3746) + * [Fix] detector's integration tests starting with alphabet 'A' (#3745) + * fixed shopify integration test (#3744) + +------------------------------------------------------------------- +Mon Dec 09 08:54:36 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.85.0: + * chore(deps): update alpine docker tag to v3.21 (#3739) + * fix(deps): update module github.com/microsoft/go-mssqldb to v1.8.0 (#3741) + * fix(deps): update module cloud.google.com/go/storage to v1.48.0 (#3740) + * fix(deps): update golang.org/x/exp digest to 43b7b7c (#3737) + * fix(deps): update module github.com/snowflakedb/gosnowflake to v1.12.1 (#3738) + * fix(deps): update module google.golang.org/api to v0.210.0 (#3732) + * fix(deps): update module golang.org/x/crypto to v0.30.0 (#3733) + * feat: replace --only-verified with --results in docs/precommit (#3643) + * updated twilio detector (#3734) + * Add analysis info for GCP creds (#3727) + * fix(deps): update module golang.org/x/text to v0.21.0 (#3731) + * fix(deps): update module golang.org/x/sync to v0.10.0 (#3730) + * feat(typeform): add v2 detector for new key formats (#3660) + * chore(deps): update dependency go to v1.23.4 (#3726) + * fix(deps): update module github.com/getsentry/sentry-go to v0.30.0 (#3725) + * Add additional canary ID (#3720) + +------------------------------------------------------------------- +Mon Dec 02 20:39:09 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.84.2: + * Auto packing the repository in background for optimum performance. + * See "git help gc" for manual housekeeping. + * fix(deps): update module github.com/aymanbagabas/go-osc52 to v2 (#3715) + * [refactor] - `detectorKeywordMatcher` initialization (#3687) + * fix typo (#3683) + * upgrade Github dep (#3699) + * Added how to scan a local git repo (#3593) + * Add Flexport detector (#3633) + * add pkg level doc (#3684) + * Improved cloudflarecakey detector (#3688) + * fixed and updated satismeterwritekey detector (#3693) + * feat(cli): fine-grained log level (#3703) + * fixed scalr detector integration test (#3707) + * Fix/saucelabs detector (#3696) + * fixed issue#3701 (#3711) + * added and updated pattern tests for detectors starting from p to q (#3710) + * fix(deps): update module github.com/wasilibs/go-re2 to v1.8.0 (#3695) + * updated the function names of new pattern tests for detetors n through o (#3691) + * fix(deps): update module github.com/jedib0t/go-pretty/v6 to v6.6.3 (#3690) + * Added pattern unit tests for detectors starting with the letters n through o (#3685) + * fixed api flash detector (#3666) + * [feat] - S3 metrics (#3577) + * chore(deps): update jaxxstorm/action-install-gh-release action to v1.14.0 (#3672) + * fix(deps): update module github.com/couchbase/gocb/v2 to v2.9.3 (#3682) + * Add Scan method to SourceManager to scan a single SourceUnit (#3650) + * [scan-9] Update enumeration logic (#3626) + * test: fix multiple package names (#3661) + +------------------------------------------------------------------- +Sun Nov 24 08:36:57 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.84.1: + * fix(deps): update module github.com/stretchr/testify to v1.10.0 (#3659) + * [feat] - Support S3 Source Resumption (#3570) + * [refactor] - Rename S3 ProgressTracker (#3652) + * Separate org listing error from finding 0 members error cases (#3654) + * fix(deps): update module google.golang.org/api to v0.209.0 (#3655) + * fix(algolia): 403 is invalid (#3653) + * Recover general chunker panics (#3625) + * updated buildkite detectors (#3611) + * added godaddy detector (#3615) + * fix(deps): update module google.golang.org/api to v0.208.0 (#3647) + * fix test (#3641) + * fixed test failure (#3646) + * fix(gcp): handle quoted JSON (#2865) + * build: remove golang-jwt@v4 (#3644) + * build: remove azure sdk (#3642) + * feat(algolia): upgrade detector (#3613) + * fix(azure_storage): use DefaultMultiPartCredentialProvider (#3639) + * feat(hubspot): update v1 detector (#2845) + * fix(deps): update module github.com/azuread/microsoft-authentication-library-for-go to v1.3.2 (#3617) + * feat(azurecr): update detector (#3632) + * feat(azure): improve connstring matching (#2097) + * fixing databricks detector for azure workspaces (#3038) + * feat(detectors): create azure_entra base package (#2985) + * feat(azure): create openai detector (#2347) + * feat: cleanup AWS detector logic (#3583) + * added handling of forbidden state in slack webhook detector. (#3635) + * fix(deps): update module github.com/gabriel-vasile/mimetype to v1.4.7 (#3636) + * fixed github classic token analyzer expiry time (#3624) + * fix(deps): update module google.golang.org/api to v0.207.0 (#3630) + * Add log.ToLogger and log.ToSlogger helper functions (#3629) + * Remove unused findLevel function (#3628) + * chore: fix function name in comment (#3616) + * Update CODEOWNERS (#3627) + * Added pattern unit tests for detectors starting with the letters i through m (#3614) + * fix(deps): update module github.com/jedib0t/go-pretty/v6 to v6.6.2 (#3623) + * fix(deps): update module github.com/xanzy/go-gitlab to v0.114.0 (#3621) + * feat(mongodb): increase timeout to 5 seconds (#3620) + * [chore] Log non-fatal errors encountered during a scan (#3612) + * add comment to close reader (#3622) + * [fix] - Close the BufferedReadSeekr after use (#3618) + * Add GitLab shared exclusion flag (#3572) + * Feat: Added ZohoCRM detector (#3516) + +------------------------------------------------------------------- +Sun Nov 17 12:32:43 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.83.7: + * chore: fix typos in comments and tests; enable misspell (#3573) + * [feat] - S3 Progress Tracker (#3568) + * [feat] - Introduce Fatal/Non-Fatal File Handling Errors (#3521) + * [refactor] - Add DataOrErr (#3520) + * [refactor] - Adjust File Handling Errors (#3519) + * [fix] - Improve UTF8 decoder's handling of non-printable characters (#3588) + * [bug] - correctly capture db type for postgres detector (#3610) + * Add support for scanning APK files (#3517) + * feat(opsgenie): update detector (#3608) + * fix(deps): update module google.golang.org/api to v0.206.0 (#3609) + * fix(deps): update module cloud.google.com/go/storage to v1.47.0 (#3607) + * fix(deps): update module github.com/elastic/go-elasticsearch/v8 to v8.16.0 (#3606) + * fix(deps): update module github.com/bradleyfalzon/ghinstallation/v2 to v2.12.0 (#3600) + * chore(deps): update jaxxstorm/action-install-gh-release action to v1.13.0 (#3599) + * fix(deps): update module golang.org/x/oauth2 to v0.24.0 (#3605) + * build: upgrade go-debian to v0.17.0 (#3603) + * fix(deps): update module google.golang.org/protobuf to v1.35.2 (#3604) + * fix(deps): update module github.com/googleapis/gax-go/v2 to v2.14.0 (#3601) + * fix(deps): update module github.com/schollz/progressbar/v3 to v3.17.1 (#3598) + * golangci-lint: replace exportloopref with copyloopvar and remove the copy of the 'for' variables (#3591) + * chore(deps): update module github.com/trufflesecurity/overseer to v1.2.8 (#3596) + * fix(deps): update golang.org/x/exp digest to 2d47ceb (#3595) + * chore(deps): update mikepenz/action-junit-report action to v5 (#3553) + * feat: added check for valid git commit and warning message (#3413) + * fix(deps): update module github.com/azuread/microsoft-authentication-library-for-go to v1.3.1 (#3566) + * fix(deps): update module github.com/xanzy/go-gitlab to v0.113.0 (#3562) + * Add Detector Description to JSON output (#3404) + * added pattern test cases for F, G and H alphabet detectors (#3590) + * remove unused embedded struct (#3592) + * chore: increase level for verbose log (#3589) + * fix(giturl): encode % (#2982) + * chore: sort defaults.go (#3587) + * Added pattern test cases for Alphabet D and E detectors (#3584) + * feat(airtable): update detector (#3581) + +------------------------------------------------------------------- +Mon Nov 11 08:33:20 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.83.6: + * chore: log false positive result as string (#3582) + * feat: log why false positives are skipped (#3579) + +------------------------------------------------------------------- +Sat Nov 09 09:47:31 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.83.5: + * remove Analyze protos from gen_protos.sh #3571 + * fix(jdbc): ignore invalid sqlserver URLs (#3429) + * Added pattern test cases for detectors starting with Alphabet C (#3564) + * added name back in extradata (#3569) + * feat(mailgun): update detector (#2679) + * fix(fetchrss): update detector logic (#2844) + * Add UUIDs to false positive checker (#2976) + * feat(sumologic): update detector (#3511) + * fix(mongodb): ignore invalid URLs (#3440) + * fix(rabbitmq): add dial timeout (#3421) + +------------------------------------------------------------------- +Thu Nov 07 11:14:46 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.83.4: + * add config option for s3 resumption (#3563) + * added pattern test cases for detectors starting with b (#3559) + * added pattern test cases for all detectors starting with Alphabet `a` (#3539) + * validate if twitter services are more than one before accessing it. (#3565) + +------------------------------------------------------------------- +Wed Nov 06 09:50:46 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.83.3: + * fix(deps): update module github.com/azuread/microsoft-authentication-library-for-go to v1.3.0 (#3561) + * [bug] - Correct Line Number Calculation (#3550) + * set verification error if failed to decode body (#3560) + * Add owner to github tokens (#3558) + * [feat] - Add Weights and Biases detector (#3551) + * [chore] - minor cleanup S3 source (#3554) + * fix(deps): update module github.com/golang-jwt/jwt/v4 to v4.5.1 (#3555) + * stop logging all GitLab projects (#3541) + * fix(deps): update module cloud.google.com/go/storage to v1.46.0 (#3544) + * fix(deps): update module github.com/snowflakedb/gosnowflake to v1.12.0 (#3531) + * fix(deps): update module google.golang.org/api to v0.204.0 (#3543) + * fix(deps): update module github.com/azuread/microsoft-authentication-library-for-go to v1.2.3 (#3540) + +------------------------------------------------------------------- +Thu Oct 31 15:29:58 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.83.2: + * fixed gitlab extradata overwriting (#3537) + +------------------------------------------------------------------- +Thu Oct 31 10:46:20 UTC 2024 - Felix Niederwanger + +- Update to version 3.83.1: + * standardize email pattern (#3524) + * strip symbol table and DWARF generation (#3534) + * gcp cred not set (#3535) + +------------------------------------------------------------------- +Thu Oct 31 08:07:23 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.83.0: + * fix(deps): update module github.com/brianvoe/gofakeit/v7 to v7.1.2 (#3536) + * gcp cred not set (#3535) + * strip symbol and DWARF tables (#3534) + * standardize email pattern (#3524) + * Add Scanning team to CODEOWNERS (#3533) + * stop logging detailed group info (#3532) + * [analyze] Add Analyzer interface for Gitlab (#3232) + * [feat] Gitlab inclusion globbing (#3500) + * feat: added `v3` API version for the detector `captaindatago` (#3484) + * update aws descriptions (#3529) + * enforce timeout on circleci test (#3528) + * rm snifftest (#3527) + * Redact more source credentials (#3526) + * Create global log redaction capability (#3522) + * Adding basic "what is trufflehog" to the readme (#3514) + * Handle custom detector response and include in extra data (#3411) + * fix: fixed validation logic for `calendarific` (#3480) + * fix(deps): update github.com/tailscale/depaware digest to 3d7f3b3 (#3518) + * Move DecoderType into ResultWithMetadata #3502 + * Addeded 403 account block status code handling for gitlab (#3471) + * updated gcpapplicationdefaultcredentials detector results with RawV2 (#3499) + * fix(deps): update module github.com/brianvoe/gofakeit/v7 to v7.1.1 (#3512) + * fix(deps): update module github.com/schollz/progressbar/v3 to v3.17.0 (#3510) + * fix(deps): update module cloud.google.com/go/secretmanager to v1.14.2 (#3498) + +------------------------------------------------------------------- +Fri Oct 25 19:54:55 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.82.13: + * Adds a logging section in the contributing guidelines (#3509) + * fix: fixed verifcation pattern logic for `bulksms` (#3478) + * Extend `algoliaadminkey` with additional checks (#3459) + * fix(deps): update module google.golang.org/api to v0.203.0 (#3497) + * fix: added correct api endpoint for verification & logic for Aeroworkflow (#3435) + * remove debug log (#3505) + * delete unused code (#3504) + * fix: added correct verification endpoint & validation logic for alegra (#3437) + * fix(deps): update module google.golang.org/api to v0.202.0 (#3496) + * chore: re-order log context fields (#3430) + * fix(deps): update module github.com/fatih/color to v1.18.0 (#3492) + * feat: validation & verification fix for apiscience to apimetrics (#3475) + * fix: fixed validation logic for `cannyio` (#3482) + * update error messages (#3490) + +------------------------------------------------------------------- +Tue Oct 22 06:46:20 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.82.12: + * [fix] - Inadvertent s3 body close (#3491) + * Remove proto (#3489) + * fix(deps): update testcontainers-go monorepo to v0.34.0 (#3488) + * fix(deps): update module github.com/jedib0t/go-pretty/v6 to v6.6.1 (#3487) + * Extract FP logic correctly at other call site #3476 + * fix(deps): update module go.uber.org/mock to v0.5.0 (#3468) + * fix(deps): update module cloud.google.com/go/storage to v1.45.0 (#3467) + * increase timeout to 30s (#3422) + * Update yousign detector endpoints to check againt prod and staging urls (#3426) + * fix: fixed autoklose verification endpoint (#3447) + * fix: fixed verification logic & endpoint for AyrShare (#3452) + +------------------------------------------------------------------- +Fri Oct 18 12:24:31 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.82.11: + * fix timeout (#3460) + * Revert "Compress release with UPX (#3445)" (#3455) + * Compress release with UPX (#3445) + * ignore https as false postive for slackwebhook detector (#3425) + +------------------------------------------------------------------- +Wed Oct 16 06:24:21 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.82.9: + * fix(deps): update module github.com/prometheus/client_golang to v1.20.5 (#3412) + * fix: include integration test in generate.go (#3415) + * Add feature flags to CLI args (#3359) + * fix(deps): update module google.golang.org/api to v0.201.0 (#3416) + * feat: add github comments timeframe filtering (fixes #3388) (#3390) + * [fix] - resource leak (#3402) + * [detector] Implemented Box Detector (#3242) + * feat: propagate file info in log context (#3405) + * fix(deps): update module github.com/xanzy/go-gitlab to v0.112.0 (#3410) + * fix(deps): update module github.com/getsentry/sentry-go to v0.29.1 (#3408) + * fix(deps): update module github.com/gabriel-vasile/mimetype to v1.4.6 (#3407) + +------------------------------------------------------------------- +Sat Oct 12 14:36:22 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.82.8: + * Update SaladCloud description (#3399) + * fix tests (#3400) + * [chore] Update custom detector default description (#3398) + * add description to salad (#3397) + * Add detector for SaladCloud API Keys (#3273) + * fix(deps): update module github.com/xanzy/go-gitlab to v0.111.0 (#3393) + * Add SliceContainsString common util (#3395) + * fix: pr template link to golangci-lint (#3392) + * fix(deps): update golang.org/x/exp digest to f66d83c (#3389) + * Separate detector tests into unit/integration (#3274) + * Manually upgrade github dep (#3387) + * Updated Fastly Personal Token Detector (#3386) + * fix(deps): update module google.golang.org/api to v0.200.0 (#3391) + * [Fix] Snowflake privatelink Support (#3286) + * Enhanced the easyinsight detector (#3384) + +------------------------------------------------------------------- +Tue Oct 08 09:21:03 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.82.7: + * Log skipped files on debug level (#3383) + * build: update retracted bluemonday ver (#3369) + * Fix git binary handling and add a smoke test (#3379) + * fix(deps): update module google.golang.org/protobuf to v1.35.1 (#3382) + * Added Cisco Meraki API Key detector (#3367) + * improved the agora detector (#3360) + * fix(deps): update module github.com/xanzy/go-gitlab to v0.110.0 (#3376) + * fix(deps): update golang.org/x/exp digest to 225e2ab (#3371) + * fix(deps): update module golang.org/x/net to v0.30.0 (#3373) + * fix(deps): update module golang.org/x/crypto to v0.28.0 (#3372) + * chore(deps): update sigstore/cosign-installer action to v3.7.0 (#3368) + * fix(deps): update module cloud.google.com/go/storage to v1.44.0 (#3366) + * fix(deps): update module github.com/schollz/progressbar/v3 to v3.16.1 (#3365) + * [refactor] - Decouple Metrics From Cache Implementation (#3355) + * fix(deps): update module github.com/snowflakedb/gosnowflake to v1.11.2 (#3363) + * Updated Cosign Install URL (#3364) + * fix(deps): update module github.com/jedib0t/go-pretty/v6 to v6.6.0 (#3361) + * Added Pattern test cases for detectors (#3354) + * remove size check (#3351) + * fix(deps): update module go.mongodb.org/mongo-driver to v1.17.1 (#3357) + * [chore] - Rename memory cache package to 'simple' for clarity (#3352) + * Fixed github oauth2 token detector (#3353) + +------------------------------------------------------------------- +Tue Oct 01 08:05:06 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.82.6: + * [feat] - Add SizedLRU Cache (#3344) + * [bug] - Recover From Panic During Archive Handling (#3348) + * [fix] - Use Parent Context in Azure Detector (#3346) + * [chore] - update Go version to 1.23.0 (#3340) + * disable secret scans for community PRs (#3343) + * Enhanced the eraser detector to handle new status code from verification API (#3342) + * [feat] - Add Generic Hasher Interface with Blake2b Implementation (#3337) + * [fix] Move detector initialization to DefaultDetectors function (#3341) + * Improve process cleanup (#3339) + * fix(decoder): prevent race (#3031) + * Add named params to interface methods (#3335) + +------------------------------------------------------------------- +Thu Sep 26 08:17:06 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.82.5: + * fix(deps): update module google.golang.org/api to v0.199.0 (#3336) + * [chore] Ensure testing Endpoints() doesn't silently pass on change (#3334) + * [fix] Correctly initialize detectors with cloud endpoint customization (#3333) + * RailwayApp Detector (#3331) + * fix(deps): update module github.com/couchbase/gocb/v2 to v2.9.2 (#3332) + * Adding Descriptions (#3258) + * update timeout to 60s (#3330) + * Include all detector tests for captain (#3329) + * Use captain for test aggregation (#3328) + * [Fix] (#3306) + * fix(deps): update module google.golang.org/api to v0.198.0 (#3323) + * Endpoint customizer refresh (#3308) + * Ignore glTF & JPEG XL files (#3325) + * fix(deps): update module golang.org/x/oauth2 to v0.23.0 (#3322) + * fix(deps): update module go.uber.org/automaxprocs to v1.6.0 (#3321) + * fix(deps): update module go.mongodb.org/mongo-driver to v1.17.0 (#3319) + * [bug] - Improve seekability check for stdout pipes in BufferedReadSeeker (#3189) + * Improve MongoDB connection string matching (#1550) + * fix(deps): update module github.com/xanzy/go-gitlab to v0.109.0 (#3318) + * [Analyzer] Test and generated permissions for HuggingFace, Square & Stripe (#3294) + * Implement SourceUnitEnumChunker for GitHub (#3298) + * fix(deps): update module github.com/wasilibs/go-re2 to v1.7.0 (#3317) + * fix(deps): update module github.com/schollz/progressbar/v3 to v3.16.0 (#3315) + * hit em w/ a min (#3316) + * fix(deps): update module github.com/snowflakedb/gosnowflake to v1.11.1 (#3313) + * [fix] - Add Size Method to BufferedReadSeeker and Refactor Context Timeout Handling in HandleFile (#3307) + * fix(deps): update module github.com/sendgrid/sendgrid-go to v3.16.0+incompatible (#3312) + * fix(deps): update module github.com/schollz/progressbar/v3 to v3.15.0 (#3311) + * fix(deps): update module github.com/getsentry/sentry-go to v0.29.0 (#3310) + * fix(deps): update module github.com/elastic/go-elasticsearch/v8 to v8.15.0 (#3309) + * Update GitHub enumeration to report unique filtered values (#3292) + * [analyze] Add client filter to detect successful unsafe HTTP requests (#3305) + * fix(deps): update module github.com/prometheus/client_golang to v1.20.4 (#3303) + * fix(deps): update module cloud.google.com/go/secretmanager to v1.14.1 (#3301) + +------------------------------------------------------------------- +Tue Sep 17 07:39:34 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.82.2: + * Instrument GitHub source with a ChunkReporter (#3296) + * fix(deps): update golang.org/x/exp digest to 701f63a (#3291) + * Add user agent suffix feature flag (#3297) + * Fix GitHub analyzer panic on empty organization name (#3295) + * Fix slice initialization error (#3293) + +------------------------------------------------------------------- +Fri Sep 13 12:30:43 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.82.1: + * [analyze] Add analyzer interface for Shopify (#3226) + * [analyze] Add Analyzer for Mailgun (#3206) + * [analyze] Add Analyzer for MySQL (#3193) + * Instrument GitHub source with a UnitReporter (#3284) + * fix(deps): update module github.com/prometheus/client_golang to v1.20.3 (#3279) + * adding pypi v1 support (#3289) + * adding pypi detector (#3287) + * feature flag additional refs (#3282) + * Clarify "no decoder found for chunk" log message (#3001) + * update aha keyword (#3281) + * [chore] - remove unused method and function (#3089) + * Jira Email fix (#3061) + * fix(git): config normalization for git sources (#3278) + * Add detector for Nvidia NGC Personal Keys (#3280) + +------------------------------------------------------------------- +Tue Sep 10 07:48:42 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.81.10: + * GitHub source logger clean up (#3269) + * fix(deps): update module github.com/felixge/fgprof to v0.9.5 (#3277) + * fix(deps): update golang.org/x/exp digest to e7e105d (#3202) + * [chore] Skip analyzer tests in CI (#3270) + * [analyze] Add Analyzer for Postgres (#3192) + * [analyze] Add Analyzer for SourceGraph (#3173) + * [analyze] Add Analyzer for Asana (#3139) + * [analyze] Add Analyzer for Slack (#3207) + * [analyze] Improve SquareUp analyzer and Implemented test (#3231) + * [analyze] Add Analyze interface for Mailchimp (#3225) + * [analyze] Add analyze interface for Bitbucket (#3224) + * [analyze] Add Analyzer for Sendgrid (#3174) + * [analyze] Add Analyzer for Opsgenie (#3181) + * [analyze] Add analyzer for Postman (#3180) + * Add Sentry protobufs (#3263) + * Make worker multipliers configurable (#3267) + * add rotation links (#3257) + * Reduce high freq keywords (#3265) + * Add central feature flags (#3264) + * Add huggingface tui config (#3060) + * Add Robinhood Crypto detector (#3254) + * Update buffer (#3255) + * Download files when reverifying (#3252) + * update rotation guide link for teams (#3248) + * Th 899 postman panic issue (#3245) + * Strip leading +/- from github target diffs (#3244) + * Skip filtration for targeted scans #3243 + * Customize results cleaning (using smuggled interface) (#3235) + * fix(deps): update module cloud.google.com/go/secretmanager to v1.14.0 (#3240) + * fix(deps): update testcontainers-go monorepo to v0.33.0 (#3239) + * fix(deps): update module google.golang.org/api to v0.193.0 (#3238) + * fix(deps): update module google.golang.org/api to v0.192.0 (#3237) + * fix(deps): update module github.com/prometheus/client_golang to v1.20.1 (#3236) + * chore(deps): update golang docker tag to v1.23 (#3228) + * fix(deps): update module github.com/charmbracelet/bubbletea to v0.27.0 (#3229) + +------------------------------------------------------------------- +Mon Aug 19 06:30:18 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.81.9: + * fix(deps): update module github.com/sendgrid/sendgrid-go to v3.15.0+incompatible (#3214) + * Improve domain / url handling in detectors (#3221) + * Support for kebab case and dot notation in permission generation tool (#3222) + +------------------------------------------------------------------- +Thu Aug 15 08:49:23 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.81.8: + * [chore] Ignore analyzer implementation tests in test-community (#3219) + * [chore] Fix lint errors (#3218) + * [analyze] Fix GitHub token expiration parsing (#3205) + * [analyze] Capture the hierarchy of GitHub permissions (#3127) + * chore(deps): update sigstore/cosign-installer action to v3.6.0 (#3211) + * Add metrics for command invocation (#3185) + * remove two letter keyword (#3210) + * fix(deps): update module cloud.google.com/go/secretmanager to v1.13.6 (#3208) + * Capture decoding time metric (#3209) + * fix(deps): update module github.com/google/go-containerregistry to v0.20.2 (#3184) + * [bug] - Correctly Handle Large Files in BufferedReadSeeker (#3203) + * Log when a detector ignores the timeout (#3201) + * fix(deps): update module go.mongodb.org/mongo-driver to v1.16.1 (#3197) + * [analyze] Fix double-print in postgres analyzer (#3199) + * fix(deps): update module golang.org/x/net to v0.28.0 (#3187) + * [analyze] Deduplicate finegrained GitHub permissions (#3196) + * Fixes for a few finegrained token issues (#3194) + * [analyze] Add basic section to README (#3190) + * [analyze] Bandaid solution for occasional slow startups (#3191) + * Analyzer capitalization (#3188) + * [analyze] Add analyze option to main TUI and unhide subcommand (#3186) + * fix(deps): update module golang.org/x/text to v0.17.0 (#3183) + * fix(deps): update module golang.org/x/crypto to v0.26.0 (#3182) + * Improve finegrained token support (#3179) + * [chore] Use custom HTTP client in sendgrid analyzer (#3178) + * [analyze] Separate SID from token in twilio analyzer (#3177) + * Analyze TUI (#3172) + * fix(deps): update module github.com/envoyproxy/protoc-gen-validate to v1.1.0 (#3176) + * Auth GitHub in Init (#3131) + * Change log verbosity for detection errors (#3171) + * fix(deps): update github.com/tailscale/depaware digest to 585336c (#3166) + * fix(deps): update module golang.org/x/sync to v0.8.0 (#3169) + * fix(deps): update module golang.org/x/oauth2 to v0.22.0 (#3168) + * Update Zulip detector (#2897) + * update pattern (#3167) + * [analyze] Use permission enum values in openai analyzer (#3165) + * [bug] - Create a new context with timeout per request (#3163) + * [analyze] Fix off-by-one error in generated data structures (#3162) + * fix(deps): update module github.com/schollz/progressbar/v3 to v3.14.6 (#3158) + * Update README.md (#3160) + * [bug] - add context timeout to ssh verification (#3161) + * [chore] - log detector type on error (#3159) + * [chore] - set custom transport for the Docker client (#3156) + * Add Analyzers interface for HuggingFace (#3140) + * quick patch for cfor enumeration (#3155) + * fix(deps): update module google.golang.org/api to v0.190.0 (#3146) + * Add Analyzers interface for Square (#3141) + * enable mutex and block profiler (#3154) + * [fix] Always configure the engine with the default detectors (#3152) + * Add progress bar to CFOR (#3151) + * [perf] - Leverage pgzip for Parallel decompression (#3149) + * CFOR Commit Scanner (#3145) + * [chore] Only set default detectors if none are provided (#3147) + * add twilio analyze relationships (#3148) + * [chore] - move automaxprocs to init (#3143) + * [analyze] Combine access level into permission value (#3144) + * Add Analyze interface to Stripe (#3132) + * move concurrency (#3135) + * [chore] - address linter (#3133) + * [chore] - Set GOMAXPROCS (#3136) + * Export maps from permission generation (#3137) + * Add permissions lookup tables (#3125) + * Separate out printing statements with anlayzer logic for SourceGraph (#3119) + * nitro detector was removed and needed to be deprecated (#3102) + * Separate out printing statements with anlayzer logic for Stripe (#3120) + * Separate out printing statements with anlayzer logic for Slack (#3121) + * Update GitHub integration tests (#3124) + * Add new canary ID (#3117) + * Separated printing and analyzes functionality for twilio (#3118) + * Separated printing and analyzes functionality for square (#3122) + * Separated printing and analyzes functionality for shopify (#3123) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.55.5 (#3116) + * Analyzer partial implementations (#3114) + * Include default detectors when using a config that contains detectors (#3115) + * Use non-canary credentials for AWS tests (#3109) + * fix dep versions (#3106) + * [analyze] Add description and user to openai metadata (#3111) + * Support openai project and fine grained tokens (#3112) + * [analyze] Implement Analyzer interface for github (#3110) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.55.3 (#3107) + * [chore] Move openai log message to proper function (#3105) + * fix(deps): update module github.com/gabriel-vasile/mimetype to v1.4.5 (#3108) + * Implement Analyzer interface for openai (#3101) + * [chore] Fix Versioner interface for twitter (#3104) + * fix(deps): update module cloud.google.com/go/secretmanager to v1.13.5 (#3096) + * Analyze (#3099) + * chore: fix some comments (#3098) + * [bug]- Invalid Seek for Non-Seekable Readers (#3095) + * remove deps from docker image (#3097) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.55.2 (#3094) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.55.1 (#3087) + * fixed crash issue if data array is empty (#3091) + * Remove onwater detector (#3088) + * implemented a netsuite detector (#3068) + * fix(deps): update module google.golang.org/api to v0.189.0 (#3086) + * fix(deps): update module github.com/googleapis/gax-go/v2 to v2.13.0 (#3085) + * fix(deps): update golang.org/x/exp digest to 8a7402a (#3083) + * fix(deps): update module github.com/couchbase/gocb/v2 to v2.9.1 (#3078) + * [chore] - Reduce `VerificationOverlapWorker`s (#3082) + * add verify check (#3079) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.20 (#3077) + * Added Twitter v2 Detector (#3016) + * chore: fix .goreleaser.yml and goreleaser usage for goreleaser v2 (#3073) + * fix(deps): update golang.org/x/exp digest to e3f2596 (#3071) + +------------------------------------------------------------------- +Thu Aug 01 11:37:08 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.80.5: + * move concurrency (#3135) + * [chore] - address linter (#3133) + * [chore] - Set GOMAXPROCS (#3136) + * Export maps from permission generation (#3137) + * Add permissions lookup tables (#3125) + +------------------------------------------------------------------- +Wed Jul 31 19:33:22 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.80.4: + * Separate out printing statements with anlayzer logic for SourceGraph (#3119) + * nitro detector was removed and needed to be deprecated (#3102) + * Separate out printing statements with anlayzer logic for Stripe (#3120) + * Separate out printing statements with anlayzer logic for Slack (#3121) + * Update GitHub integration tests (#3124) + +------------------------------------------------------------------- +Wed Jul 31 08:21:51 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.80.3: + * Add new canary ID (#3117) + * Separated printing and analyzes functionality for twilio (#3118) + * Separated printing and analyzes functionality for square (#3122) + * Separated printing and analyzes functionality for shopify (#3123) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.55.5 (#3116) + * Analyzer partial implementations (#3114) + * Include default detectors when using a config that contains detectors (#3115) + * Use non-canary credentials for AWS tests (#3109) + * fix dep versions (#3106) + * [analyze] Add description and user to openai metadata (#3111) + * Support openai project and fine grained tokens (#3112) + * [analyze] Implement Analyzer interface for github (#3110) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.55.3 (#3107) + * [chore] Move openai log message to proper function (#3105) + * fix(deps): update module github.com/gabriel-vasile/mimetype to v1.4.5 (#3108) + * Implement Analyzer interface for openai (#3101) + * [chore] Fix Versioner interface for twitter (#3104) + * fix(deps): update module cloud.google.com/go/secretmanager to v1.13.5 (#3096) + * Analyze (#3099) + * chore: fix some comments (#3098) + * [bug]- Invalid Seek for Non-Seekable Readers (#3095) + * remove deps from docker image (#3097) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.55.2 (#3094) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.55.1 (#3087) + * fixed crash issue if data array is empty (#3091) + * Remove onwater detector (#3088) + * implemented a netsuite detector (#3068) + * fix(deps): update module google.golang.org/api to v0.189.0 (#3086) + * fix(deps): update module github.com/googleapis/gax-go/v2 to v2.13.0 (#3085) + * fix(deps): update golang.org/x/exp digest to 8a7402a (#3083) + * fix(deps): update module github.com/couchbase/gocb/v2 to v2.9.1 (#3078) + * [chore] - Reduce `VerificationOverlapWorker`s (#3082) + * add verify check (#3079) + +------------------------------------------------------------------- +Fri Jul 19 17:58:34 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.80.1: + * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.20 (#3077) + * Added Twitter v2 Detector (#3016) + * chore: fix .goreleaser.yml and goreleaser usage for goreleaser v2 (#3073) + * fix(deps): update golang.org/x/exp digest to e3f2596 (#3071) + * [perf] - Optimize MIME Type Detection to Reduce Allocations (#3048) + * [feat] - Streamlined File Handling with BufferedReaderSeeker (#3041) + * fix(deps): update module github.com/google/go-containerregistry to v0.20.1 (#3072) + * Atlassian Token Detector (#3065) + * fix(deps): update golang.org/x/exp digest to 1d5bc16 (#3070) + * fix(deps): update module github.com/xanzy/go-gitlab to v0.107.0 (#3069) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.19 (#3064) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.18 (#3062) + * fix(deps): update module cloud.google.com/go/secretmanager to v1.13.4 (#3059) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.17 (#3057) + * update package name (#3020) + * Log more GitLab stuff (#3040) + * Order GitLab repos by ID (#3047) + * fix(deps): update module github.com/google/go-containerregistry to v0.20.0 (#3055) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.16 (#3054) + * fix(deps): update golang.org/x/exp digest to 46b0784 (#3053) + * chore(deps): update goreleaser/goreleaser-action action to v6 (#3051) + * remove dead code (#3044) + * fix(deps): update testcontainers-go monorepo to v0.32.0 (#3050) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.15 (#3049) + * fix(deps): update module golang.org/x/crypto to v0.25.0 (#3045) + * fix(deps): update module golang.org/x/net to v0.27.0 (#3046) + * fix(deps): update module cloud.google.com/go/storage to v1.43.0 (#3043) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.14 (#3042) + * fix(deps): update module cloud.google.com/go/secretmanager to v1.13.3 (#3037) + * fix(deps): update module go.mongodb.org/mongo-driver to v1.16.0 (#3036) + * Elevenlabs detector (#3023) + * fix(detectors): avoid race (#3028) + * remove launchdarkly dep (#3034) + * fix(deps): update module github.com/xanzy/go-gitlab to v0.106.0 (#3035) + * fix(deps): update module github.com/wasilibs/go-re2 to v1.6.0 (#3033) + * update LaunchDarkly detector to use the caller-identity API instead of the tokens API, and instantiating an SDK (#3018) + * fix(deps): update module github.com/couchbase/gocb/v2 to v2.9.0 (#3030) + * fix(deps): update module github.com/brianvoe/gofakeit/v7 to v7.0.4 (#3026) + * fix(deps): update module cloud.google.com/go/secretmanager to v1.13.2 (#3024) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.11 (#3025) + * fix(deps): update module github.com/charmbracelet/bubbletea to v0.26.6 (#2998) + * fixing docs (#3022) + * Update README.md (#3019) + * New Source: HuggingFace (#3000) + * Add endorlabs detector (#3015) + * added "example" (#3010) + * ci(detector-tests): test detectors if integration fails (#2994) + * Pin STARRY-S/zip #2999 + * Adding Larksuite Detectors + Tests (#3008) + * fix(git): set GIT_DIR based on ScanOptions.Bare (#3004) + * Return targeted scan errors (#2995) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.6 (#2996) + * fix(deps): update module github.com/googleapis/gax-go/v2 to v2.12.5 (#2993) + * ci(detector-tests): disambiguate step names (#2989) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.5 (#2992) + * clone more refs (#2988) + * fix(deps): update module google.golang.org/api to v0.185.0 (#2987) + * [feat] - Add Option to Retain False Positives During Detection (#2967) + * fix(deps): update module github.com/getsentry/sentry-go to v0.28.1 (#2986) + * fix(deps): update module github.com/elastic/go-elasticsearch/v8 to v8.14.0 (#2981) + * fix(deps): update module github.com/bradleyfalzon/ghinstallation/v2 to v2.11.0 (#2980) + * fix(deps): update module cloud.google.com/go/storage to v1.42.0 (#2977) + * fix(deps): update module go.mongodb.org/mongo-driver to v1.15.1 (#2975) + * fix(deps): update module github.com/google/go-containerregistry to v0.19.2 (#2973) + * fix(deps): update golang.org/x/exp digest to 7f521ea (#2972) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.2 (#2962) + * patch dependency (#2971) + * [fix] - implement MaxSecretSizeProvider for `auth0managementapitoken` detector (#2953) + * Fix integration tests (#2970) + * feat(detectors): log falsepositive reason (#2969) + * fix(handlers): workaround for max archive depth (#2965) + * add metrics to the pipeline (#2968) + * adding eraser ai detector (#2961) + * Modularize scanning engine (#2887) + * test: fix compile errors (#2964) + * adding twitter + Consumer key detector (#2963) + * fix(deps): update golang.org/x/exp digest to fc45aab (#2931) + * use @master (#2959) + * pin archiver dependency (#2958) + * [feat] - Update span calculation logic to use offset magnitude (#2957) + * [fix] - Refactor Filtering Logic to Fix Known False Positive Handling in Overlapping Cases (#2946) + * [chore] - Update `discordwebhook` detector keyword (#2954) + * fix(maxmind): prevent npd panic (#2948) + * refactor(filesystem): change symlink err handling (#2941) + * [bug] - Ensure BufferedFileWriter Flushes Buffer Contents to File Correctly (#2943) + * fix(deps): update module github.com/launchdarkly/go-server-sdk/v7 to v7.4.1 (#2947) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.19 (#2944) + * fix(deps): update module github.com/snowflakedb/gosnowflake to v1.10.1 (#2913) + +------------------------------------------------------------------- +Thu Jul 18 06:03:20 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.80.0: + * [perf] - Optimize MIME Type Detection to Reduce Allocations (#3048) + * [feat] - Streamlined File Handling with BufferedReaderSeeker (#3041) + * fix(deps): update module github.com/google/go-containerregistry to v0.20.1 (#3072) + * Atlassian Token Detector (#3065) + * fix(deps): update golang.org/x/exp digest to 1d5bc16 (#3070) + * fix(deps): update module github.com/xanzy/go-gitlab to v0.107.0 (#3069) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.19 (#3064) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.18 (#3062) + * fix(deps): update module cloud.google.com/go/secretmanager to v1.13.4 (#3059) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.17 (#3057) + * update package name (#3020) + * Log more GitLab stuff (#3040) + * Order GitLab repos by ID (#3047) + * fix(deps): update module github.com/google/go-containerregistry to v0.20.0 (#3055) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.16 (#3054) + * fix(deps): update golang.org/x/exp digest to 46b0784 (#3053) + * chore(deps): update goreleaser/goreleaser-action action to v6 (#3051) + * remove dead code (#3044) + * fix(deps): update testcontainers-go monorepo to v0.32.0 (#3050) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.15 (#3049) + * fix(deps): update module golang.org/x/crypto to v0.25.0 (#3045) + * fix(deps): update module golang.org/x/net to v0.27.0 (#3046) + * fix(deps): update module cloud.google.com/go/storage to v1.43.0 (#3043) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.14 (#3042) + * fix(deps): update module cloud.google.com/go/secretmanager to v1.13.3 (#3037) + * fix(deps): update module go.mongodb.org/mongo-driver to v1.16.0 (#3036) + * Elevenlabs detector (#3023) + * fix(detectors): avoid race (#3028) + * remove launchdarkly dep (#3034) + * fix(deps): update module github.com/xanzy/go-gitlab to v0.106.0 (#3035) + * fix(deps): update module github.com/wasilibs/go-re2 to v1.6.0 (#3033) + * update LaunchDarkly detector to use the caller-identity API instead of the tokens API, and instantiating an SDK (#3018) + * fix(deps): update module github.com/couchbase/gocb/v2 to v2.9.0 (#3030) + * fix(deps): update module github.com/brianvoe/gofakeit/v7 to v7.0.4 (#3026) + * fix(deps): update module cloud.google.com/go/secretmanager to v1.13.2 (#3024) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.11 (#3025) + * fix(deps): update module github.com/charmbracelet/bubbletea to v0.26.6 (#2998) + * fixing docs (#3022) + * Update README.md (#3019) + * New Source: HuggingFace (#3000) + +------------------------------------------------------------------- +Thu Jun 27 06:31:25 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.79.0: + * Add endorlabs detector (#3015) + * added "example" (#3010) + +------------------------------------------------------------------- +Tue Jun 25 06:26:55 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.78.2: + * ci(detector-tests): test detectors if integration fails (#2994) + * Pin STARRY-S/zip #2999 + * Adding Larksuite Detectors + Tests (#3008) + * fix(git): set GIT_DIR based on ScanOptions.Bare (#3004) + * Return targeted scan errors (#2995) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.6 (#2996) + * fix(deps): update module github.com/googleapis/gax-go/v2 to v2.12.5 (#2993) + * ci(detector-tests): disambiguate step names (#2989) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.5 (#2992) + * clone more refs (#2988) + * fix(deps): update module google.golang.org/api to v0.185.0 (#2987) + * [feat] - Add Option to Retain False Positives During Detection (#2967) + * fix(deps): update module github.com/getsentry/sentry-go to v0.28.1 (#2986) + * fix(deps): update module github.com/elastic/go-elasticsearch/v8 to v8.14.0 (#2981) + * fix(deps): update module github.com/bradleyfalzon/ghinstallation/v2 to v2.11.0 (#2980) + * fix(deps): update module cloud.google.com/go/storage to v1.42.0 (#2977) + * fix(deps): update module go.mongodb.org/mongo-driver to v1.15.1 (#2975) + * fix(deps): update module github.com/google/go-containerregistry to v0.19.2 (#2973) + * fix(deps): update golang.org/x/exp digest to 7f521ea (#2972) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.54.2 (#2962) + * patch dependency (#2971) + * [fix] - implement MaxSecretSizeProvider for `auth0managementapitoken` detector (#2953) + * Fix integration tests (#2970) + * feat(detectors): log falsepositive reason (#2969) + * fix(handlers): workaround for max archive depth (#2965) + * add metrics to the pipeline (#2968) + * adding eraser ai detector (#2961) + * Modularize scanning engine (#2887) + * test: fix compile errors (#2964) + * adding twitter + Consumer key detector (#2963) + * fix(deps): update golang.org/x/exp digest to fc45aab (#2931) + +------------------------------------------------------------------- +Wed Jun 12 06:57:02 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.78.1: + * use @master (#2959) + * pin archiver dependency (#2958) + * [feat] - Update span calculation logic to use offset magnitude (#2957) + * [fix] - Refactor Filtering Logic to Fix Known False Positive Handling in Overlapping Cases (#2946) + * [chore] - Update `discordwebhook` detector keyword (#2954) + * fix(maxmind): prevent npd panic (#2948) + * refactor(filesystem): change symlink err handling (#2941) + * [bug] - Ensure BufferedFileWriter Flushes Buffer Contents to File Correctly (#2943) + * fix(deps): update module github.com/launchdarkly/go-server-sdk/v7 to v7.4.1 (#2947) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.19 (#2944) + * fix(deps): update module github.com/snowflakedb/gosnowflake to v1.10.1 (#2913) + * Make the github action work with a path as input (#2908) + * feat(extensions): ignore dia diagrams (#2939) + * [chore] Polish channelmetrics package (#2938) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.17 (#2914) + * refactor(cache): use generics (#2930) + * [chore] - address comments (#2920) + * feat(git): improve scan logging (#2923) + * [fix] - Correctly calculate EntireSpanChunkCalculator span (#2924) + * remove stutter in naming (#2926) + * Update Jenkins in tui (#2925) + * continue on error (#2921) + * Go should be installed before codeql initializes (#2919) + * [feat] - Optimize detector performance by reducing data passed to regex (#2812) + * [feat] - Introduce `channelmetrics` Package for Channel Metrics Collection (#2889) + * Add flag to get information if trufflehog being ran from TUI (#1644) + * feat(openai): add project and service account keys (#2863) + * refactor(github): improve wiki err handling (#2917) + * Add elasticsearch to tui (#2915) + * fix(deps): update module github.com/microsoft/go-mssqldb to v1.7.2 (#2912) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.15 (#2911) + * Add Jenkins scanning (#2892) + * [chore] Always log git repositories being scanned (#2909) + * chore: fix some comments (#2903) + * fix(deps): update module github.com/azure/go-autorest/autorest/azure/auth to v0.5.13 (#2902) + * integration testing for mongodb. (#2907) + * fix(deps): update module github.com/hashicorp/go-retryablehttp to v0.7.7 (#2904) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.14 (#2900) + * refactor(github): enumerateWithToken flow & tests (#2880) + * Redis integration test (#2901) + * fix(falsepositives): remove 'www' (#2896) + * fix(deps): update module github.com/charmbracelet/bubbletea to v0.26.4 (#2885) + * consistent image of MSSQL for integration testing. (#2898) + * Update metadata for DataDog for API + APPKey (#2879) + * fix(deps): update golang.org/x/exp digest to fd00a4e (#2899) + * chore(deps): update alpine docker tag to v3.20 (#2874) + * Add postman to tui (#2895) + +------------------------------------------------------------------- +Fri Jun 07 18:28:18 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.78.0: + * Make the github action work with a path as input (#2908) + * feat(extensions): ignore dia diagrams (#2939) + * [chore] Polish channelmetrics package (#2938) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.17 (#2914) + * refactor(cache): use generics (#2930) + * [chore] - address comments (#2920) + * feat(git): improve scan logging (#2923) + * [fix] - Correctly calculate EntireSpanChunkCalculator span (#2924) + * remove stutter in naming (#2926) + * Update Jenkins in tui (#2925) + * continue on error (#2921) + * Go should be installed before codeql initializes (#2919) + * [feat] - Optimize detector performance by reducing data passed to regex (#2812) + * [feat] - Introduce `channelmetrics` Package for Channel Metrics Collection (#2889) + * Add flag to get information if trufflehog being ran from TUI (#1644) + * feat(openai): add project and service account keys (#2863) + * refactor(github): improve wiki err handling (#2917) + * Add elasticsearch to tui (#2915) + * fix(deps): update module github.com/microsoft/go-mssqldb to v1.7.2 (#2912) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.15 (#2911) + * Add Jenkins scanning (#2892) + * [chore] Always log git repositories being scanned (#2909) + * chore: fix some comments (#2903) + * fix(deps): update module github.com/azure/go-autorest/autorest/azure/auth to v0.5.13 (#2902) + * integration testing for mongodb. (#2907) + * fix(deps): update module github.com/hashicorp/go-retryablehttp to v0.7.7 (#2904) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.14 (#2900) + * refactor(github): enumerateWithToken flow & tests (#2880) + * Redis integration test (#2901) + * fix(falsepositives): remove 'www' (#2896) + * fix(deps): update module github.com/charmbracelet/bubbletea to v0.26.4 (#2885) + * consistent image of MSSQL for integration testing. (#2898) + * Update metadata for DataDog for API + APPKey (#2879) + * fix(deps): update golang.org/x/exp digest to fd00a4e (#2899) + * chore(deps): update alpine docker tag to v3.20 (#2874) + * Add postman to tui (#2895) + * feat: support docker image history scanning (#2882) + * Added extra data for LaunchDarkly (#2836) + * fix(deps): update module github.com/gabriel-vasile/mimetype to v1.4.4 (#2890) + * fix(deps): update module github.com/elastic/go-elasticsearch/v8 to v8.13.1 (#2886) + * fix(deps): update golang.org/x/exp digest to 4c93da0 (#2883) + * fix(deps): update module cloud.google.com/go/secretmanager to v1.13.1 (#2884) + * fix(deps): update module github.com/go-logr/logr to v1.4.2 (#2869) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.10 (#2871) + * test(github): fix some errors (#2774) + * Improve handling of Gist URLs (#2653) + * Elastic adapter (#2727) + * fix(github): scan user repos (#2814) + * Log reasons for GitLab repo exclusion (#2875) + * adding Groq detector (#2873) + * [chore] - Use http.NewRequestWithContext (#2870) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.6 (#2867) + * made changes in organization regex for azure devops. (#2866) + * Update azure storage extra data (#2808) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.5 (#2859) + * fix(deps): update module google.golang.org/api to v0.181.0 (#2857) + * fix(deps): update module github.com/wasilibs/go-re2 to v1.5.3 (#2861) + * chore(engine): remove verbose log line (#2860) + * remove redundant chunking (#2855) + * [chore] - move buffers pkg out of writers pkg (#2826) + * upgrade github dep (#2858) + * Adding postman to sub-commands list (#2813) + * add tolower to all keywords, and remove return on error for global vars (#2852) + * deprecated Integromat detector becuase they are gone. (#2856) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.3 (#2849) + * [bug] - Handle empty reader case in newFileReader (#2854) + * [refactor] - Create separate handler for non-archive data (#2825) + * added email and location in metadata. (#2850) + * chore: fix some typos in comments (#2851) + +------------------------------------------------------------------- +Wed May 29 06:51:32 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.77.0: + * feat: support docker image history scanning (#2882) + * Added extra data for LaunchDarkly (#2836) + * fix(deps): update module github.com/gabriel-vasile/mimetype to v1.4.4 (#2890) + * fix(deps): update module github.com/elastic/go-elasticsearch/v8 to v8.13.1 (#2886) + * fix(deps): update golang.org/x/exp digest to 4c93da0 (#2883) + * fix(deps): update module cloud.google.com/go/secretmanager to v1.13.1 (#2884) + * fix(deps): update module github.com/go-logr/logr to v1.4.2 (#2869) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.10 (#2871) + * test(github): fix some errors (#2774) + * Improve handling of Gist URLs (#2653) + * Elastic adapter (#2727) + * fix(github): scan user repos (#2814) + * Log reasons for GitLab repo exclusion (#2875) + * adding Groq detector (#2873) + * [chore] - Use http.NewRequestWithContext (#2870) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.6 (#2867) + +------------------------------------------------------------------- +Tue May 21 06:38:19 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.76.3: + * made changes in organization regex for azure devops. (#2866) + * Update azure storage extra data (#2808) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.5 (#2859) + * fix(deps): update module google.golang.org/api to v0.181.0 (#2857) + * fix(deps): update module github.com/wasilibs/go-re2 to v1.5.3 (#2861) + * chore(engine): remove verbose log line (#2860) + * remove redundant chunking (#2855) + * [chore] - move buffers pkg out of writers pkg (#2826) + * upgrade github dep (#2858) + * Adding postman to sub-commands list (#2813) + * add tolower to all keywords, and remove return on error for global vars (#2852) + * deprecated Integromat detector becuase they are gone. (#2856) + +------------------------------------------------------------------- +Thu May 16 08:09:47 UTC 2024 - Felix Niederwanger + +- Update to version 3.76.2: + * [bug] - Handle empty reader case in newFileReader (#2854) + +------------------------------------------------------------------- +Thu May 16 08:06:35 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.76.1: + * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.3 (#2849) + * [bug] - Handle empty reader case in newFileReader (#2854) + * [refactor] - Create separate handler for non-archive data (#2825) + * added email and location in metadata. (#2850) + * chore: fix some typos in comments (#2851) + * Add "Intra42" detector (#2835) + * [feat] - Support bearer auth for docker scans (#2848) + * Use fake detectors in versioned detectors test (#2847) + * switch to filesystem and specific tag when performance testing (#2846) + * [bug] - Fix case-sensitivity issue in PrefixRegex function (#2811) + * fix(deps): update module cloud.google.com/go/storage to v1.41.0 (#2843) + * feat(sendgrid): update detector (#2833) + * Bump up performance test threshold to 50% (#2839) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.1 (#2841) + * fix(deps): update module github.com/fatih/color to v1.17.0 (#2837) + * Fixed the Now Scanning emoji (#2842) + * [chore] - Update GitlabV2 detector (#2840) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.0 (#2830) + * Update results's extra data for Twilio (#2807) + * fix(deps): update module github.com/google/go-github/v61 to v62 (#2832) + * fix(deps): update module github.com/sassoftware/go-rpmutils to v0.4.0 (#2831) + * fix(deps): update module google.golang.org/api to v0.180.0 (#2822) + * fix(deps): update module github.com/xanzy/go-gitlab to v0.105.0 (#2824) + * fix(deps): update testcontainers-go monorepo to v0.31.0 (#2823) + * [refactor] - Refactor Archive Handling Logic (#2703) + * Update postman flags to be less confusing (#2755) + * fix(deps): update module github.com/prometheus/client_golang to v1.19.1 (#2821) + * fix(deps): update module github.com/charmbracelet/bubbletea to v0.26.2 (#2818) + * fix(deps): update module github.com/hashicorp/go-retryablehttp to v0.7.6 (#2819) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.52.6 (#2816) + * test(common/http): fix panic (#2817) + * fix(deps): update module github.com/snowflakedb/gosnowflake to v1.10.0 (#2810) + * fix(deps): update module github.com/rabbitmq/amqp091-go to v1.10.0 (#2809) + * fix(deps): update module github.com/xanzy/go-gitlab to v0.104.1 (#2784) + * address linter (#2783) + * chore(deps): update golangci/golangci-lint-action action to v6 (#2801) + * Updating Enterprise Readme Link from Contact to Product Info Page (#2804) + * Moved up enterprise section and added additional integrations (#2803) + * fix(deps): update module google.golang.org/api to v0.178.0 (#2800) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.52.4 (#2794) + * fix(deps): update module github.com/brianvoe/gofakeit/v7 to v7.0.3 (#2798) + * fix(deps): update module golang.org/x/exp to v0.0.0-20240506185415-9bf2ced13842 (#2795) + * increase test chan size (#2797) + +------------------------------------------------------------------- +Tue May 14 19:03:22 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.76.0: + * Add "Intra42" detector (#2835) + * [feat] - Support bearer auth for docker scans (#2848) + * Use fake detectors in versioned detectors test (#2847) + * switch to filesystem and specific tag when performance testing (#2846) + * [bug] - Fix case-sensitivity issue in PrefixRegex function (#2811) + * fix(deps): update module cloud.google.com/go/storage to v1.41.0 (#2843) + * feat(sendgrid): update detector (#2833) + * Bump up performance test threshold to 50% (#2839) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.1 (#2841) + * fix(deps): update module github.com/fatih/color to v1.17.0 (#2837) + * Fixed the Now Scanning emoji (#2842) + * [chore] - Update GitlabV2 detector (#2840) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.53.0 (#2830) + * Update results's extra data for Twilio (#2807) + * fix(deps): update module github.com/google/go-github/v61 to v62 (#2832) + * fix(deps): update module github.com/sassoftware/go-rpmutils to v0.4.0 (#2831) + * fix(deps): update module google.golang.org/api to v0.180.0 (#2822) + * fix(deps): update module github.com/xanzy/go-gitlab to v0.105.0 (#2824) + * fix(deps): update testcontainers-go monorepo to v0.31.0 (#2823) + * [refactor] - Refactor Archive Handling Logic (#2703) + * Update postman flags to be less confusing (#2755) + * fix(deps): update module github.com/prometheus/client_golang to v1.19.1 (#2821) + * fix(deps): update module github.com/charmbracelet/bubbletea to v0.26.2 (#2818) + * fix(deps): update module github.com/hashicorp/go-retryablehttp to v0.7.6 (#2819) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.52.6 (#2816) + * test(common/http): fix panic (#2817) + * fix(deps): update module github.com/snowflakedb/gosnowflake to v1.10.0 (#2810) + * fix(deps): update module github.com/rabbitmq/amqp091-go to v1.10.0 (#2809) + * fix(deps): update module github.com/xanzy/go-gitlab to v0.104.1 (#2784) + * address linter (#2783) + * chore(deps): update golangci/golangci-lint-action action to v6 (#2801) + * Updating Enterprise Readme Link from Contact to Product Info Page (#2804) + * Moved up enterprise section and added additional integrations (#2803) + * fix(deps): update module google.golang.org/api to v0.178.0 (#2800) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.52.4 (#2794) + * fix(deps): update module github.com/brianvoe/gofakeit/v7 to v7.0.3 (#2798) + * fix(deps): update module golang.org/x/exp to v0.0.0-20240506185415-9bf2ced13842 (#2795) + * increase test chan size (#2797) + * Add webhook source protos (#2789) + * fix(deps): update module golang.org/x/net to v0.25.0 (#2792) + * Use custom fp logic for private keys (#2793) + * fix(deps): update module google.golang.org/protobuf to v1.34.1 (#2790) + * fix(deps): update module golang.org/x/text to v0.15.0 (#2786) + * fix(deps): update module golang.org/x/oauth2 to v0.20.0 (#2785) + * fix(deps): update module github.com/charmbracelet/bubbletea to v0.26.1 (#2777) + * fix(deps): update module github.com/googleapis/gax-go/v2 to v2.12.4 (#2781) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.52.2 (#2776) + * fix(deps): update module cloud.google.com/go/secretmanager to v1.13.0 (#2775) + * set default buffer size to 64 (#2778) + * Update result's extra data for Slack (#2779) + * fix for infinite recursion in Postman var sub (#2780) + * Update rabbitmq.go regex detect amqps protocol (#2609) + * adds build version to finished scanning log (#2773) + * update imports (#2772) + * fix(deps): update module google.golang.org/api to v0.177.0 (#2770) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.32 (#2769) + * Detector-Competition-Fix - fixed the alchemy detector regex (#1821) + * Detector-Fix: Reintroduce Cloudflareglobalapikey (#2101) + * Expose detector-specific false positive logic (#2743) + * fixed calendly api key (#2368) + * [bug] - Improve BufferedFileReader Close Behavior (#2768) + * fix(deps): update module google.golang.org/protobuf to v1.34.0 (#2766) + * [feat] - Add ReadFrom method to BufferedFileWriter (#2759) + * [feat] - buffered file reader (#2731) + * test(git): change length of chunks (#2767) + * [chore] Add some happy path logs to GitLab (#2765) + * Update ignore extensions (#2764) + * Correclty set metrics for enumerated orgs (#2757) + * feat(git): scan commit metadata (#2754) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.31 (#2763) + * ignore pbix and vsdx files (#2762) + * pkg: fix function names in comment (#2761) + * [chore] - add additional binary extension (#2760) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.30 (#2756) + * update integration logos (#2752) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.29 (#2751) + * [bug] - Fix the metric for buffered file writer writes (#2750) + * [bug] - fix buffer size metric (#2749) + * [chore] Remove broken test (#2748) + * [refactor] - lazy buffer retrieval (#2745) + * [chore] - update buffered file writer metric (#2740) + * [bug] - Refactor newDiff constructor to avoid double initialization of contentWriter (#2742) + * Revert "feat(git): scan commit metadata (#2713)" (#2747) + * Fix SQL Server detector tests (#2716) + * feat(git): scan commit metadata (#2713) + * chore(deps): update golangci/golangci-lint-action action to v5 (#2744) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.28 (#2741) + * update buffer metrics (#2737) + * [bug] - Correctly return the checked out buffer to the pool (#2732) + * fix(deps): update module google.golang.org/api to v0.176.1 (#2736) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.27 (#2735) + * Make connection issues less jarring (#2730) + * [bug] - Fix disk write metric and update BufferedFileWriter file field (#2733) + * Add false positive info to proto (#2729) + * [refactor] - Update Write method signature in contentWriter interface (#2721) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.26 (#2728) + * Move detectors.IsKnownFalsePositive from the detectors and into the engine (#2643) + * fix(deps): update module google.golang.org/api to v0.176.0 (#2726) + * added onfleet api key detector (#2375) + * fix(deps): update module google.golang.org/api to v0.175.0 (#2724) + * fix(deps): update module github.com/microsoft/go-mssqldb to v1.7.1 (#2720) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.25 (#2723) + * Detect Slack workflows webhook (#2569) + * fix(deps): update module github.com/couchbase/gocb/v2 to v2.8.1 (#2714) + * fix(deps): update module github.com/xanzy/go-gitlab to v0.103.0 (#2715) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.24 (#2717) + * fix(deps): update module google.golang.org/api to v0.174.0 (#2712) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.23 (#2711) + * fix(deps): update module google.golang.org/api to v0.173.0 (#2709) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.22 (#2708) + * fix(deps): update module github.com/go-ldap/ldap/v3 to v3.4.8 (#2707) + * fix(deps): update golang.org/x/exp digest to fe59bbe (#2706) + * fix(deps): update module go.mongodb.org/mongo-driver to v1.15.0 (#2700) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.21 (#2699) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.20 (#2698) + * fix(deps): update module github.com/launchdarkly/go-server-sdk/v7 to v7.4.0 (#2697) + * Adding Pagarme API key detection (#2665) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.19 (#2694) + * chore(deps): update sigstore/cosign-installer action to v3.5.0 (#2695) + * [refactor] - template detector (#2692) + * Remove unnecessary space in Vultr regex pattern (#2689) + +------------------------------------------------------------------- +Tue May 07 06:23:39 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.75.1: + * Add webhook source protos (#2789) + * fix(deps): update module golang.org/x/net to v0.25.0 (#2792) + * Use custom fp logic for private keys (#2793) + * fix(deps): update module google.golang.org/protobuf to v1.34.1 (#2790) + +------------------------------------------------------------------- +Mon May 06 11:59:37 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.75.0: + * fix(deps): update module golang.org/x/text to v0.15.0 (#2786) + * fix(deps): update module golang.org/x/oauth2 to v0.20.0 (#2785) + * fix(deps): update module github.com/charmbracelet/bubbletea to v0.26.1 (#2777) + * fix(deps): update module github.com/googleapis/gax-go/v2 to v2.12.4 (#2781) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.52.2 (#2776) + * fix(deps): update module cloud.google.com/go/secretmanager to v1.13.0 (#2775) + * set default buffer size to 64 (#2778) + * Update result's extra data for Slack (#2779) + * fix for infinite recursion in Postman var sub (#2780) + * Update rabbitmq.go regex detect amqps protocol (#2609) + * adds build version to finished scanning log (#2773) + * update imports (#2772) + * fix(deps): update module google.golang.org/api to v0.177.0 (#2770) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.32 (#2769) + * Detector-Competition-Fix - fixed the alchemy detector regex (#1821) + * Detector-Fix: Reintroduce Cloudflareglobalapikey (#2101) + * Expose detector-specific false positive logic (#2743) + * fixed calendly api key (#2368) + * [bug] - Improve BufferedFileReader Close Behavior (#2768) + * fix(deps): update module google.golang.org/protobuf to v1.34.0 (#2766) + * [feat] - Add ReadFrom method to BufferedFileWriter (#2759) + * [feat] - buffered file reader (#2731) + * test(git): change length of chunks (#2767) + * [chore] Add some happy path logs to GitLab (#2765) + * Update ignore extensions (#2764) + * Correclty set metrics for enumerated orgs (#2757) + * feat(git): scan commit metadata (#2754) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.31 (#2763) + * ignore pbix and vsdx files (#2762) + * pkg: fix function names in comment (#2761) + * [chore] - add additional binary extension (#2760) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.30 (#2756) + * update integration logos (#2752) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.29 (#2751) + * [bug] - Fix the metric for buffered file writer writes (#2750) + * [bug] - fix buffer size metric (#2749) + * [chore] Remove broken test (#2748) + * [refactor] - lazy buffer retrieval (#2745) + * [chore] - update buffered file writer metric (#2740) + * [bug] - Refactor newDiff constructor to avoid double initialization of contentWriter (#2742) + * Revert "feat(git): scan commit metadata (#2713)" (#2747) + * Fix SQL Server detector tests (#2716) + * feat(git): scan commit metadata (#2713) + * chore(deps): update golangci/golangci-lint-action action to v5 (#2744) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.28 (#2741) + * update buffer metrics (#2737) + +------------------------------------------------------------------- +Wed Apr 24 06:40:13 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.74.0: + * [bug] - Correctly return the checked out buffer to the pool (#2732) + * fix(deps): update module google.golang.org/api to v0.176.1 (#2736) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.27 (#2735) + * Make connection issues less jarring (#2730) + * [bug] - Fix disk write metric and update BufferedFileWriter file field (#2733) + * Add false positive info to proto (#2729) + * [refactor] - Update Write method signature in contentWriter interface (#2721) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.26 (#2728) + * Move detectors.IsKnownFalsePositive from the detectors and into the engine (#2643) + * fix(deps): update module google.golang.org/api to v0.176.0 (#2726) + * added onfleet api key detector (#2375) + * fix(deps): update module google.golang.org/api to v0.175.0 (#2724) + * fix(deps): update module github.com/microsoft/go-mssqldb to v1.7.1 (#2720) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.25 (#2723) + * Detect Slack workflows webhook (#2569) + * fix(deps): update module github.com/couchbase/gocb/v2 to v2.8.1 (#2714) + * fix(deps): update module github.com/xanzy/go-gitlab to v0.103.0 (#2715) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.24 (#2717) + * fix(deps): update module google.golang.org/api to v0.174.0 (#2712) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.23 (#2711) + * fix(deps): update module google.golang.org/api to v0.173.0 (#2709) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.22 (#2708) + * fix(deps): update module github.com/go-ldap/ldap/v3 to v3.4.8 (#2707) + * fix(deps): update golang.org/x/exp digest to fe59bbe (#2706) + * fix(deps): update module go.mongodb.org/mongo-driver to v1.15.0 (#2700) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.21 (#2699) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.20 (#2698) + * fix(deps): update module github.com/launchdarkly/go-server-sdk/v7 to v7.4.0 (#2697) + * Adding Pagarme API key detection (#2665) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.19 (#2694) + * chore(deps): update sigstore/cosign-installer action to v3.5.0 (#2695) + * [refactor] - template detector (#2692) + * Remove unnecessary space in Vultr regex pattern (#2689) + * Add Wiz detector (#2691) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.18 (#2690) + * fix(deps): update golang.org/x/exp digest to 93d18d7 (#2688) + * Update README.md with Windows-specific Docker installation instructions (#2674) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.17 (#2686) + * fix(deps): update module github.com/go-ldap/ldap/v3 to v3.4.7 (#2684) + * fix(deps): update testcontainers-go monorepo to v0.30.0 (#2685) + * fix(deps): update module github.com/xanzy/go-gitlab to v0.102.0 (#2682) + * Enrich Gitlab enumeration logging (#2678) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.16 (#2680) + * fix(deps): update golang.org/x/exp digest to c0f41cb (#2672) + * fix(deps): update module github.com/wasilibs/go-re2 to v1.5.2 (#2681) + * fix(deps): update module github.com/thezeroslave/zapsentry to v1.23.0 (#2667) + * fix(deps): update module golang.org/x/net to v0.24.0 (#2662) + * Handle inactive Slack account tokens (#2668) + * [bug] - Add ASCII validation check for base64 decoding (#2671) + * fix(deps): update module golang.org/x/oauth2 to v0.19.0 (#2670) + * chore: fix some typos (#2666) + * [chore] - update go-github dep manually (#2664) + * fix(deps): update module github.com/google/go-github/v57 to v61 (#2652) + * fix(deps): update module github.com/launchdarkly/go-server-sdk/v7 to v7.3.0 (#2660) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.14 (#2659) + * upgrade launchdarkly dep (#2650) + * chore: remove duplicate jiratoken.v2 detector (#2657) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.13 (#2655) + * fix(deps): update module github.com/thezeroslave/zapsentry to v1.22.1 (#2654) + * Add GitLab CI Pipeline Example in Documentation (#2601) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.12 (#2651) + * add GCP application default credentials detector (#2530) + * fix(deps): update module github.com/go-git/go-git/v5 to v5.12.0 (#2649) + * fix(deps): update module github.com/thezeroslave/zapsentry to v1.22.0 (#2648) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.11 (#2646) + * Add JupiterOne detector (#2446) + * fix(deps): update module cloud.google.com/go/storage to v1.40.0 (#2645) + * fix(deps): update module github.com/launchdarkly/go-server-sdk/v6 to v6.2.0 (#2638) + * Fix GitHub enumeration & rate-limiting logic (#2625) + * build: fix 'toolchair not available' error (#2642) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.10 (#2636) + * make postman source public (#2635) + * fix(deps): update module google.golang.org/api to v0.172.0 (#2634) + * Fixing nitro check (#2631) + * Link to GitHub contribution guide in CONTRIBUTING (#2632) + +------------------------------------------------------------------- +Wed Apr 10 18:53:46 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.73.0: + * Add Wiz detector (#2691) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.18 (#2690) + * fix(deps): update golang.org/x/exp digest to 93d18d7 (#2688) + * Update README.md with Windows-specific Docker installation instructions (#2674) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.17 (#2686) + * fix(deps): update module github.com/go-ldap/ldap/v3 to v3.4.7 (#2684) + * fix(deps): update testcontainers-go monorepo to v0.30.0 (#2685) + * fix(deps): update module github.com/xanzy/go-gitlab to v0.102.0 (#2682) + * Enrich Gitlab enumeration logging (#2678) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.16 (#2680) + * fix(deps): update golang.org/x/exp digest to c0f41cb (#2672) + * fix(deps): update module github.com/wasilibs/go-re2 to v1.5.2 (#2681) + * fix(deps): update module github.com/thezeroslave/zapsentry to v1.23.0 (#2667) + * fix(deps): update module golang.org/x/net to v0.24.0 (#2662) + * Handle inactive Slack account tokens (#2668) + * [bug] - Add ASCII validation check for base64 decoding (#2671) + * fix(deps): update module golang.org/x/oauth2 to v0.19.0 (#2670) + * chore: fix some typos (#2666) + * [chore] - update go-github dep manually (#2664) + * fix(deps): update module github.com/google/go-github/v57 to v61 (#2652) + * fix(deps): update module github.com/launchdarkly/go-server-sdk/v7 to v7.3.0 (#2660) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.14 (#2659) + * upgrade launchdarkly dep (#2650) + * chore: remove duplicate jiratoken.v2 detector (#2657) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.13 (#2655) + * fix(deps): update module github.com/thezeroslave/zapsentry to v1.22.1 (#2654) + * Add GitLab CI Pipeline Example in Documentation (#2601) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.12 (#2651) + * add GCP application default credentials detector (#2530) + * fix(deps): update module github.com/go-git/go-git/v5 to v5.12.0 (#2649) + * fix(deps): update module github.com/thezeroslave/zapsentry to v1.22.0 (#2648) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.11 (#2646) + * Add JupiterOne detector (#2446) + * fix(deps): update module cloud.google.com/go/storage to v1.40.0 (#2645) + * fix(deps): update module github.com/launchdarkly/go-server-sdk/v6 to v6.2.0 (#2638) + * Fix GitHub enumeration & rate-limiting logic (#2625) + * build: fix 'toolchair not available' error (#2642) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.10 (#2636) + +------------------------------------------------------------------- +Thu Mar 28 20:38:32 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.72.0: + * make postman source public (#2635) + * fix(deps): update module google.golang.org/api to v0.172.0 (#2634) + * Fixing nitro check (#2631) + * Link to GitHub contribution guide in CONTRIBUTING (#2632) + * Use Lstat to identify non-regular files in filesystem source (#2628) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.8 (#2630) + * [bugfix] - Update the Anthropic detector (#2629) + * fix(deps): update module github.com/charmbracelet/glamour to v0.7.0 (#2627) + * fix(deps): update module github.com/go-sql-driver/mysql to v1.8.1 (#2626) + * Fix incorrect regular expression with missing closing bracket (#2616) + +------------------------------------------------------------------- +Wed Mar 27 08:02:16 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.71.1: + * Use Lstat to identify non-regular files in filesystem source (#2628) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.8 (#2630) + * [bugfix] - Update the Anthropic detector (#2629) + * fix(deps): update module github.com/charmbracelet/glamour to v0.7.0 (#2627) + * fix(deps): update module github.com/go-sql-driver/mysql to v1.8.1 (#2626) + * Fix incorrect regular expression with missing closing bracket (#2616) + * fix(deps): update golang.org/x/exp digest to a685a6e (#2621) + * [chore] - upgrade dep (#2618) + * Fix additional GitHub test errors #2614 + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.7 (#2623) + +------------------------------------------------------------------- +Mon Mar 25 15:00:59 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.71.0: + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.6 (#2615) + * fix(deps): update module github.com/xanzy/go-gitlab to v0.101.0 (#2617) + * fix(github): resolve panic & test failures (#2608) + * Dockerhub v2 detector (#2361) + * fix(deps): update module github.com/brianvoe/gofakeit/v6 to v7 (#2612) + * Update Snyk detector (#2559) + * MaxMind detector uses the right endpoint (#2577) + * feat(gitparse): avoid uneeded calls to strconv.Unquote (#2605) + * fix(deps): update module github.com/bradleyfalzon/ghinstallation/v2 to v2.10.0 (#2607) + * fix(deps): update module google.golang.org/api to v0.171.0 (#2611) + * fix(deps): update module github.com/brianvoe/gofakeit/v6 to v7 (#2524) + * fix(deps): update module github.com/launchdarkly/go-server-sdk/v6 to v7 (#2590) + * Use go 1.22 (#2599) + * Refactor GitHub source (#2379) + * Bump github.com/docker/docker (#2603) + * [chore] Fix potential resource leak in postman source (#2606) + * strings contain keyword check, add collection name to keywords (#2602) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.4 (#2604) + * Postman Source (#2579) + +------------------------------------------------------------------- +Wed Mar 20 15:00:57 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.70.3: + * fix(deps): update module github.com/wasilibs/go-re2 to v1.5.1 (#2596) + +------------------------------------------------------------------- +Wed Mar 20 09:30:28 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.70.2: + * fix(deps): update module cloud.google.com/go/secretmanager to v1.12.0 (#2595) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.3 (#2594) + * fix(git): decode unicode paths (#2585) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.2 (#2593) + * fix(deps): update golang.org/x/exp digest to a85f2c6 (#2592) + * [chore] Replace "Trufflehog" with "TruffleHog" (#2584) + * fix(deps): update module github.com/wasilibs/go-re2 to v1.5.0 (#2591) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.1 (#2588) + * fix(deps): update module google.golang.org/api to v0.170.0 (#2589) + * fix(deps): update module github.com/googleapis/gax-go/v2 to v2.12.3 (#2587) + * fix(deps): update module github.com/google/go-containerregistry to v0.19.1 (#2586) + * fix(deps): update module cloud.google.com/go/secretmanager to v1.11.6 (#2578) + * fix(deps): update module github.com/launchdarkly/go-server-sdk/v7 to v7.1.1 (#2576) + * fix(github): response can be nil (#2583) + * fix(cli): properly parse --results (#2582) + * pull out verification logic from github detectors (#2554) + * Add `--results` flag (#2372) + * fix(deps): update golang.org/x/exp digest to c7f7c64 (#2575) + * fix(deps): update module github.com/couchbase/gocb/v2 to v2.8.0 (#2573) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.38 (#2572) + * fix(deps): update module github.com/xanzy/go-gitlab to v0.100.0 (#2567) + * fix(deps): update module github.com/launchdarkly/go-server-sdk/v6 to v7 (#2568) + * [chore] - Record metrics before reset (#2556) + * Fix flaky test. (#2564) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.36 (#2566) + * fix(deps): update module cloud.google.com/go/storage to v1.39.1 (#2565) + * fix(deps): update module github.com/go-sql-driver/mysql to v1.8.0 (#2561) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.35 (#2560) + * fix(deps): update module github.com/google/go-github/v57 to v60 (#2551) + * use custom grow method (#2555) + * fix(deps): update module github.com/golang-jwt/jwt/v4 to v5 (#2550) + * fix(deps): update module google.golang.org/protobuf to v1.33.0 (#2548) + * fix(deps): update testcontainers-go monorepo to v0.29.1 (#2549) + * Canary verification (#2531) + * fix(deps): update module google.golang.org/api to v0.169.0 (#2547) + * fix(deps): update module golang.org/x/oauth2 to v0.18.0 (#2546) + * fix(deps): update module github.com/xanzy/go-gitlab to v0.99.0 (#2543) + * fix(deps): update module golang.org/x/crypto to v0.21.0 (#2544) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.34 (#2541) + * fix(deps): update module github.com/charmbracelet/lipgloss to v0.10.0 (#2542) + * fix(deps): update module github.com/golang-jwt/jwt/v4 to v5 (#2535) + * fix(deps): update module github.com/launchdarkly/go-server-sdk/v6 to v7 (#2499) + * add version to extra data + moving existing versioned detectors into subdirectory format (#2471) + +------------------------------------------------------------------- +Sat Mar 16 08:40:46 UTC 2024 - Felix Niederwanger + +- Update to version 3.70.1 + * pull out verification logic from github detectors (#2554) + * Fix --results not behaving as expected (#2582) + * Fix GitHub detector npe (#2583) + +------------------------------------------------------------------- +Sat Mar 16 08:34:52 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.70.0: + * fix(github): response can be nil (#2583) + * fix(cli): properly parse --results (#2582) + * pull out verification logic from github detectors (#2554) + * Add `--results` flag (#2372) + * fix(deps): update golang.org/x/exp digest to c7f7c64 (#2575) + * fix(deps): update module github.com/couchbase/gocb/v2 to v2.8.0 (#2573) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.38 (#2572) + * fix(deps): update module github.com/xanzy/go-gitlab to v0.100.0 (#2567) + * fix(deps): update module github.com/launchdarkly/go-server-sdk/v6 to v7 (#2568) + * [chore] - Record metrics before reset (#2556) + * Fix flaky test. (#2564) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.36 (#2566) + * fix(deps): update module cloud.google.com/go/storage to v1.39.1 (#2565) + +------------------------------------------------------------------- +Sun Mar 10 08:53:55 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.69.0: + * fix(deps): update module github.com/go-sql-driver/mysql to v1.8.0 (#2561) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.35 (#2560) + * fix(deps): update module github.com/google/go-github/v57 to v60 (#2551) + * use custom grow method (#2555) + * fix(deps): update module github.com/golang-jwt/jwt/v4 to v5 (#2550) + * fix(deps): update module google.golang.org/protobuf to v1.33.0 (#2548) + * fix(deps): update testcontainers-go monorepo to v0.29.1 (#2549) + * Canary verification (#2531) + * fix(deps): update module google.golang.org/api to v0.169.0 (#2547) + * fix(deps): update module golang.org/x/oauth2 to v0.18.0 (#2546) + +------------------------------------------------------------------- +Thu Mar 07 10:24:49 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.68.5: + * DB is not needed for ping command (#2540) + * Redact secret in git command output (#2539) + * Add naive S3 ignorelist (#2536) + * fix(deps): update module github.com/stretchr/testify to v1.9.0 (#2534) + * fix(deps): update module cloud.google.com/go/storage to v1.39.0 (#2533) + * fix(deps): update module github.com/felixge/fgprof to v0.9.4 (#2532) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.30 (#2529) + * Create basic escaped unicode decoder (#2456) + * [feat] - Make the client configurable (#2528) + +------------------------------------------------------------------- +Tue Mar 05 13:39:33 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.68.4: + * Add naive S3 ignorelist (#2536) + * fix(deps): update module github.com/stretchr/testify to v1.9.0 (#2534) + * fix(deps): update module cloud.google.com/go/storage to v1.39.0 (#2533) + * fix(deps): update module github.com/felixge/fgprof to v0.9.4 (#2532) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.30 (#2529) + * Create basic escaped unicode decoder (#2456) + * [feat] - Make the client configurable (#2528) + * Ignore canary IDs in notifications (#2526) + * Fix minor typo (#2527) + * Remove one filter word (#2525) + * fix(deps): update module golang.org/x/crypto to v0.20.0 (#2523) + * fix(deps): update module github.com/prometheus/client_golang to v1.19.0 (#2522) + * fix(deps): update module github.com/googleapis/gax-go/v2 to v2.12.2 (#2521) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.28 (#2520) + * fix(deps): update module github.com/golang-jwt/jwt/v4 to v5 (#2513) + * Improve Gitlab default URL handling (#2491) + * Implement detectors.EndpointCustomizer on datadogtoken (#2510) + * JDBC test and parsing improvements (#2516) + * Improve monogo and snowflake detectors (#2518) + * fix(deps): update module google.golang.org/api to v0.167.0 (#2512) + * fix(deps): update module github.com/xanzy/go-gitlab to v0.98.0 (#2511) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.25 (#2509) + * fix(deps): update golang.org/x/exp digest to 814bf88 (#2508) + * fix(deps): update module github.com/golang-jwt/jwt/v4 to v5 (#2455) + * fix(deps): update module github.com/google/go-github/v57 to v59 (#2464) + * fix prefix check when returning early (#2503) + +------------------------------------------------------------------- +Thu Feb 29 08:01:06 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.68.3: + * Ignore canary IDs in notifications (#2526) + * Fix minor typo (#2527) + * Remove one filter word (#2525) + * fix(deps): update module golang.org/x/crypto to v0.20.0 (#2523) + * fix(deps): update module github.com/prometheus/client_golang to v1.19.0 (#2522) + * fix(deps): update module github.com/googleapis/gax-go/v2 to v2.12.2 (#2521) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.28 (#2520) + * fix(deps): update module github.com/golang-jwt/jwt/v4 to v5 (#2513) + * Improve Gitlab default URL handling (#2491) + * Implement detectors.EndpointCustomizer on datadogtoken (#2510) + * JDBC test and parsing improvements (#2516) + * Improve monogo and snowflake detectors (#2518) + +------------------------------------------------------------------- +Tue Feb 27 07:37:39 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.68.2: + * fix(deps): update module google.golang.org/api to v0.167.0 (#2512) + * fix(deps): update module github.com/xanzy/go-gitlab to v0.98.0 (#2511) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.25 (#2509) + * fix(deps): update golang.org/x/exp digest to 814bf88 (#2508) + * fix(deps): update module github.com/golang-jwt/jwt/v4 to v5 (#2455) + * fix(deps): update module github.com/google/go-github/v57 to v59 (#2464) + * fix prefix check when returning early (#2503) + * Clean up some detectors (#2501) + * Gitlab scan targets (#2470) + * Tell git to ignore directory ownership (fixes #2495) (#2496) + +------------------------------------------------------------------- +Sat Feb 24 08:18:37 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.68.1: + * Clean up some detectors (#2501) + * Gitlab scan targets (#2470) + * Tell git to ignore directory ownership (fixes #2495) (#2496) + * Identify some canary tokens without detonation (#2500) + * fix(deps): update module go.uber.org/zap to v1.27.0 (#2498) + * fix(deps): update module github.com/snowflakedb/gosnowflake to v1.8.0 (#2497) + * fix(deps): update module github.com/couchbase/gocb/v2 to v2.7.2 (#2493) + +------------------------------------------------------------------- +Thu Feb 22 07:47:17 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.68.0: + * Identify some canary tokens without detonation (#2500) + * fix(deps): update module go.uber.org/zap to v1.27.0 (#2498) + * fix(deps): update module github.com/snowflakedb/gosnowflake to v1.8.0 (#2497) + * fix(deps): update module github.com/couchbase/gocb/v2 to v2.7.2 (#2493) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.22 (#2492) + * fix(deps): update module github.com/launchdarkly/go-server-sdk/v6 to v7 (#2490) + * Add Display method to SourceUnit and Kind member to the CommonSourceUnit (#2450) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.21 (#2489) + * fix(deps): update module github.com/hashicorp/golang-lru to v2 (#2486) + * concurrency uint8 to int (#2488) + * use read full (#2474) + * [chore] - upgrade lru cache version (#2487) + * fix(deps): update module github.com/azuread/microsoft-authentication-library-for-go to v1.2.2 (#2484) + * fix(deps): update module github.com/hashicorp/golang-lru to v2 (#2483) + * fix(deps): update module github.com/hashicorp/golang-lru to v0.6.0 (#2482) + * fix(deps): update module github.com/hashicorp/golang-lru to v2 (#2481) + * fix(deps): update module google.golang.org/api to v0.165.0 (#2480) + * fix(deps): update module go.mongodb.org/mongo-driver to v1.14.0 (#2479) + * fix(deps): update module github.com/hashicorp/golang-lru to v0.6.0 (#2478) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.20 (#2477) + * fix(deps): update module github.com/hashicorp/golang-lru to v2 (#2462) + * move clenaup outside the engine (#2475) + * tighten keyword match (#2473) + * [chore] Increase TestMaxDiffSize timeout (#2472) + * add lazy quantifier to prefixregex (#2466) + * [cleanup] - Extract buffer logic (#2409) + * update gitlab proto (#2469) + * add missing prefixregex (#2468) + * Remove some noisy / less useful detectors (#2467) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.18 (#2463) + * fix(deps): update module github.com/google/go-github/v57 to v59 (#2449) + * fix(deps): update module github.com/aymanbagabas/go-osc52 to v1.2.2 (#2460) + * fix(deps): update module github.com/aymanbagabas/go-osc52 to v2 (#2459) + * fix(deps): update module go.mongodb.org/mongo-driver to v1.13.2 (#2458) + * fix(deps): update module github.com/aymanbagabas/go-osc52 to v1.2.2 (#2457) + * fix(deps): update module github.com/aymanbagabas/go-osc52 to v2 (#2447) + * fix(deps): update module github.com/googleapis/gax-go/v2 to v2.12.1 (#2454) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.17 (#2453) + * fix(deps): update golang.org/x/exp digest to ec58324 (#2452) + * fix(deps): update module github.com/golang-jwt/jwt/v4 to v5 (#2448) + * [chore] Add some doc comments to source manager (#2434) + * 2396 since commit stopped working (#2402) + * Update custom detector example (#2435) + * chore(deps): update golangci/golangci-lint-action action to v4 (#2445) + * chore(deps): update github/codeql-action action to v3 (#2444) + * fix(deps): update module google.golang.org/api to v0.164.0 (#2442) + * fix(deps): update module golang.org/x/oauth2 to v0.17.0 (#2441) + * chore(deps): update actions/setup-go action to v5 (#2443) + * fix(deps): update module golang.org/x/net to v0.21.0 (#2440) + * fix(deps): update module golang.org/x/crypto to v0.19.0 (#2439) + * fix(deps): update module cloud.google.com/go/storage to v1.38.0 (#2438) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.16 (#2436) + * fix(deps): update module go.uber.org/mock to v0.4.0 (#2437) + * fix(deps): update module go.mongodb.org/mongo-driver to v1.13.1 (#2433) + * fix(deps): update module github.com/xanzy/go-gitlab to v0.97.0 (#2432) + * fix(deps): update module github.com/prometheus/client_golang to v1.18.0 (#2429) + * fix(deps): update module github.com/snowflakedb/gosnowflake to v1.7.2 (#2430) + * fix(deps): update module github.com/thezeroslave/zapsentry to v1.20.2 (#2431) + * fix(deps): update module github.com/hashicorp/golang-lru to v0.6.0 (#2428) + * fix(deps): update module github.com/google/uuid to v1.6.0 (#2427) + * chore(gcp): ignore known test creds (#2413) + * [fix] Add unit information to error returned by ChunkUnit (#2410) + * fix(deps): update module github.com/google/go-containerregistry to v0.19.0 (#2425) + * fix(deps): update module github.com/getsentry/sentry-go to v0.27.0 (#2424) + * fix(deps): update module cloud.google.com/go/storage to v1.37.0 (#2423) + * chore(deps): update sigstore/cosign-installer action to v3.4.0 (#2421) + * chore(deps): update golang docker tag to v1.22 (#2420) + * fix(deps): update module github.com/aymanbagabas/go-osc52 to v1.2.2 (#2416) + * fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.22 (#2417) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.15 (#2415) + * fix(deps): update module cloud.google.com/go/secretmanager to v1.11.5 (#2414) + * fix(deps): update golang.org/x/exp digest to 2c58cdc (#2412) + * fix(deps): update github.com/lrstanley/bubblezone digest to b7bafc4 (#2411) + * fix(deps): update module github.com/aymanbagabas/go-osc52 to v2 (#2048) + * fix(deps): update module github.com/charmbracelet/bubbles to v0.18.0 (#2296) + * fix(deps): update module github.com/charmbracelet/bubbletea to v0.25.0 (#2326) + * [chore] Ensure Postgres detector respects context deadline (#2408) + * [chore] Rename file to legacy_reporters.go (#2406) + * Add flag to write job reports to disk (#2298) + * Implement SourceUnitEnumChunker for GitLab (#2367) + * Update brew install instructions (#2404) + * Refactor UnitHook to block the scan if finished metrics aren't handled (#2309) + * skip community PR (forks) secret scans for now (#2401) + * [feat] - buffered file writer metrics (#2395) + * Update GitParse to handle quoted binary filenames (#2391) + * Allow multiple domains for Forager (#2400) + * prevent concurrent map writes (#2399) + * Allow CLI version pinning in GHA (#2397) (#2398) + * Set GHA workdir (#2393) + * Fix handling of GitHub ratelimit information (#2041) + +------------------------------------------------------------------- +Wed Feb 21 06:27:30 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.67.7: + * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.22 (#2492) + * fix(deps): update module github.com/launchdarkly/go-server-sdk/v6 to v7 (#2490) + * Add Display method to SourceUnit and Kind member to the CommonSourceUnit (#2450) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.21 (#2489) + * fix(deps): update module github.com/hashicorp/golang-lru to v2 (#2486) + * concurrency uint8 to int (#2488) + * use read full (#2474) + * [chore] - upgrade lru cache version (#2487) + * fix(deps): update module github.com/azuread/microsoft-authentication-library-for-go to v1.2.2 (#2484) + * fix(deps): update module github.com/hashicorp/golang-lru to v2 (#2483) + * fix(deps): update module github.com/hashicorp/golang-lru to v0.6.0 (#2482) + * fix(deps): update module github.com/hashicorp/golang-lru to v2 (#2481) + * fix(deps): update module google.golang.org/api to v0.165.0 (#2480) + * fix(deps): update module go.mongodb.org/mongo-driver to v1.14.0 (#2479) + * fix(deps): update module github.com/hashicorp/golang-lru to v0.6.0 (#2478) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.20 (#2477) + * fix(deps): update module github.com/hashicorp/golang-lru to v2 (#2462) + * move clenaup outside the engine (#2475) + * tighten keyword match (#2473) + * [chore] Increase TestMaxDiffSize timeout (#2472) + * add lazy quantifier to prefixregex (#2466) + * [cleanup] - Extract buffer logic (#2409) + * update gitlab proto (#2469) + * add missing prefixregex (#2468) + * Remove some noisy / less useful detectors (#2467) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.18 (#2463) + * fix(deps): update module github.com/google/go-github/v57 to v59 (#2449) + * fix(deps): update module github.com/aymanbagabas/go-osc52 to v1.2.2 (#2460) + * fix(deps): update module github.com/aymanbagabas/go-osc52 to v2 (#2459) + * fix(deps): update module go.mongodb.org/mongo-driver to v1.13.2 (#2458) + * fix(deps): update module github.com/aymanbagabas/go-osc52 to v1.2.2 (#2457) + * fix(deps): update module github.com/aymanbagabas/go-osc52 to v2 (#2447) + * fix(deps): update module github.com/googleapis/gax-go/v2 to v2.12.1 (#2454) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.17 (#2453) + * fix(deps): update golang.org/x/exp digest to ec58324 (#2452) + * fix(deps): update module github.com/golang-jwt/jwt/v4 to v5 (#2448) + +------------------------------------------------------------------- +Tue Feb 13 20:23:07 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.67.6: + * [chore] Add some doc comments to source manager (#2434) + * 2396 since commit stopped working (#2402) + * Update custom detector example (#2435) + * chore(deps): update golangci/golangci-lint-action action to v4 (#2445) + * chore(deps): update github/codeql-action action to v3 (#2444) + * fix(deps): update module google.golang.org/api to v0.164.0 (#2442) + * fix(deps): update module golang.org/x/oauth2 to v0.17.0 (#2441) + * chore(deps): update actions/setup-go action to v5 (#2443) + * fix(deps): update module golang.org/x/net to v0.21.0 (#2440) + * fix(deps): update module golang.org/x/crypto to v0.19.0 (#2439) + * fix(deps): update module cloud.google.com/go/storage to v1.38.0 (#2438) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.16 (#2436) + * fix(deps): update module go.uber.org/mock to v0.4.0 (#2437) + * fix(deps): update module go.mongodb.org/mongo-driver to v1.13.1 (#2433) + * fix(deps): update module github.com/xanzy/go-gitlab to v0.97.0 (#2432) + * fix(deps): update module github.com/prometheus/client_golang to v1.18.0 (#2429) + * fix(deps): update module github.com/snowflakedb/gosnowflake to v1.7.2 (#2430) + * fix(deps): update module github.com/thezeroslave/zapsentry to v1.20.2 (#2431) + * fix(deps): update module github.com/hashicorp/golang-lru to v0.6.0 (#2428) + * fix(deps): update module github.com/google/uuid to v1.6.0 (#2427) + * chore(gcp): ignore known test creds (#2413) + * [fix] Add unit information to error returned by ChunkUnit (#2410) + * fix(deps): update module github.com/google/go-containerregistry to v0.19.0 (#2425) + * fix(deps): update module github.com/getsentry/sentry-go to v0.27.0 (#2424) + * fix(deps): update module cloud.google.com/go/storage to v1.37.0 (#2423) + * chore(deps): update sigstore/cosign-installer action to v3.4.0 (#2421) + * chore(deps): update golang docker tag to v1.22 (#2420) + * fix(deps): update module github.com/aymanbagabas/go-osc52 to v1.2.2 (#2416) + * fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.22 (#2417) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.15 (#2415) + * fix(deps): update module cloud.google.com/go/secretmanager to v1.11.5 (#2414) + * fix(deps): update golang.org/x/exp digest to 2c58cdc (#2412) + * fix(deps): update github.com/lrstanley/bubblezone digest to b7bafc4 (#2411) + * fix(deps): update module github.com/aymanbagabas/go-osc52 to v2 (#2048) + * fix(deps): update module github.com/charmbracelet/bubbles to v0.18.0 (#2296) + * fix(deps): update module github.com/charmbracelet/bubbletea to v0.25.0 (#2326) + * [chore] Ensure Postgres detector respects context deadline (#2408) + * [chore] Rename file to legacy_reporters.go (#2406) + * Add flag to write job reports to disk (#2298) + * Implement SourceUnitEnumChunker for GitLab (#2367) + * Update brew install instructions (#2404) + +------------------------------------------------------------------- +Fri Feb 09 13:05:22 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.67.5: + * Refactor UnitHook to block the scan if finished metrics aren't handled (#2309) + * skip community PR (forks) secret scans for now (#2401) + * [feat] - buffered file writer metrics (#2395) + * Update GitParse to handle quoted binary filenames (#2391) + * Allow multiple domains for Forager (#2400) + * prevent concurrent map writes (#2399) + * Allow CLI version pinning in GHA (#2397) (#2398) + * Set GHA workdir (#2393) + * Fix handling of GitHub ratelimit information (#2041) + * [feat] - use diff chan (#2387) + * [not-fixup] - Reduce memory consumption for Buffered File Writer (#2377) + * fix: case-insensitive ext check (#2383) + * tightening opsgenie detection and verification (#2389) + * Fix binary file hanging bug in git sources (#2388) + * Disable GitHub wiki scanning by default (#2386) + +------------------------------------------------------------------- +Wed Feb 07 09:23:59 UTC 2024 - felix.niederwanger@suse.de + +- Update to version 3.67.4: + * [feat] - use diff chan (#2387) + * [not-fixup] - Reduce memory consumption for Buffered File Writer (#2377) + * fix: case-insensitive ext check (#2383) + * tightening opsgenie detection and verification (#2389) + * Fix binary file hanging bug in git sources (#2388) + * Disable GitHub wiki scanning by default (#2386) + * [fixup] - correctly use the buffered file writer (#2373) + * custom detector dogs (#2376) + * use only the DetectorKey as a map field (#2374) + * [feat] - concurently scan the filesystem source (#2364) + * [chore] Cleanup GitLab source errors (#2345) + * [bug] - use DetectorKey as the key in the detectorKeysWithResults map (#2366) + * Add s3 credential validation (#2362) + * Polite Verification (#2356) + * Make AzureDevopsPersonalAccessToken verification more robust (#2359) + * fix (#2360) + * update azure test files to check rawV2 (#2353) + * [chore] Add filesystem integration test (#2358) + * Scan GitHub wikis #2233 + * added flyio protos (#2357) + * Allow for configuring the buffered file writer (#2319) + * [feat] - tmp file diffs (#2306) + * Fix filesystem enumeration ignore paths bug (#2355) + * Detectors Updates 1 for Tristate Verification (#2187) + * feat(detectors): update template (#2342) + * Azure function key is throwing FPs (#2352) + * Improve fp ignore logic (#2351) + * added azuresearchquerykey detector (#2349) + * added azuresearchadminkey detector (#2348) + * added azurefunctionkey detector (#2337) + * updates to plain and json printing to include verification error (#2335) + * Add the new MaxMind license key format (#2181) + * Prevent print or logging in detectors (#2341) + * make sure to close connections after testing (#2343) + * Fix test (#2339) + * add tri-state verification to yelp (#1736) + * Improve GitHub scan logging (#2220) + * Update DockerHub detector logic (#2266) + * Add Google oauth2 token detector (#2274) + * add priority semaphore (#2336) + * updating doppler logic (#2329) + * added azuredevopspersonalaccesstoken detector (#2315) + * Walk directories in filesystem source enumeration (#2313) + * [feat] - Replace regexp pkg w/ go-re2 in detectors (#2324) + * Update Gitlab repo count in tests #2333 + * Narrow Postgres detector to only look for URIs (#2314) + * fixing incorrect acct num id for some aws keys (#2332) + * updating detector logic for zenscrape (#2316) + * Add prometheus metrics to measure hook execution time (#2312) + * [chore] - reduce test time (#2321) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.0 (#2325) + * fix(deps): update module github.com/envoyproxy/protoc-gen-validate to v1.0.4 (#2322) + * fix(deps): update module github.com/couchbase/gocb/v2 to v2.7.1 (#2320) + * fix(deps): update golang.org/x/exp digest to 1b97071 (#2318) + * [chore] - Update Chunk struct comment (#2317) + * fix(deps): update module github.com/hashicorp/golang-lru to v2 (#2054) + * save 8 bytes per chunk (#2310) + * [chore] - Add regex and keyword for api_org tokens (#2240) + * Assume unauthenticated github scans have public visibility (#2308) + * [fixup ] - Allow ssh cloning with AWS Code Commit (#2307) + * added azure protos (#2304) + * Disable recently added postgres detector because it it too sensitive (#2303) + * [feat] - Provide CLI flag to only use custom verifiers (#2299) + * Individuate archive tests #2293 + * [feat] - Allow for the use of include/exclude path files for filesystem scans (#2297) + * [chore] - small updates (#2288) + * fix(deps): update module github.com/bradleyfalzon/ghinstallation/v2 to v2.9.0 (#2295) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.49.19 (#2294) + * feat(installation): Implement checksum signature verification (#2157) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.49.18 (#2292) + * fix(deps): update module cloud.google.com/go/storage to v1.36.0 (#2291) + * chore(deps): update sigstore/cosign-installer action to v3.3.0 (#2290) + * chore(deps): update alpine docker tag to v3.19 (#2287) + * fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.19 (#2286) + * Extend memory cache (#2275) + * fix(deps): update module github.com/gabriel-vasile/mimetype to v1.4.3 (#2285) + * fix(deps): update golang.org/x/exp digest to 0dcbfd6 (#2284) + * fix(deps): update module github.com/azuread/microsoft-authentication-library-for-go to v1.2.1 (#2282) + * adding postgres detector (#2108) + * update test (#2283) + * fix(deps): update golang.org/x/exp digest to be819d1 (#2281) + * fix(signable): ignore common false positives (#2230) + * fix(parseur): ignore false positives (#2229) + * [chore] - update docs for pre-commit (#2280) + * 1833 Fix syslog udp (#1835) + * Wrap temp deletion err #2277 + * Bump github.com/dvsekhvalnov/jose2go from 1.5.0 to 1.6.0 (#2279) + * Bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 (#2278) + * Updated trufflehog sourcegraph secret format (#2254) + * Update stripe detector regex (#2261) + * [chore] Add test to check all versioned detectors are non-zero (#2272) + * fix(gitparse): handle fromFileLine edge case (#2206) + * Fix non-ASCII whitespace on GitHub Action (#2270) + * fix(deps): update module github.com/go-git/go-git/v5 to v5.11.0 [security] (#2263) + * Fix commit message single quote escaping on GitHub Action (#2259) + * Use directory iterator instead of walkdir (#2260) + * Add handlerOpts back (#2258) + * Skip all binaries (#2256) + * Add skip archive support (#2257) + * use walk dir for tmp cleanup (#2255) + * [fixup] - Refactor to Pass Reader for Binary Diffs and Archived Data; Optimize /tmp Directory Cleanup (#2253) + * Dedupe some source log keys (#2250) + * Fix goroutine leak (#2251) + * [chore] - lower logging level (#2249) + * [chore] - add additional binary extensions to skip (#2235) + * use snake_case for naming (#2238) + * [bug] - Bug archive handler memory leak (#2247) + * Add missing import (#2246) + * fix(snowflake): avoid extraneous attempts (#2057) + * feat(github): update extradata (#2219) + * shallow cloning + GitHub Action (#2138) + +------------------------------------------------------------------- +Mon Feb 05 20:02:07 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.67.2: + * [fixup] - correctly use the buffered file writer (#2373) + * custom detector dogs (#2376) + * use only the DetectorKey as a map field (#2374) + * [feat] - concurently scan the filesystem source (#2364) + +------------------------------------------------------------------- +Sat Feb 03 08:36:22 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.67.1: + * Add s3 credential validation (#2362) + * [bug] - use DetectorKey as the key in the detectorKeysWithResults map (#2366) + +------------------------------------------------------------------- +Sat Feb 03 08:35:21 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.67.0: + * [chore] Cleanup GitLab source errors (#2345) + * [bug] - use DetectorKey as the key in the detectorKeysWithResults map (#2366) + * Add s3 credential validation (#2362) + * Polite Verification (#2356) + * Make AzureDevopsPersonalAccessToken verification more robust (#2359) + +------------------------------------------------------------------- +Thu Feb 1 06:37:58 UTC 2024 - Felix Niederwanger + +- Update to version 3.66.3 + * Allow for configuring the buffered file writer (#2319) + * added flyio protos (#2357) + * Scan GitHub wikis (#2233) + * [chore] Add filesystem integration test (#2358) + * update azure test files to check rawV2 (#2353) + * [bug] fix script change (#2360) + +------------------------------------------------------------------- +Thu Feb 01 06:29:26 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.66.2: + * fix (#2360) + * update azure test files to check rawV2 (#2353) + * [chore] Add filesystem integration test (#2358) + * Scan GitHub wikis #2233 + * added flyio protos (#2357) + * Allow for configuring the buffered file writer (#2319) + * [feat] - tmp file diffs (#2306) + * Fix filesystem enumeration ignore paths bug (#2355) + * Detectors Updates 1 for Tristate Verification (#2187) + +------------------------------------------------------------------- +Tue Jan 30 08:03:19 UTC 2024 - Felix Niederwanger + +- Update to version 3.66.1: + * Azure function key is throwing FPs (#2352) + +------------------------------------------------------------------- +Tue Jan 30 07:42:21 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.66.0: + * feat(detectors): update template (#2342) + * Azure function key is throwing FPs (#2352) + * Improve fp ignore logic (#2351) + * added azuresearchquerykey detector (#2349) + * added azuresearchadminkey detector (#2348) + * added azurefunctionkey detector (#2337) + * updates to plain and json printing to include verification error (#2335) + +------------------------------------------------------------------- +Sun Jan 28 07:31:50 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.65.0: + * Add the new MaxMind license key format (#2181) + * Prevent print or logging in detectors (#2341) + * make sure to close connections after testing (#2343) + * Fix test (#2339) + * add tri-state verification to yelp (#1736) + * Improve GitHub scan logging (#2220) + * Update DockerHub detector logic (#2266) + * Add Google oauth2 token detector (#2274) + +------------------------------------------------------------------- +Thu Jan 25 10:34:16 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.64.0: + * add priority semaphore (#2336) + * updating doppler logic (#2329) + * added azuredevopspersonalaccesstoken detector (#2315) + * Walk directories in filesystem source enumeration (#2313) + * [feat] - Replace regexp pkg w/ go-re2 in detectors (#2324) + * Update Gitlab repo count in tests #2333 + * Narrow Postgres detector to only look for URIs (#2314) + * fixing incorrect acct num id for some aws keys (#2332) + +------------------------------------------------------------------- +Tue Jan 23 13:21:14 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.63.11: + * updating detector logic for zenscrape (#2316) + * Add prometheus metrics to measure hook execution time (#2312) + * [chore] - reduce test time (#2321) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.0 (#2325) + * fix(deps): update module github.com/envoyproxy/protoc-gen-validate to v1.0.4 (#2322) + * fix(deps): update module github.com/couchbase/gocb/v2 to v2.7.1 (#2320) + * fix(deps): update golang.org/x/exp digest to 1b97071 (#2318) + * [chore] - Update Chunk struct comment (#2317) + * fix(deps): update module github.com/hashicorp/golang-lru to v2 (#2054) + * save 8 bytes per chunk (#2310) + +------------------------------------------------------------------- +Thu Jan 18 13:29:28 UTC 2024 - felix.niederwanger@suse.com + +- Update to version 3.63.10: + * [chore] - Add regex and keyword for api_org tokens (#2240) + * Assume unauthenticated github scans have public visibility (#2308) + * [fixup ] - Allow ssh cloning with AWS Code Commit (#2307) + * added azure protos (#2304) + * Disable recently added postgres detector because it it too sensitive (#2303) + * [feat] - Provide CLI flag to only use custom verifiers (#2299) + * Individuate archive tests #2293 + * [feat] - Allow for the use of include/exclude path files for filesystem scans (#2297) + * [chore] - small updates (#2288) + * fix(deps): update module github.com/bradleyfalzon/ghinstallation/v2 to v2.9.0 (#2295) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.49.19 (#2294) + * feat(installation): Implement checksum signature verification (#2157) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.49.18 (#2292) + * fix(deps): update module cloud.google.com/go/storage to v1.36.0 (#2291) + * chore(deps): update sigstore/cosign-installer action to v3.3.0 (#2290) + * chore(deps): update alpine docker tag to v3.19 (#2287) + * fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.19 (#2286) + * Extend memory cache (#2275) + * fix(deps): update module github.com/gabriel-vasile/mimetype to v1.4.3 (#2285) + * fix(deps): update golang.org/x/exp digest to 0dcbfd6 (#2284) + * fix(deps): update module github.com/azuread/microsoft-authentication-library-for-go to v1.2.1 (#2282) + * adding postgres detector (#2108) + * update test (#2283) + * fix(deps): update golang.org/x/exp digest to be819d1 (#2281) + * fix(signable): ignore common false positives (#2230) + * fix(parseur): ignore false positives (#2229) + * [chore] - update docs for pre-commit (#2280) + * 1833 Fix syslog udp (#1835) + * Wrap temp deletion err #2277 + * Bump github.com/dvsekhvalnov/jose2go from 1.5.0 to 1.6.0 (#2279) + * Bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 (#2278) + * Updated trufflehog sourcegraph secret format (#2254) + * Update stripe detector regex (#2261) + * [chore] Add test to check all versioned detectors are non-zero (#2272) + * fix(gitparse): handle fromFileLine edge case (#2206) + * Fix non-ASCII whitespace on GitHub Action (#2270) + * fix(deps): update module github.com/go-git/go-git/v5 to v5.11.0 [security] (#2263) + * Fix commit message single quote escaping on GitHub Action (#2259) + +------------------------------------------------------------------- +Sat Dec 23 19:28:02 UTC 2023 - felix.niederwanger@suse.com + +- Update to version 3.63.7: + * Use directory iterator instead of walkdir (#2260) + * Add handlerOpts back (#2258) + * Skip all binaries (#2256) + * Add skip archive support (#2257) + +------------------------------------------------------------------- +Fri Dec 22 19:34:15 UTC 2023 - felix.niederwanger@suse.com + +- Update to version 3.63.6: + * use walk dir for tmp cleanup (#2255) + * [fixup] - Refactor to Pass Reader for Binary Diffs and Archived Data; Optimize /tmp Directory Cleanup (#2253) + * Dedupe some source log keys (#2250) + * Fix goroutine leak (#2251) + * [chore] - lower logging level (#2249) + * [chore] - add additional binary extensions to skip (#2235) + * use snake_case for naming (#2238) + * [bug] - Bug archive handler memory leak (#2247) + * Add missing import (#2246) + * fix(snowflake): avoid extraneous attempts (#2057) + +------------------------------------------------------------------- +Tue Dec 19 07:49:30 UTC 2023 - felix.niederwanger@suse.de + +- Update to version 3.63.5: + * move cleanup to run (#2245) + * Adds basic if/else check if pid slice is empty (#2244) + * fix(deps): update module golang.org/x/crypto to v0.17.0 [security] (#2243) + * add secretID to chunk (#2242) + +------------------------------------------------------------------- +Mon Dec 18 12:33:54 UTC 2023 - felix.niederwanger@suse.de + +- Update to version 3.63.4: + * feat(shortcut): use tri-state verification (#2211) + * feat(huggingface): enhance extradata (#2222) + * fix(myfreshworks): check for valid JSON (#2212) + * ci: don't run detector tests on forks (#2234) + * [chore] Add skip_binaries field to AzureRepos proto message (#2232) + * [feat] - Make skipping binaries configurable (#2226) + * [chore] Prevent panic when ChunkError has a nil Unit (#2227) + * chore: don't run test workflow in forks (#2221) + * fix(github): remove unused 'members' var (#2202) + * Check for SourceUnit support dynamically in the SourceManager (#2205) + * fix(gitlab): check for valid JSON (#2218) + * Avoid reading decompressed data into memory (#2196) + * fix(gitparse): don't trim filename (#2201) + * fix(giturl): encode '%' in path (#2214) + * build: upgrade bodgit/sevenzip to v1.4.5 (#2215) + * Fix emoji in README (#2217) + +------------------------------------------------------------------- +Thu Dec 14 15:05:21 UTC 2023 - felix.niederwanger@suse.de + +- Update to version 3.63.3: + * Bump github.com/docker/docker (#2213) + * Update metabase verification to check for a valid JSON response (#2210) + * [chore] Remove unnecessary string conversion in tefter detector (#2209) + * fix and refactor browserstack detector (#2208) + * Fix azurestorage detector (#2207) + * [chore] Remove omitempty tags on JobProgressMetrics and UnitMetrics (#2204) + * Add disk buffer tempfile cleanup (#2130) + * Use bad json in slackwebhooks (#2193) + * [bug] - close file after reading (#2203) + * chore: propagate log context to handlers (#2191) + * feat(privatekey): run checks concurrently (#2139) + * [fixup] - skip files in the archive handler (#2195) + * move logic to main Chunks method (#2194) + * add metrics for gitlab (#2190) + * [chore] - Refactor common code into a separate function (#2179) + * Remove java archives from ignored extensions (#2188) + * [chore] - Compile regex once (#2176) + +------------------------------------------------------------------- +Thu Dec 07 10:40:06 UTC 2023 - felix.niederwanger@suse.de + +- Update to version 3.63.2: + * update regex (#2184) + * Deprecate some detectors (#2186) + * allow targets for the source manager (#2182) + * use https for verification endpoints (#2185) + * remove unnecessary Git cmd check (#2175) + * [feat] - Remove go-git dependency (#2174) + * Skip trying to determine MIME type for directories (#2178) + * fixing how to rotate URL (#2183) + * Use forked sevenzip (#2180) + * [thog-1548] add auto redaction for verification errors (#2106) + * fix(deps): update module github.com/google/go-github/v42 to v57 (#2172) + * chore(deps): update google-github-actions/auth action to v2 (#2171) + * skip files we can't scan (#2170) + * fix(deps): update module google.golang.org/api to v0.152.0 (#2169) + * [chore] - remove deprecated types (#2168) + * fix(deps): update module golang.org/x/oauth2 to v0.15.0 (#2167) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.48.12 (#2166) + * fix(deps): update module github.com/xanzy/go-gitlab to v0.94.0 (#2165) + * fix(deps): update module github.com/trufflesecurity/disk-buffer-reader to v0.2.1 (#2163) + * Ignore images and binaries (#2162) + * [chore] - Increase pagination limit (#2154) + * fix(deps): update module github.com/google/go-containerregistry to v0.17.0 (#2160) + * update forager types (#2159) + * fix(deps): update module github.com/go-logr/zapr to v1.3.0 (#2158) + * fix(deps): update module github.com/fatih/color to v1.16.0 (#2155) + * fix(deps): update module github.com/couchbase/gocb/v2 to v2.7.0 (#2153) + * fix(deps): update module github.com/aws/aws-sdk-go to v1.48.11 (#2152) + * fix(deps): update module github.com/alecthomas/kingpin/v2 to v2.4.0 (#2151) + * fix(deps): update module cloud.google.com/go/storage to v1.35.1 (#2150) + * make empty slice delcration consistent (#2144) + * chore(deps): update sigstore/cosign-installer action to v3.2.0 (#2149) + * fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.18 (#2148) + * fix(deps): update module github.com/hashicorp/go-retryablehttp to v0.7.5 (#2147) + * fix(deps): update module github.com/go-git/go-git/v5 to v5.10.1 (#2146) + * [chore] - fix error comparisons (#2142) + * fix(deps): update module cloud.google.com/go/secretmanager to v1.11.4 (#2145) + * fix(deps): update golang.org/x/exp digest to 6522937 (#2140) + * [chore] - fix import name clashes (#2143) + * fix(deps): update module github.com/google/go-github/v42 to v56 (#2049) + * Fix azure panic when invalid URL is constructed (#2137) + * fixup cleantemp (#2136) + * Fix nil pointer dereference when checking if a unit IsFinished (#2135) + * [chore] Minor cleanup of source_manager.go (#2134) + * Simplify temp dir cleaning (#2133) + * Add new auth method to source (#2132) + * add extradata nil check and use make (#2129) + * added ci scanning info to readme (#2126) + * Call Finish in SourceManager after the semaphore is released (#2121) + * chore(github): add a newline between titles and bodies (#2124) + +------------------------------------------------------------------- +Thu Nov 23 12:29:15 UTC 2023 - felix.niederwanger@suse.de + +- Update to version 3.63.1: + * feat(github): scan issue & pr titles (#1899) + +------------------------------------------------------------------- +Wed Nov 22 17:14:15 UTC 2023 - felix.niederwanger@suse.de + +- Update to version 3.63.0: + * use camelcase var names (#2123) + * Remove unused functions (#2122) + * [chore] - update readme help flags (#2120) + * feat(signing): Sign checksum (#1894) + * import missing detectors (#2119) + * Fix forks and repos counter, add metric for orgs enumerated (#2118) + * feat(telegram): add username to extradata (#2100) + * add extra data to github detector (#1909) + * fixed gist direct link generation (#2115) + * fix nil map assignment (#2117) + * [chore] Add JSON tags to job metrics (#2114) + * move all Git setup into Init method (#2105) + * add proto fields for Git (#2104) + * extract AWS account number from ID without verification (#2091) + * Adding Sumo Logic how to rotate (#2103) + * update protos so we can use the git source for CI (#2102) + * Detector-Competition-Feat: Added Replicate API token detector (#2021) + * Detector-Competition-Feat: Added Ngrok API token detector (#2024) + * Competition-Detector-New:added v2 version for fullstory (#2067) + * Add support for user:pass@host to postgres JDBC detector (#2089) + * Detector-Competition-Feat: Add Overloop detector (#2080) + * Detector-Competition-Feat: Added Request.Finance API token detector (#2020) + * Detector-Competition-New : created grafana service account detector (#1960) + * Detector-Competition-Fix: fixed zulipchat detector (#1990) + * Grafana (#2096) + * Competition-Detector-New: added eventbrite detector (#2072) + * logz.io detector (#2076) + * Coda Detector (#2075) + * fix (#2094) + * Detector-Competition-Fix: Fix LiveAgent Detector & Verifier (#2001) + * pulling short lived AWS keys into their own thing, fixes #1224 (#2088) + * Support multiple detectors per match (#2065) + * [chore] Speedup IsKnownFalsePositive using sets (#2090) + * Detector-Competition-Fix: Fix ScraperSite (deprecated) (#2074) + * Detector-Competition-Fix: Fix PassBase (acquired, deprecated) (#2079) + * Detector-Competition-New - Created Grafana Cloud API Key detector (#1959) + * Detector-Competition-Fix: Fix/Deprecate Prospect.io (#2081) + * added resource type mapping to extraData in AWS (#2087) + * Detector-Competition-Fix: Fix FakeJSON (deprecated) (#2073) + * fixed helpscout detector regex and verifier (#2056) + * Detector-Competition-Fix: fixed regex for databricks domain and fixed tests (#1965) + * modified regex (#2033) + * Detector-Competition-Feat: Adding Azure Container Registry Password Detector (#1958) + * Detector-Competition-Fix: Fix SentimentInvestor (deprecated) (#2078) + * Refactor git source to support scanning units (#2083) + * [chore] Replace chunks channel with ChunkReporter in git based sources (#2082) + * update comment (#2084) + * use rawv2 for pubnubpublish (#2062) + +------------------------------------------------------------------- +Wed Nov 01 10:39:23 UTC 2023 - felix.niederwanger@suse.de + +- Update to version 3.62.1: + * [chore] - correctly handle input shorter than 512 bytes (#2077) + * [chore] - add binutils dep to dockerfile (#2061) + * update braintreepayments detector to tri-state verification (#1834) + * Detector-Competition-Feat: Adding Azure Batch keys (#1956) + * Detector-Competition-Fix: Fix redis to now support SSL, and look for azure redis connection strings (#1957) + * Detector-Competition-Fix: Fix AppFollow Detection & Verification (#1933) + * Centralize logic for checking archive extraction tools (#2063) + * [chore] Fix SourceManager flaky test (#2059) + * Support multiple custom detectors (#2064) + * Detector-Competition-Fix: Fix SalesBlink Detection & Verification (#1950) + +------------------------------------------------------------------- +Mon Oct 30 16:57:30 UTC 2023 - Jan Engelhardt + +- Clarify description's "entire tech stack". + +------------------------------------------------------------------- +Mon Oct 30 14:52:09 UTC 2023 - felix.niederwanger@suse.de + +- Update to version 3.62.0: + * Add TravisCI source (#1877) + * Remove verify flag from Aho-Corasick core (#2010) + +------------------------------------------------------------------- +Mon Oct 30 13:46:56 UTC 2023 - Jeff Kowalczyk + +- Packaging improvements: + * _service change disabled to manual per osc deprecation warning: + WARNING: Command 'disabledrun/dr' is obsolete, please convert + your _service to use 'manual' and then 'manualrun/mr' instead. + * _service reorder move set_version earlier so go_modules sees + updated version + * Summary and Description clarify the purpose of this CLI tool + * Use %%name macro where applicable to normalize common lines + across Go app packages. Also makes renaming binary easier when + required to handle package name conflict. + * Drop BuildRequires: libpcre1. libpcre2 is already included + during build, and there is no mention in upstream source or + docs that only libpcre1 is supported. Since upstream uses + CGO_ENABLED=0 in their Makefile, it is not clear if or how + libpcre would be a required dependency. + * Drop BuildRequires: golang-packaging. The original macros for + file movements into GOPATH are obsolete with Go modules. Macro + go_nostrip is no longer needed with current binutils and Go. + * Remove %%{go_nostrip} macro which is no longer recommended + * Extract go build command from upstream Makefile. The go build + command straightforward in this package. Calling go build + directly from packaging where possible helps package + maintainers review usage and normalize packaging standards. + Makefiles often have targets for building container images, + running tests, etc. Makefiles can include assumptions of online + access that do not hold for the OBS build environment. + * Build PIE with pattern that may become recommended procedure: + %%ifnarch ppc64 GOFLAGS="-buildmode=pie" %%endif go build + A go toolchain buildmode default config would be preferable + but none exist at this time. + * Drop mod=vendor, go1.14+ will detect vendor dir and auto-enable + * Drop export CGO_ENABLED="0" used by Makefile. Use the default + unless there is a defined requirement or benefit. + +------------------------------------------------------------------- +Mon Oct 30 10:34:22 UTC 2023 - felix.niederwanger@suse.de + +- Update to version 3.61.0: + * adding 'token' keyword to regex for github_old (#2037) + * Update module github.com/go-git/go-git/v5 to v5.10.0 (#2023) + * Detector-Competition-Feat: Added Reply.io API token detector (#2019) + * fix(deps): update module sigs.k8s.io/yaml to v1.4.0 (#2047) + * Detector-Competition-Feat: Added Stripo API token detector (#2018) + * feat: deno deploy detector (#2040) + * Update module google.golang.org/api to v0.148.0 (#2045) + * Update module go.uber.org/zap to v1.26.0 (#2044) + * Update module github.com/launchdarkly/go-server-sdk/v6 to v6.1.1 (#2043) + * Update module github.com/snowflakedb/gosnowflake to v1.6.25 (#2042) + * Update module github.com/xanzy/go-gitlab to v0.93.2 (#2031) + * Update module go.uber.org/mock to v0.3.0 (#2038) + * Update github.com/bodgit/sevenzip to v1.4.3 (#2039) + * Detector-Competition-Feat: Added Budibase API token detector (#2016) + * Update module github.com/prometheus/client_golang to v1.17.0 (#2029) + * Detector-Competition-Feat: Added LemonSqueezy API token detector (#2017) + * Update module github.com/rabbitmq/amqp091-go to v1.9.0 (#2030) + * Update module github.com/hashicorp/golang-lru to v0.6.0 (#2028) + * Update module github.com/google/uuid to v1.4.0 (#2027) + * Update module github.com/google/go-containerregistry to v0.16.1 (#2026) + * Update module github.com/getsentry/sentry-go to v0.25.0 (#2022) + * Update module github.com/go-logr/logr to v1.3.0 (#2025) + * Update module github.com/charmbracelet/lipgloss to v0.9.1 (#2015) + * Update module github.com/bradleyfalzon/ghinstallation/v2 to v2.8.0 (#2014) + * Update module github.com/aws/aws-sdk-go to v1.46.6 (#2013) + * Update module cloud.google.com/go/secretmanager to v1.11.3 (#2011) + * Update module github.com/TheZeroSlave/zapsentry to v1.19.0 (#2012) + * Chore(deps): Bump google.golang.org/grpc from 1.56.2 to 1.56.3 (#2009) + * Add Coinbase Wallet-as-a-Service detector (#1895) + * Detector-Competition-Feat: Add Metabase Session Secret Detector (#1902) + * Detector-Competition-Feat: Added AppOptics API token detector (#1989) + * Detector-Competition-Feat: Added ZeroTier API token detector (#1988) + * Detector-Competition-Feat: Added BetterStack API token detector (#1987) + * Detector-Competition-Fix: Fix SurveyBot Verification (#1948) + * Fix binary handling (#1999) + * Add temp directory management (#1878) + +------------------------------------------------------------------- +Thu Oct 26 14:49:43 UTC 2023 - felix.niederwanger@suse.de + +- Update to version 3.60.4: + + * loggly detector by @ankushgoel27 in #1782 + * Detector-Competition-Feat: Added OpenVPN API Detector by @fumblehool in #1940 + * deprecate scan_interval field by @ahrav in #1984 + * Detector-Competition-Feat: Added Portainer Detector by @fumblehool in #1936 + * Detector-Competition-Fix: Fix/Remove baseapi detector (no longer exists) by @lc in #1992 + * remove detector by @ahrav in #1993 + * Detector-Competition-Feat: Added Vagrant Cloud Access Token Detector by @fumblehool in #1941 + * Detector-Competition-Fix : fixed monday.com regex by @ankushgoel27 in #1961 + * Detector-Competition-Fix: Fix ScreenshotAPI Verification by @lc in #1949 + * Detector-Competition-Fix: Fix MeaningCloud Verification by @lc in #1946 + * Detector-Competition-Fix: Deprecate Glitterly by @lc in #2000 + * Detector-Competition-Fix: Fix/Remove BlaBlaBus, API retired by @lc in #1996 + * make protos for deprecating Blablabus by @0x1 in #2002 + * Detector-Competition-Fix: Fix/Remove QuickMetrics (shutdown) by @lc in #1997 + * update renovate config and remove dependabot by @dustin-decker in #1994 + * Detector-Competition-Fix: Fix/Remove DataFire, API retired by @lc in #1995 + +- Update to version 3.60.3: + + * Use latest dbr by @bill-rich in #1955 + * Revert "Fix wrong line number" by @rosecodym in #1963 + * Upgrade gocb and gocbcore by @nyanshak in #1952 + * Detector-Competition-Fix: Fix CloudSmith verification by @lc in #1944 + * Detector-Competition-fix: NewRelic Detector -fallback to EU Api for verification by @fumblehool in #1932 + * fix #1751: update facebookOauth Detector by @fumblehool in #1921 + * Dockerfiles - Alpine Linux 3.15 EoL by @nfsec in #1914 + * Remove docker container after make protos finishes by @fumblehool in #1964 + * Configure Renovate by @renovate in #1966 + * fix(deps): update golang.org/x/exp digest to 7918f67 by @renovate in #1968 + * fix(deps): update github.com/lrstanley/bubblezone digest to e3824f1 by @renovate in #1967 + * fix(deps): update module cloud.google.com/go/secretmanager to v1.11.2 by @renovate in #1970 + * fix(deps): update module github.com/aymanbagabas/go-osc52 to v1.2.2 by @renovate in #1971 + * fix(deps): update module github.com/go-errors/errors to v1.5.1 by @renovate in #1972 + * fix(deps): update module golang.org/x/oauth2 to v0.13.0 by @renovate in #1974 + * Detector-Competition-Feat: Added PortainerToken Detector by @fumblehool in #1938 + * fix(deps): update module github.com/snowflakedb/gosnowflake to v1.6.25 by @renovate in #1981 + * fix(deps): update module github.com/google/go-github/v42 to v56 by @renovate in #1975 + * chore(deps): update alpine docker tag to v3.18 by @renovate in #1982 + * fix(deps): update module github.com/mattn/go-isatty to v0.0.20 by @renovate in #1980 + * chore(deps): update module github.com/trufflesecurity/overseer to v1.2.7 by @renovate in #1983 + * fix(deps): update module github.com/google/go-cmp to v0.6.0 by @renovate in #1973 + * fix(deps): update module github.com/azure/go-autorest/autorest/azure/auth to v0.5.12 by @renovate in #1977 + * fix(deps): update module github.com/launchdarkly/go-server-sdk/v6 to v6.1.1 by @renovate in #1978 + * add rpm2cpio as dependency to dockerfile by @ahrav in #1985 + +- Update to version 3.60.2: + * Detector-Competition-Fix: Fix/Remove Flowdock detector (#2004) + * Detector-Competition-Fix: Fix/Remove Happi Detection & Verification (#2003) + * Detector-Competition-Fix: Fix/Remove DataFire, API retired (#1995) + * update renovate config and remove dependabot (#1994) + * Detector-Competition-Fix: Fix/Remove QuickMetrics (shutdown) (#1997) + * make protos for deprecating Blablabus (#2002) + * Detector-Competition-Fix: Fix/Remove BlaBlaBus, API retired (#1996) + * Detector-Competition-Fix: Depreciate Glitterly (#2000) + * Detector-Competition-Fix: Fix MeaningCloud Verification (#1946) + * Detector-Competition-Fix: Fix ScreenshotAPI Verification (#1949) + * Detector-Competition-Fix : fixed monday.com regex (#1961) + * Detector-Competition-Feat: Added Vagrant Cloud Access Token Detector (#1941) + * remove detector (#1993) + * Detector-Competition-Fix: Fix/Remove baseapi detector (no longer exists) (#1992) + * Detector-Competition-Feat: Added Portainer Detector (#1936) + * deprecate scan_interval field (#1984) + * Detector-Competition-Feat: Added OpenVPN API Detector (#1940) + * loggly detector (#1782) + * add rpm2cpio as dependency to dockerfile (#1985) + * fix(deps): update module github.com/launchdarkly/go-server-sdk/v6 to v6.1.1 (#1978) + * fix(deps): update module github.com/azure/go-autorest/autorest/azure/auth to v0.5.12 (#1977) + * fix(deps): update module github.com/google/go-cmp to v0.6.0 (#1973) + * chore(deps): update module github.com/trufflesecurity/overseer to v1.2.7 (#1983) + * fix(deps): update module github.com/mattn/go-isatty to v0.0.20 (#1980) + * chore(deps): update alpine docker tag to v3.18 (#1982) + * fix(deps): update module github.com/google/go-github/v42 to v56 (#1975) + * fix(deps): update module github.com/snowflakedb/gosnowflake to v1.6.25 (#1981) + * Detector-Competition-Feat: Added PortainerToken Detector (#1938) + * fix(deps): update module golang.org/x/oauth2 to v0.13.0 (#1974) + * fix(deps): update module github.com/go-errors/errors to v1.5.1 (#1972) + * fix(deps): update module github.com/aymanbagabas/go-osc52 to v1.2.2 (#1971) + * fix(deps): update module cloud.google.com/go/secretmanager to v1.11.2 (#1970) + * fix(deps): update github.com/lrstanley/bubblezone digest to e3824f1 (#1967) + * fix(deps): update golang.org/x/exp digest to 7918f67 (#1968) + * Add renovate.json (#1966) + * Remove docker container after make protos finishes (#1964) + * Dockerfiles - Alpine Linux 3.15 EoL (#1914) + * fix #1751: update facebookOauth Detector (#1921) + * fix: NewRelic Detector: fallback to EU Api for verification (#1932) + * Detector-Competition-Fix: Fix CloudSmith detection (#1944) + * Upgrade gocb and gocbcore (#1952) + * Revert "Fix off by one (#1891)" (#1963) + * Use latest dbr (#1955) + * export ShouldVerify (#1962) + * export struct (#1954) + * Detector-Competition-Fix: Fix CodeClimate verification (#1945) + * Detector-Competition-Feat: Add InstaMojo Payment Detector (#1905) + * Detector-Competition-Fix: Fix SuperNotes API verification (#1947) + * Add UnitHook and NoopHook implementations (#1930) + * Detector-Competition-New: add IP2Location api key detector (#1915) + * [chore] Fix glob package name (#1931) + * Filter unique detectors by keywords in chunk (#1711) + * Detector-Competition-Feat: Add ipinfo.io API key detector (#1889) + * Fix README.md typo (#1942) + * Use the configured include repositories in the GitHub filter (#1926) + * chore(github): reduce comment log verbosity (#1922) + * Detector-Competition-Feat: Add Privacy.com API key detector (#1888) + * Move Github comments check to fix a test #1927 + * Handle secondary GitHub ratelimits (#1912) + * Export ChunkError fields and add ErrorsFor convenience method (#1920) + * Detector-Competition-Fix: Fix plaid.com API key detection (#1916) + * update regex (#1919) + +------------------------------------------------------------------- +Thu Oct 19 11:59:15 UTC 2023 - felix.niederwanger@suse.de + +- Update to version 3.60.1: + * feat(voiceflow): basic detector (#1900) + * Fix for #1526: Update Posthog detector (#1910) + * Add generic glob filter (#1858) + * Tighten up regex for twist detector (#1908) + * Added Support for '-h' Option for Help Documentation (#1901) + * feat(git): only generate line numbers > 0 (#1898) + * fix(github): normalize repo cache (#1897) + * Fix off by one (#1891) + +------------------------------------------------------------------- +Tue Oct 17 12:16:21 UTC 2023 - felix.niederwanger@suse.de + +- Update to version 3.60.0: + * Add ShannonEntropy test for an empty string (#1893) + * [chore] Add SourceUnitEnumChunker filesystem tests (#1873) + * Detector-Competition-Fix: Add Personal Access Tokens (API Tokens Depr… (#1871) + * [bug] - Don't modify global client var (#1890) + * added cody gateway token detection code (#1883) + * Bump golang.org/x/net from 0.15.0 to 0.17.0 (#1886) + * Detector-Competition-Feat: Add Klaviyo API Secret Detector (#1870) + +------------------------------------------------------------------- +Mon Oct 09 09:08:20 UTC 2023 - felix.niederwanger@suse.com + +- Update to version 3.59.0: + * Add an option to filter unverified results using shannon entropy (#1875) + * [chore] Fix flaky TestJobProgressElapsedTime (#1872) + * Tighten up keywords (#1874) + * Detector-Competition-Fix: fix notion.so false negative verification (#1866) + * Detector-Competition-New: add anthropic api key detector (#1861) + * Detector-Competition-New: add ramp.com client id & secret detector (#1862) + * use Repositories field from conn. (#1860) + * Add include and ignore list to Artifactory (#1857) + * support insecure TLS for Jira and Jenkins (#1856) + * add tristate verification to postman (#1837) + * Use placeholder as default if field left empty and is required (#1642) + * implemented planet scale creds (passwords and API keys) (#1841) + * adding azure storage detector (#1840) + * Adding Howtorotate Guides to TruffleHog (#1839) + * update pagerdutyapikey detector to tri-state verification (#1836) + * Fix bug in chunker that surfaces with a flaky passed in io.Reader (#1838) + * Bump github.com/AzureAD/microsoft-authentication-library-for-go (#1850) + * Bump github.com/bradleyfalzon/ghinstallation/v2 from 2.6.0 to 2.7.0 (#1851) + * Bump go.mongodb.org/mongo-driver from 1.12.0 to 1.12.1 (#1848) + * Bump github.com/aws/aws-sdk-go from 1.44.83 to 1.45.19 (#1847) + * Bump docker/setup-qemu-action from 2 to 3 (#1845) + * Bump goreleaser/goreleaser-action from 4 to 5 (#1844) + * Bump mikepenz/action-junit-report from 3 to 4 (#1843) + * Bump docker/login-action from 2 to 3 (#1846) + * Bump github.com/xanzy/go-gitlab from 0.88.0 to 0.92.3 (#1849) + * Bump actions/checkout from 3 to 4 (#1842) + * fixing razorpay (#1852) + * add tristate verification to twitch (#1830) + * chore(ReadMe): Update installation Doc (#1818) + * Separate gitlab detectors (#1819) + * [chore] add figmav2 to defaults (#1820) + * Cleanup jiratoken detector (#1832) + * cleanup nesting (#1831) + * Cleanup pubnub detector (#1826) + * Update alchemy_test.go to use detectors5 (#1829) + * Update web3storage_test.go (#1828) +- Update to version 3.58.0: + * update figma to use tri-state verification by @0x1 in (#1814) + * updating myfreshworks detector to use tri-state verification by @0x1 in (#1779) + * updating microsoft teams webhook detector to use tri-state verification by @0x1 in (#1792) + * updating browserstack detector to use tri-state verification by @0x1 in (#1785) + * Implement an installation script with CheckSum Validation by @hibare in (#1808) + * Update Adding_Detectors_external.md by @zricethezav in (#1817) + * added PR and Issue body scanning by @joeleonjr in (#1816) + * Github partial scan by @ahrav in (#1804) + * Update Adding_Detectors_external.md by @zricethezav in (#1822) + * added Web3 Storage detector by @ankushgoel27 in (#1789) + * consolidated pr and issue descr/comment flags by @joeleonjr in (#1827) + * Use S3 credentials waterfall by @rosecodym in (#1823) + * [bug] - correctly check err by @ahrav in (#1824) + * Update web3storage_test.go with detectors5 by @zricethezav in (#1828) + * Update alchemy_test.go to use detectors5 by @zricethezav in (#1829) + * Cleanup pubnub detector by @0x1 in (#1826) + * cleanup myfreshworks detector by @0x1 in (#1831) + * Cleanup jiratoken detector by @0x1 in (#1832) + * [chore] add figmav2 to defaults by @0x1 in (#1820) + * Separate gitlab detectors by @0x1 in (#1819) + * chore(ReadMe): Update installation Doc by @varmakarthik12 in (#1818) + * add tristate verification to twitch by @0x1 in (#1830) + * fixing razorpay by @dxa4481 in (#1852) + * Bump actions/checkout from 3 to 4 by @dependabot in (#1842) + * Bump github.com/xanzy/go-gitlab from 0.88.0 to 0.92.3 by @dependabot in (#1849) + * Bump docker/login-action from 2 to 3 by @dependabot in (#1846) + * Bump mikepenz/action-junit-report from 3 to 4 by @dependabot in (#1843) + * Bump goreleaser/goreleaser-action from 4 to 5 by @dependabot in (#1844) + * Bump docker/setup-qemu-action from 2 to 3 by @dependabot in (#1845) + * Bump github.com/aws/aws-sdk-go from 1.44.83 to 1.45.19 by @dependabot in (#1847) + * Bump go.mongodb.org/mongo-driver from 1.12.0 to 1.12.1 by @dependabot in (#1848) + +------------------------------------------------------------------- +Thu Sep 28 12:53:35 UTC 2023 - felix.niederwanger@suse.com + +- Update to version 3.57.0: + * [bug] - correctly check err (#1824) + * Use S3 credentials waterfall (#1823) + * consolidated pr and issue descr/comment flags (#1827) + * added Web3 Storage detector (#1789) + * Update Adding_Detectors_external.md (#1822) + * Github partial scan (#1804) + * added PR and Issue body scanning (#1816) + * Update Adding_Detectors_external.md (#1817) + * Implement an installation script with CheckSum Validation (#1808) + * updating browserstack detector to use tri-state verification (#1785) + * updating microsoft teams webhook detector to use tri-state verification (#1792) + * updating myfreshworks detector to use tri-state verification (#1779) + * update figma to use tri-state verification (#1814) + * adding support for new version of figma token (#1813) + * Update README.md (#1811) + * examples folder (#1734) + * Update protos image to use correct go version (#1810) + * add line to link for azure repos. (#1801) + * fix detector test action (#1805) + * aggregate detector tests daily (#1800) + * Adding new function SetProgressOngoing to be used when the source does not yet know how many items it is scanning and does not want to display a percentage complete. (#1802) + * updating uri detector to use tri-state verification (#1791) + * Bump golang.org/x/oauth2 from 0.10.0 to 0.12.0 (#1799) + * Bump github.com/go-ldap/ldap/v3 from 3.4.5 to 3.4.6 (#1796) + * Bump github.com/charmbracelet/bubbletea from 0.24.1 to 0.24.2 (#1798) + * Bump github.com/getsentry/sentry-go from 0.22.0 to 0.24.1 (#1797) + * Bump cloud.google.com/go/storage from 1.31.0 to 1.33.0 (#1795) + * Bump github.com/mattn/go-isatty from 0.0.18 to 0.0.19 (#1794) + * Add ability to dynamically scale concurrently running sources (#1790) + * [bug] - fix link line (#1793) + * Ability to update line number in link (#1788) + * fixed rubygems detector (#1781) + * Update sonarcloud.go (#1784) + * [bug] - correclty handle nested archived directories (#1778) + * replace interface{} with any. (#1771) + +------------------------------------------------------------------- +Fri Sep 15 07:13:56 UTC 2023 - felix.niederwanger@suse.com + +- Update to version 3.56.0: + * Update Source interface to use SourceID and JobID types (#1774) + * migrate buildpulse to integration test suite (#1775) + * add buildpulse config to sources (#1764) + * Implement Gitlab source validation (#1765) + * fix: add missing error check in archive handler (#1770) + * Add a SourceType constant to all source packages (#1768) + * Refactor SourceManager to remove Enrollment (#1740) + * updating sendbirdorganizationapi detector to use tri-state verification (#1763) + +------------------------------------------------------------------- +Tue Sep 12 07:24:02 UTC 2023 - felix.niederwanger@suse.com + +- Update to version 3.55.1 + * [chore] - fix slackwebhook detector by @ahrav in #1761 + * Add log verbosity by @codevbus in #1750 + +- Update to version 3.55.0 + * [chore] - Sentry detector update by @ahrav in #1746 + * Always close AWS response body by @rosecodym in #1758 + * [chore] - add test for custom providers by @ahrav in #1759 + * cache dupes w/ different decoders by @ahrav in #1754 + * add tri state verification to slack (not slack webhook) by @zubairk14 in #1731 + * Improve private key detector by @dustin-decker in #1760 + +- Update to version 3.54.4: + * verbosity updates to s3 source (#1750) + * [chore] - fix slackwebhook detector (#1761) + * Improve private key detector (#1760) + * add tri state verification to slack (not slack webhook) (#1731) + * cache dupes w/ different decoders (#1754) + * add test for custom providers. (#1759) + * always close aws response body (#1758) + * [chore] - Sentry detector update (#1746) + * Retry AWS verification 403s (#1757) + * Always attempt to return a git link (#1756) + * Add Tailscale detector (#1719) + * updating sendgrid detector to use tri-state verification (#1735) + * Add optional param to Chunks (#1747) + * Use common chunker for archive handler (#1717) + * Fix pagerdutyapikey Detector (#1749) + * updating jiratoken and jiratokenV2 to use tri-state verification + updating tests (#1744) + * [chore] - update Docker source (#1708) + * updating sendbird detector to use tri-state verification (#1737) + * Validate S3 source (#1715) + +------------------------------------------------------------------- +Mon Sep 4 07:12:28 UTC 2023 - Felix Niederwanger + +- Update to version 3.54.3 + * Sourcegraph Detectors Iterations by @shivasurya in #1742 + * [chore] - fix sentry detector by @ahrav in #1738 + * [bug] - Correctly create azure git links by @ahrav in #1743 + +------------------------------------------------------------------- +Mon Sep 04 06:42:13 UTC 2023 - felix.niederwanger@suse.com + +- Update to version 3.54.2: + * Correctly create azure git links. (#1743) + * [chore] - fix sentry detector (#1738) + * iterating on suggestions (#1742) + * update jira detector to match new variable tokens (#1720) + +------------------------------------------------------------------- +Fri Sep 01 08:04:07 UTC 2023 - felix.niederwanger@suse.com + +- Update to version 3.54.1: + * add tri-state verification for twilio detector (#1729) + * added sourcegraph token verification detection (#1730) + * Update to Go 1.21 (#1733) + * update slack webhook with tri-state verification (#1724) + * Unify S3 client creation logic (#1657) + * Add a cancel cause to job cancellation (#1728) + * Add the 'Cause' family of functions to the context wrapper library (#1725) + * remove fmt.Print (#1727) + * Optimize read to max (#1714) + * Add AvailableCapacity method to SourceManager (#1665) + * Add jobID to chunk. (#1721) + +------------------------------------------------------------------- +Tue Aug 29 07:17:15 UTC 2023 - felix.niederwanger@suse.com + +- Update to version 3.54.0: + * buffer channel. (#1718) + * add detectors that were missed (#1716) + * Expired invite link fix (#1713) + +------------------------------------------------------------------- +Mon Aug 28 15:05:32 UTC 2023 - felix.niederwanger@suse.com + +- Update to version 3.53.0: + * [chore] - Prevent nil deref panic (#1709) + * Support cancelling a run from a JobProgressRef (#1663) + * Test S3 role assumption (#1655) + * Add SourceName to JobProgressRef (#1664) + * Support azure git links (#1662) + * Capture source-reported progress in JobProgress snapshot (#1661) + * Add ElapsedTime method to JobProgressMetrics (#1660) + * add snowflake detector (#1653) + * Update launchdarkly regex, support sdk keys, add tri-state verification (#1645) + * [chore] - update benchmarks. (#1641) + * [chore] - update comments and logs. (#1654) + * Include the job ID in a chunk (#1652) + * add rate limit and consumption metrics for GitHub (#1651) + * update s3 test bucket (#1649) + * Fix reversed ordering of arguments (#1648) + * add thog CLI support for GitHub config validate (#1626) + * wait before finishing s3 test (#1647) + * Add tri-state verification to sqlserver detector (#1624) + * Only scan gist comments or repo comments. (#1646) + +------------------------------------------------------------------- +Fri Aug 18 08:06:27 UTC 2023 - felix.niederwanger@suse.com + +- Update to version 3.52.0: + * add role assumption for s3 source (#1477) + * [bug] - handle IOOR panic (#1639) + * updat test file. (#1637) + * [bug] - Correctly reset reader before handling archive chunk data (#1636) + +------------------------------------------------------------------- +Thu Aug 17 13:04:29 UTC 2023 - felix.niederwanger@suse.com + +- Update to version 3.47: + * [bug] - copy chunk before sending on chunksChan (#1633) + * Add ScanChunk to allow injecting Chunks into the SourceManager's channel (#1634) + * correct logging output for github comments and add oss flags (#1632) + * [chore] - Use custom context for archive handler of specialized archives (#1629) + * add salesforce detector (#1608) + * Integration of SpecializedHandler for Enhanced Archive Processing (#1625) + * fix github org placeholder (#1627) + * bump go to 1.21 (#1623) + * change verification endpoint (#1611) + * add huggingface detector (#1621) + * Refactor FragmentLineOffset to match multiline secrets (#1612) + * fix alchemy test error message (#1622) + * Docker scanning by digest (#1615) + * Use the common chunker for scanning the filesystem source (#1619) + * Support indeterminate verification in Gitlab detector (#1613) + * stop saving alchemy url (#1614) + * Add tri-state verification to pubnub publish key detector (#1616) + * fix error msg in alchemy test (#1617) + * Add terminal UI (#1593) + * implement tri-state verification in FTP detector (#1604) + * Move commits_scanned to ScanRepo (#1610) + * Use common chunk reader (#1596) + * Tweak template detector test code (#1609) + +------------------------------------------------------------------- +Fri Aug 04 08:05:50 UTC 2023 - felix.niederwanger@suse.com + +- Update to version 3.46.3: + * Detect API keys without app keys (#1605) + * Adjust regex and add tests (#1602) + * Use SourceManager in engine (#1586) + * implement indeterminate LDAP verification (#1574) + * Fix nil pointer dereference to git ScanOptions (#1603) + * initial support for bare repositories (#1499) + * Common chunk reader (#1594) + * Add commits scanned to log (#1600) + * include scan duration in output log (#1598) + * Make prints to stdout serial. (#1597) +- Update to version 3.46.2: + * add tri-state verification to mongodb detector by @rosecodym in #1575 + * create hidden debug flag to disable overseer by @zubairk14 in #1582 + * Fix VirusTotal deetector by @ahrav in #1585 + * Refactor git source to allow ScanOptions and use source in engine by @mcastorina in #1518 + * S3 panic send on closed channel by @ahrav in #1589 +- Update to version 3.46.1: + * [bug] - Fix unlocking an unlocked mutex by @ahrav in #1583 +- Update to version 3.46.0: + * Increase log level of engine messages by @dustin-decker in #1576 + * Initialize the default logger to output to stderr by @mcastorina in #1569 + * Fix runtime error when scanning Gist comments by @rgmz in #1552 + * Do not nest transports for Github installation client by @rosecodym in #1564 + * Identify transient AWS verification failures by @rosecodym in #1563 + * Support fatal errors in job reports by @mcastorina in #1562 + * Fix pubnub regular expression by @mcastorina in #1565 + * gitparse: Use an object for currentDiff by @mcastorina in #1573 + * Concurrent detection by @ahrav in #1580 + * Replace magic strings with const by @ahrav in #1568 + * [bug] - fix data races by @ahrav in #1577 + * [bug] - fix shodan detector by @ahrav in #1579 + +------------------------------------------------------------------- +Fri Jul 28 09:49:25 UTC 2023 - Felix Niederwanger + +- trufflehog-v3.35.2 +* Pass GitHub apiEndpoint for basic or no auth by @rgmz in #1454 +* Bump github.com/xanzy/go-gitlab from 0.86.0 to 0.88.0 by @dependabot in #1522 +* Bump github.com/google/go-containerregistry from 0.14.0 to 0.15.2 by @dependabot in #1504 +* Add SourceManager tests for Run and Wait methods by @mcastorina in #1530 +* Improve log message when scanning GitHub comments by @rgmz in #1553 +* Bump github.com/bradleyfalzon/ghinstallation/v2 from 2.4.0 to 2.6.0 by @dependabot in #1503 +* Bump github.com/go-git/go-git/v5 from 5.8.0 to 5.8.1 by @dependabot in #1554 +* [MongoDB] Detect CosmoDB access keys by @rgmz in #1511 +* Override broken dependency version by @dustin-decker in #1558 +* Add azure repos protos by @ahrav in #1559 +* add merge support by @zricethezav in #1561 + +------------------------------------------------------------------- +Fri Jul 28 09:45:30 UTC 2023 - Felix Niederwanger + +- trufflehog-v3.35.1 +* [chore] - optimize chunker by @ahrav in #1535 +* Add commitsScanned metrics by @bill-rich in #1533 +* Make Ahocorasick matching case insensitive by @zricethezav in #1547 +* Fix data race in context wrapper library by @mcastorina in #1546 +* Update gitparse logic by @rgmz in #1486 + +------------------------------------------------------------------- +Tue Jul 25 07:00:24 UTC 2023 - Felix Niederwanger + +- trufflehog-v3.35.0 +* [chore] - Update loop to switch. by @ahrav in #1487 +* Rewrite SourceUnitEnumerator to use UnitReporter instead of a channel by @mcastorina in #1485 +* Define SourceUnit chunking interface by @mcastorina in #1484 +* fix twilio verification side effect by @brandonjyan in #1494 +* Fix URI detector false positives when the redacted password has been URL encoded by @trufflesteeeve in #1489 +* add envoy api key scanner by @brandonjyan in #1482 +* add couchbase scanner to defaults by @brandonjyan in #1497 +* tweak jdbc redaction by @rosecodym in #1490 +* add launch_darkly keyword to launchdarkly scanner by @brandonjyan in #1495 +* [chore] - update detector template file by @ahrav in #1500 +* add thog enterprise detector for web keys by @zubairk14 in #1448 +* use Go 1.20 for all github workflows by @rosecodym in #1508 +* unify JDBC detector ping logic by @rosecodym in #1506 +* add dockerhub scanner by @brandonjyan in #1496 +* JDBC indeterminacy by @rosecodym in #1507 +* [chore] Remove parent setting / getting in Context wrapper by @mcastorina in #1516 +* Revert "[chore] Remove parent setting / getting in Context wrapper (#… by @mcastorina in #1519 +* Bump github.com/googleapis/gax-go/v2 from 2.11.0 to 2.12.0 by @dependabot in #1501 +* Bump google.golang.org/api from 0.130.0 to 0.131.0 by @dependabot in #1502 +* Bump github.com/go-git/go-git/v5 from 5.7.0 to 5.8.0 by @dependabot in #1523 +* capture JSON error in AWS detector by @rosecodym in #1509 +* Decrease frequency of dependabot alerts to monthly by @zricethezav in #1524 +* Support indeterminacy in alchemy and update detector docs by @rosecodym in #1510 +* [chore] Remove parent manipulation in context package by @mcastorina in #1525 +* Implement SourceManager basics by @mcastorina in #1515 +* Correctly route pprof endpoint by @mcastorina in #1527 +* [chore] - Remove password info from log by @ahrav in #1528 +* continue scanning on detector / decoder panic by @dustin-decker in #863 +* Add match boundary to okta regular expressions by @mcastorina in #1531 +* Replace aho-corasick library by @zricethezav in #1538 + + +------------------------------------------------------------------- +Tue Jul 18 11:37:25 UTC 2023 - Felix Niederwanger + +- trufflehog-v3.44.0 +* fix typo +* Remove additional apk clean up in Dockerfile +* Remove the Image4 detector +* tighten up Shortcut API detector +* additional similarity check for base64 and plain +* Add new verification error message field +* Bump golang.org/x/crypto from 0.10.0 to 0.11.0 +* Bump github.com/jlaffaye/ftp from 0.1.0 to 0.2.0 +* Bump github.com/TheZeroSlave/zapsentry from 1.15.0 to 1.17.0 +* remove old detector +* Bump google.golang.org/api from 0.129.0 to 0.130.0 +* Define SourceUnit enumeration interface +* Update tests for forks so we don't fail on everything +* scan GitHub PR and issue comments +* Report indeterminacy in AWS verifier +* do not report AWS 403s as indeterminate +* Dedupe results +* Include the line number GitHub & Gitlab links + +------------------------------------------------------------------- +Thu Jul 6 07:57:21 UTC 2023 - Felix Niederwanger + +- trufflehog-v3.43.0 +* Introduce trufflehog:ignore tag feature +* remove HEAD from git diff command, rename unstaged to staged +* Bump github.com/envoyproxy/protoc-gen-validate from 1.0.1 to 1.0.2 +* Bump cloud.google.com/go/secretmanager from 1.11.0 to 1.11.1 +* Bump google.golang.org/protobuf from 1.30.0 to 1.31.0 +* Add missing keywords for sqlserver +* Bump google.golang.org/api from 0.128.0 to 0.129.0 +* Bump cloud.google.com/go/storage from 1.30.1 to 1.31.0 + +------------------------------------------------------------------- +Thu Jul 6 07:56:15 UTC 2023 - Felix Niederwanger + +- trufflehog-v3.42.0 +* Exit with non-zero exit code on chunk source error +* Fix docker source to return any chunk errors +* Add Couchbase Detector +* Bump github.com/xanzy/go-gitlab from 0.85.0 to 0.86.0 +* Use url redaction in git +* Fix stripPassword +* Don't return on okta credential failed verification +* verify response body with expected keywords +* added opsgenie detector + +------------------------------------------------------------------- +Tue Jun 27 07:15:30 UTC 2023 - Felix Niederwanger + +- trufflehog-v3.41.1 +* Bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible +* Implement SourceUnitUnmarshaller for all sources +* Ensure results are collected correctly when verification is off, and ... +* prevent www from being a key to prevent fp +* Bump github.com/go-ldap/ldap/v3 from 3.4.4 to 3.4.5 +* Bump go.mongodb.org/mongo-driver from 1.11.6 to 1.12.0 +* Bump golang.org/x/sync from 0.2.0 to 0.3.0 +* Update Slack webhook error text for verification +* Bump cloud.google.com/go/storage from 1.29.0 to 1.30.1 + + +------------------------------------------------------------------- +Mon Jun 26 09:43:12 UTC 2023 - Felix Niederwanger + +- trufflehog-v3.41.0 + +* Make trace error message so newlines aren't escaped +* Add Validator interface and example +* Setup SourceUnit interface +* Bump github.com/getsentry/sentry-go from 0.21.0 to 0.22.0 +* Bump golang.org/x/oauth2 from 0.8.0 to 0.9.0 +* update discord invite link to one that doesn't expire +* Custom detector name +* Bump github.com/googleapis/gax-go/v2 from 2.10.0 to 2.11.0 +* Bump google.golang.org/api from 0.125.0 to 0.128.0 +* add new key pat for mailgun detector +* remove gorilla mux +* fix spelling errors +* tada Add Docker image scanning tada + +------------------------------------------------------------------- +Fri Jun 16 06:34:37 UTC 2023 - Felix Niederwanger + +- trufflehog-v3.40.0 + +* Bump github.com/mattn/go-sqlite3 from 1.14.16 to 1.14.17 +* Bump github.com/stretchr/testify from 1.8.3 to 1.8.4 +* [chore] - fix test +* Add DocuSign detector +* fix plusfile git bug +* Update sqlserver redaction, deduplication, and URI redaction +* Split files instead of using ReadAll +* add a custom detector check for logging duplicate detector +* Bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 +* Bump github.com/hashicorp/go-retryablehttp from 0.7.2 to 0.7.4 +* Bump github.com/xanzy/go-gitlab from 0.83.0 to 0.85.0 +* Bump cloud.google.com/go/secretmanager from 1.10.1 to 1.11.0 +* Use heuristic to choose the most likely UTF-16 decoded string + +------------------------------------------------------------------- +Mon Jun 5 09:33:58 UTC 2023 - Felix Niederwanger + +- trufflehog-v3.38.0 +* [chore] - update Float detector regex by @ahrav in #1368 +* Check that git meets version requirements by @dustin-decker in #1373 + +- trufflehog-v3.39.0 +* Loosen up version check for git + +------------------------------------------------------------------- +Thu Jun 1 07:25:59 UTC 2023 - Felix Niederwanger + +- trufflehog-v3.37.0 + +* [chore] - Use correct detector proto by @ahrav in #1347 +* Add message for discord server in readme by @zricethezav in #1344 +* [chore] - Replace context.TODO by @ahrav in #1349 +* needed perms for running workflows against forks by @codevbus in #1348 +* Bump github.com/go-logr/zapr from 1.2.3 to 1.2.4 by @dependabot in #1355 +* Bump github.com/stretchr/testify from 1.8.2 to 1.8.3 by @dependabot in #1353 +* Bump golang.org/x/oauth2 from 0.7.0 to 0.8.0 by @dependabot in #1352 +* Make OpenAI regex more specific by @nyanshak in #1345 +* Bump github.com/getsentry/sentry-go from 0.20.0 to 0.21.0 by @dependabot in #1351 +* Bump golang.org/x/crypto from 0.8.0 to 0.9.0 by @dependabot in #1354 +* adds linting for workflow and actions by @codevbus in #1356 +* Add Data member to ResultsMetadata struct. by @strazzere in #1358 +* Surface missing git as an error during source initialization by @dustin-decker in #1362 +* Bump go.mongodb.org/mongo-driver from 1.11.4 to 1.11.6 by @dependabot in #1367 +* Bump github.com/envoyproxy/protoc-gen-validate from 1.0.0 to 1.0.1 by @dependabot in #1366 +* Bump cloud.google.com/go/secretmanager from 1.10.0 to 1.10.1 by @dependabot in #1365 +* fix mockaroo fps by @dustin-decker in #1370 +* Bump github.com/googleapis/gax-go/v2 from 2.8.0 to 2.9.1 by @dependabot in #1363- + +------------------------------------------------------------------- +Wed May 24 08:24:26 UTC 2023 - Felix Niederwanger + +- trufflehog-v3.36.0 + + * Check to see if StructuredData exists before attempting to print it by @trufflesteeeve in #1346 + +- trufflehog-v3.35.0 + + * added pulumi cloud Access token detector by @vickygoel in #1295 + * Bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 by @dependabot in #1339 + * Bump google.golang.org/api from 0.114.0 to 0.122.0 by @dependabot in #1342 + * Bump github.com/go-sql-driver/mysql from 1.7.0 to 1.7.1 by @dependabot in #1336 + * Bump github.com/rabbitmq/amqp091-go from 1.8.0 to 1.8.1 by @dependabot in #1335 + * Bump golang.org/x/sync from 0.1.0 to 0.2.0 by @dependabot in #1334 + * [chore] - move objectManager interface by @ahrav in #1332 + * use md5 hash for checking if key exists by @ahrav in #1257 + * Add buildkitev2 detector for newer tokens by @ahrav in #1341 + * GitHub basic auth by @dustin-decker in #1337 + * Add extra data and structured data to plain output by @nyanshak in #1316 + * [oc-313] - Add GitHub metrics by @ahrav in #1324 + * Updating generic.go by @RuchitaKshirsagarTR in #1343 + * Add Base64URLSafe decoder by @nyanshak in #1292 + +- trufflehog-v3.34.0 + + * Fixed contentfulpersonalaccesstoken regex by @amansakhuja in #1199 + * Add max object size flag for s3 bucket scanning by @nyanshak in #1294 + * add scripts to benchmark and plot performance across tags by @dustin-decker in #1293 + * Implement EndpointCustomizer by @mcastorina in #1291 + * add additional logging by @ahrav in #1298 + * [chore] - format log msg by @ahrav in #1299 + * Bump github.com/bradleyfalzon/ghinstallation/v2 from 2.3.0 to 2.4.0 by @dependabot in #1306 + * add tineswebhook detector by @jsolis in #1304 + * Bump github.com/mholt/archiver/v4 from 4.0.0-alpha.7 to 4.0.0-alpha.8 by @dependabot in #1305 + * Bump github.com/lib/pq from 1.10.8 to 1.10.9 by @dependabot in #1307 + * Scan only for verified secrets in our CI by @dustin-decker in #1310 + * add performance test by @zricethezav in #1301 + * Add log to track git log size by @ahrav in #1325 + * Extend cache interface by @ahrav in #1318 + * Normalize GitHub repos during enumeration by @ahrav in #1269 + * Output git timestamps as UTC times by @nyanshak in #1323 + * Fix how we scan orgs by @ahrav in #1327 + * [bug] - Update regex for ipstack by @ahrav in #1328 + * Fix SquareApp detector type return value by @nyanshak in #1322 + * Generate protos by @mcastorina in #1329 + * Make sure context lines are properly handled by @bill-rich in #1331 + * Do extraction after decompression by @nyanshak in #1320 + * git worktree scanning fix for #827 by @nyanshak in #1315 + * Support line numbers in filesystem source by @nyanshak in #1297 + +- trufflehog-v3.33.0 + + * improve sqlserver detection and testing by @dustin-decker in #1285 + * Added a new detector for percy.io by @shabbirbs in #1284 + * update jira detector by @ahrav in #1288 + * update proto to allow for ignoring projects by @ahrav in #1289 + * Fix include and exclude detector logic by @mcastorina in #1267 + * Updated BrowserStack verified detector endpoint by @shabbirbs in #1290 + +- trufflehog-v3.32.2 + + * Bump google.golang.org/api from 0.118.0 to 0.119.0 by @dependabot in #1279 + * Bump github.com/envoyproxy/protoc-gen-validate from 0.10.1 to 1.0.0 by @dependabot in #1280 + * Bump cloud.google.com/go/storage from 1.29.0 to 1.30.1 by @dependabot in #1282 + * Small optimizations for the base64 decoder by @ahrav in #1278 + + +- trufflehog-v3.32.1 + + * Add RawV2 Results to the JSON Output by @yilmi in #1273 + * optimize utf-8 decoder by @ahrav in #1275 + * optimize base64 decoder by @ahrav in #1277 + + +- trufflehog-v3.32.0 + + * Use md5 hash for resuming key by @ahrav in #1203 + * [chore] - use hex encode vs base64 by @ahrav in #1256 + * Remove toLower call on decoded chunk by @zricethezav in #1254 + * git output []bytes were being logged as b64ed string by @dustin-decker in #1255 + * Add team name to proto by @ahrav in #1258 + * Only add detectors once by @bill-rich in #1265 + * Bump google.golang.org/api from 0.114.0 to 0.118.0 by @dependabot in #1261 + * Bump github.com/xanzy/go-gitlab from 0.81.0 to 0.82.0 by @dependabot in #1262 + * [chore] Log possible duplicate detectors by @mcastorina in #1266 + * Bump github.com/lib/pq from 1.10.7 to 1.10.8 by @dependabot in #1260 + * Bump github.com/xanzy/go-gitlab from 0.81.0 to 0.83.0 by @dependabot in #1268 + * Adding Google drive to MetaData proto by @0x1 in #1264 + * Allow multiple team IDs for MS Teams by @ahrav in #1259 + * Switch Endpoint Field to Client ID by @zubairk14 in #1270 + * Add configurable detectors by @bill-rich in #1139 + * Add utf16 decoder by @ahrav in #1274 + * Ensure multipart credentials are deduplicated correctly by @dustin-decker in #1271 + * Add utf16 decoder proto by @ahrav in #1276 + + +- trufflehog-v3.31.6 + + * optimize gitparse handling of diffs by @zricethezav in #1253 + +- trufflehog-v3.31.5 + + * Use persistable cache for GCS progress tracking by @ahrav in #1204 + * Bump golang.org/x/text from 0.8.0 to 0.9.0 by @dependabot in #1246 + * Bump golang.org/x/oauth2 from 0.6.0 to 0.7.0 by @dependabot in #1243 + * Bump golang.org/x/crypto from 0.7.0 to 0.8.0 by @dependabot in #1244 + * Bump github.com/bradleyfalzon/ghinstallation/v2 from 2.2.0 to 2.3.0 by @dependabot in #1245 + * Bump go.mongodb.org/mongo-driver from 1.11.3 to 1.11.4 by @dependabot in #1247 + * THOG-920/add oss proto by @zubairk14 in #1240 + * Generate protos by @mcastorina in #1250 + * update circle test because workflows expire and need re-running by @dustin-decker in #1251 + + +- trufflehog-v3.31.4 + + * fix linting step by @dustin-decker in #1235 + * Resolve #1167 by adding support for the AWS_SESSION_TOKEN by @iamjpotts in #1170 + * Use default endpoints when no custom verifier provided by @ahrav in #1242 + + +- trufflehog-v3.31.3 + + * Run golang lint on entire repo instead of patches by @zricethezav in #1214 + * add CLI switch to actions config by @codevbus in #1215 + * Update verification endpoint - BrowserStack Detector by @gobind-singh in #1179 + * Allow for custom verifier by @ahrav in #1070 + * Add oauth2 cred as auth type for Teams. by @ahrav in #1221 + * Use OAuth2 http client with GCS by @ahrav in #1220 + * Add DetectorName to Result by @bill-rich in #1223 + * Bump github.com/envoyproxy/protoc-gen-validate from 0.9.1 to 0.10.1 by @dependabot in #1207 + * Bump github.com/TheZeroSlave/zapsentry from 1.14.0 to 1.15.0 by @dependabot in #1229 + * Bump github.com/go-logr/logr from 1.2.3 to 1.2.4 by @dependabot in #1226 + * Bump google.golang.org/api from 0.109.0 to 0.114.0 by @dependabot in #1228 + * Bump go from 1.18 to 1.20 by @bceylan in #1230 + * Bump github.com/googleapis/gax-go/v2 from 2.7.0 to 2.8.0 by @dependabot in #1227 + * Bump cloud.google.com/go/storage from 1.29.0 to 1.30.1 by @dependabot in #1225 + * Bump github.com/getsentry/sentry-go from 0.19.0 to 0.20.0 by @dependabot in #1231 + * forager requires direct access to gitparse.FromReader by @dustin-decker in #1233 + * Add lint for exporting loop references by @mcastorina in #1232 + * readme improvements by @dustin-decker in #1234 + + +- trufflehog-v3.31.2 + + * revert to original entrypoint config by @codevbus in #1219 + + +- trufflehog-v3.31.1 + + * ensure stdout is still provided by @codevbus in #1217 + +- trufflehog-v3.31.0 + + * Bump cloud.google.com/go/storage from 1.30.0 to 1.30.1 by @dependabot in #1209 + * Support for exclude globs at the git log level by @zricethezav in #1202 + * Add GitHub Actions output by @dustin-decker in #1201 + + +- trufflehog-v3.30.0 + + * update integration test excludes by @dustin-decker in #1169 + * Bump github.com/googleapis/gax-go/v2 from 2.7.0 to 2.7.1 by @dependabot in #1171 + * Bump github.com/fatih/color from 1.13.0 to 1.15.0 by @dependabot in #1174 + * Bump github.com/xanzy/go-gitlab from 0.80.2 to 0.81.0 by @dependabot in #1172 + * [chore] - Add unauth GCS source type by @ahrav in #1178 + * Fix git commit date string formatting by @fearnoeval in #1181 + * Bump google.golang.org/protobuf from 1.29.0 to 1.29.1 by @dependabot in #1182 + * [chore] Log git output on error by @mcastorina in #1180 + * [chore] Add a break statement when iterating through keywords by @zricethezav in #1184 + * [chore] Ignore errors from CustomRegex so the channel doesn't leak by @mcastorina in #1149 + * updating browserstack detector user and key PrefixRegex strings by @raju-kamble in #1176 + * [chore] - add support for json service account and service account file by @ahrav in #1185 + * Add resuming capability to GCS source by @ahrav in #1161 + * Add OpenAI API Tokens detector by @yilmi in #1142 + * added new detectors and fixed mesibo detector by @garg472 in #1166 + * Bump go.mongodb.org/mongo-driver from 1.11.2 to 1.11.3 by @dependabot in #1196 + * Bump cloud.google.com/go/storage from 1.29.0 to 1.30.0 by @dependabot in #1195 + * Bump github.com/go-git/go-git/v5 from 5.6.0 to 5.6.1 by @dependabot in #1194 + * Bump google.golang.org/protobuf from 1.29.1 to 1.30.0 by @dependabot in #1193 + * Bump github.com/googleapis/gax-go/v2 from 2.7.1 to 2.8.0 by @dependabot in #1192 + * Add in-memory caching pkg by @ahrav in #1189 + * [chore] - log enumeration duration by @ahrav in #1187 + * Bump actions/setup-go from 3 to 4 by @dependabot in #1191 + * Fix OpenAI test by @dustin-decker in #1186 + * Bump google.golang.org/api from 0.111.0 to 0.114.0 by @dependabot in #1210 + * Bump github.com/rabbitmq/amqp091-go from 1.7.0 to 1.8.0 by @dependabot in #1208 + * [bug] - Use correct date format for Date posted by @ahrav in #1211 + * Add Oauth creds to GCS by @ahrav in #1212 + * Delete progress tracking from GCS source by @ahrav in #1190 + + +- trufflehog-v3.29.1 + + * Make slack webhook detector regex more specific by @trufflesteeeve in #1168 + +- trufflehog-v3.29.0 + + * Remove period from file extension by @ahrav in #1154 + * Bump golang.org/x/crypto from 0.6.0 to 0.7.0 by @dependabot in #1158 + * Bump github.com/go-git/go-git/v5 from 5.5.2 to 5.6.0 by @dependabot in #1147 + * Bump github.com/bradleyfalzon/ghinstallation/v2 from 2.1.0 to 2.2.0 by @dependabot in #1148 + * Bump github.com/getsentry/sentry-go from 0.18.0 to 0.19.0 by @dependabot in #1157 + * Add gcs scanning integration by @ahrav in #1153 + + +- trufflehog-v3.28.7 + +Support filtering detectors by version by @mcastorina in #1150 + +- trufflehog-v3.28.6 + + * Rename .pre-commit-hooks.yml to .pre-commit-hooks.yaml by @zhuwenxing in #1141 + * Keyword optimization by @zricethezav in #1144 + * Release should only run on tags by @dustin-decker in #1146 + + +- trufflehog-v3.28.5 + +[chore] - Only scanned staged git changes by @ahrav in #1143 + +- trufflehog-v3.28.4 + + * [chore] Address more linter errors by @mcastorina in #1134 + * Custom regex parallel verify by @0x1 in #1127 + * [chore] Close response bodies by @mcastorina in #1137 + * Bump github.com/stretchr/testify from 1.8.1 to 1.8.2 by @dependabot in #1130 + * Add pre-commit yml config by @ahrav in #1138 + * Disable profiler in debug mode and add profile switch by @yilmi in #1136 + + +- trufflehog-v3.28.3 + + * Support file scanning in filesystem source by @mcastorina in #1030 + * Add ability to include and exclude detectors by @mcastorina in #1106 + * [chore] Implement String for ScanErrors by @mcastorina in #1131 + * [chore] Update docs for individual file scanning by @mcastorina in #1132 + * [chore] Address lint errors by @mcastorina in #1133 + + +- trufflehog-v3.28.2 + + * Bump github.com/xanzy/go-gitlab from 0.78.0 to 0.80.2 by @dependabot in #1117 + * Gitparse message fix by @bill-rich in #1125 + +- trufflehog-v3.28.1 + + * Bump github.com/xanzy/go-gitlab from 0.78.0 to 0.80.2 by @dependabot in #1117 + * Gitparse message fix by @bill-rich in #1125 + +------------------------------------------------------------------- +Thu Feb 23 11:56:28 UTC 2023 - Pavel Dostál + +- trufflehog-v3.28.0 + * add smoke test by @dustin-decker in #1099 + * Remove duplicated detectors by @trufflesteeeve in #1092 + * adds TESTING doc w. steps for local GHA tests by @codevbus in #1093 + * add more confluence options by @dustin-decker in #1105 + * Github filter support for exclude and include by @MetinSAYGIN in #1087 + * Fix nil scan options by @mcastorina in #1107 + * [chore] Remove logrus from trufflehog by @mcastorina in #1095 + * Bump golang.org/x/text from 0.6.0 to 0.7.0 by @dependabot in #1100 + * Bump golang.org/x/crypto from 0.5.0 to 0.6.0 by @dependabot in #1101 + * Bump github.com/getsentry/sentry-go from 0.17.0 to 0.18.0 by @dependabot in #1102 + * [chore] - Add the unit for max archive size by @ahrav in #1108 + * [chore] - archive size helper text by @ahrav in #1110 + * [chore] - Update helper text for max-archive-size. by @ahrav in #1114 + * Correctly parse most filenames with ' and ' by @bill-rich in #1113 + * Drop tabs for filenames with spaces by @bill-rich in #1115 + * Bump golang.org/x/oauth2 from 0.4.0 to 0.5.0 by @dependabot in #1116 + * fix browserstack detector by @raju-kamble in #1120 + * Bump golang.org/x/net from 0.6.0 to 0.7.0 by @dependabot in #1122 + * Bump go.mongodb.org/mongo-driver from 1.11.1 to 1.11.2 by @dependabot in #1119 + * Bump github.com/TheZeroSlave/zapsentry from 1.12.0 to 1.14.0 by @dependabot in #1118 + * Bump github.com/rabbitmq/amqp091-go from 1.6.0 to 1.7.0 by @dependabot in #1103 + * Adding initial protos for Google Drive scanner by @0x1 in #1121 + * fixing browserstack regex username detection by @raju-kamble in #1123 + +- trufflehog-v3.27.1 + * Revert "Make detectors configurable" by @dustin-decker in #1097 + +- trufflehog-v3.27.0 + * Bump golang.org/x/oauth2 from 0.3.0 to 0.4.0 by @dependabot in #1039 + * add bodyclose linter to help prevent file handle leaks by @dustin-decker in #1048 + * braintree detector: use production API URL instead of the test sandbo… by @swdbo in #1054 + * Update float detector with correct User-Agent and regex by @ahrav in #1061 + * update webex detector regex by @ahrav in #1062 + * Handle errors in a thread safe manner by @ahrav in #1052 + * Add TruffleHog version input for GitHub action by @mcastorina in #1064 + * Revert "Add TruffleHog version input for GitHub action (#1064)" by @mcastorina in #1068 + * Pull gitparse config options out of pkg consts by @bill-rich in #1072 + * Add include exclude spaces for confluence source. by @ahrav in #1073 + * Add max commit size by @bill-rich in #1079 + * Make archive handler configurable by @bill-rich in #1077 + * [chore] - Add tests for errors by @ahrav in #1071 + * Skip repo and continue scanning when encountering an error by @mcastorina in #1080 + * [chore] - Dont pre-allocate errors slice by @ahrav in #1083 + * Add Type() to detector interface by @trufflesteeeve in #1088 + * [chore] Remove logrus from engine package by @mcastorina in #1085 + * [chore] Remove logrus from github source by @mcastorina in #1086 + * Bump github.com/joho/godotenv from 1.4.0 to 1.5.1 by @dependabot in #1075 + * [chore] Remove logrus from circleci, filesystem, gitlab, and s3 sources by @mcastorina in #1089 + * [chore] - Remove monolithic config struct by @ahrav in #1091 + * Make detectors configurable by @ahrav in #1084 + +- trufflehog-v3.26.0 + * Add openssh-client to trufflehog container by @mcastorina in #1045 + * Bump github.com/rabbitmq/amqp091-go from 1.5.0 to 1.6.0 by @dependabot in #1036 + * filesystem support for exclude and include filters (2nd attemp) by @mac2000 in #1033 + * Fix the typo "programatic" by @nezakoo in #1046 + * Add file to confluence proto. by @ahrav in #1049 + * Remove false positive detection for CustomRegex by @mcastorina in #1050 + +- trufflehog-v3.25.4 + * fix github integration tests by @dustin-decker in #1042 + * Full git log when targeting base merge commit by @bill-rich in #1044 + +- trufflehog-v3.25.3 + * [chore] - Small cleanup of CircleCi source by @ahrav in #1028 + * Add concurrency to CircleCi source by @ahrav in #1029 + * Bump github.com/getsentry/sentry-go from 0.16.0 to 0.17.0 by @dependabot in #1022 + * Bump github.com/xanzy/go-gitlab from 0.77.0 to 0.78.0 by @dependabot in #1024 + * Bump github.com/sergi/go-diff from 1.2.0 to 1.3.1 by @dependabot in #1023 + * Updated stdout to print results in alphabetical order for consistent output by @0x1 in #1032 + * Add location to Teams source metadata by @ahrav in #1034 + * Limit diff size to prevent out of control memory use. by @bill-rich in #1035 + +- trufflehog-v3.25.2 + * Use access-token endpoint for validity check by @clonsdale-canva in #991 + * Record timestamp when a context was cancelled by @mcastorina in #1018 + * remove logger from retryable client, it is not respecting loglevels by @dustin-decker in #1020 + +------------------------------------------------------------------- +Thu Jan 12 13:41:09 UTC 2023 - Pavel Dostál + +- trufflehog-v3.25.1 + * Update entrypoint by @ahrav in #1013 + * Copy metadata for line number aware sources by @bill-rich in #1011 + * Rename and export isGitSource by @bill-rich in #1016 + * Fix GitUrl Return by @pulkitanz in #987 + * Bump goreleaser/goreleaser-action from 3 to 4 by @dependabot in #980 + * Switch to retryableHttpClient for GitHub AuthN API Client + More Logs by @yilmi in #995 + * Bump cloud.google.com/go/secretmanager from 1.9.0 to 1.10.0 by @dependabot in #1006 + * Bump github.com/go-git/go-git/v5 from 5.5.1 to 5.5.2 by @dependabot in #1007 + * Bump github.com/hashicorp/go-retryablehttp from 0.7.1 to 0.7.2 by @dependabot in #1008 + * Bump golang.org/x/crypto from 0.4.0 to 0.5.0 by @dependabot in #1009 + * Handle invalid regex for custom detector. by @ahrav in #1005 + * Capture callstack of canceled contexts by @mcastorina in #979 + * Validate custom regular expressions on detector initialization by @mcastorina in #1010 + * fix: do not override base parameter with default in GitHub Action by @clarkedb in #1004 + * Fix GitUrl Return by @pulkitanz in #987 + * Bump goreleaser/goreleaser-action from 3 to 4 by @dependabot in #980 + * Switch to retryableHttpClient for GitHub AuthN API Client + More Logs by @yilmi in #995 + * Bump cloud.google.com/go/secretmanager from 1.9.0 to 1.10.0 by @dependabot in #1006 + * Bump github.com/go-git/go-git/v5 from 5.5.1 to 5.5.2 by @dependabot in #1007 + * Bump github.com/hashicorp/go-retryablehttp from 0.7.1 to 0.7.2 by @dependabot in #1008 + * Bump golang.org/x/crypto from 0.4.0 to 0.5.0 by @dependabot in #1009 + * Handle invalid regex for custom detector. by @ahrav in #1005 + * Capture callstack of canceled contexts by @mcastorina in #979 + * Validate custom regular expressions on detector initialization by @mcastorina in #1010 + * Allow for default value to be used in GHA Workflow by @ahrav in #999 + * Add Circle CI source by @dustin-decker in #997 + * Remove ctx from source structs by @ahrav in #986 + * Removing Debug version Println to logrus debug - Issue #992 by @yilmi in #993 + * Make GA action default base an empty string. by @ahrav in #996 + +------------------------------------------------------------------- +Thu Dec 22 16:46:59 UTC 2022 - Pavel Dostál + +- Change the minimal version of Go from 1.14 to 1.18 + +------------------------------------------------------------------- +Thu Dec 22 15:51:49 UTC 2022 - Pavel Dostál + +- Bump github.com/xanzy/go-gitlab from 0.76.0 to 0.77.0 by @dependabot in #981 +- Bump golang.org/x/crypto from 0.3.0 to 0.4.0 by @dependabot in #982 +- Add configuration parsing and custom detectors to engine by @mcastorina in #968 +- Add custom regex detector docs by @mcastorina in #983 +- Remove custom log leveler by @mcastorina in #985 diff --git a/trufflehog.obsinfo b/trufflehog.obsinfo new file mode 100644 index 0000000..a60a5a2 --- /dev/null +++ b/trufflehog.obsinfo @@ -0,0 +1,4 @@ +name: trufflehog +version: 3.88.6 +mtime: 1739252800 +commit: f3237c5f1eab4a6ea214fb0fe3508e299335db86 diff --git a/trufflehog.spec b/trufflehog.spec new file mode 100644 index 0000000..a2d8af0 --- /dev/null +++ b/trufflehog.spec @@ -0,0 +1,55 @@ +# +# spec file for package trufflehog +# +# Copyright (c) 2025 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: trufflehog +Version: 3.88.6 +Release: 0 +Summary: CLI tool to find exposed secrets in source and archives +License: AGPL-3.0-or-later +URL: https://github.com/trufflesecurity/trufflehog +Source: trufflehog-%{version}.tar.gz +Source1: vendor.tar.gz +BuildRequires: golang(API) >= 1.22 + +%description +TruffleHog is a scanning engine that helps find exposed secrets +within e.g. GitHub/GitLab repos, AWS S3 buckets, GCS buckets, +Docker images, Circle CI/Travis CI setups, or in individual files. + +%prep +%autosetup -D -a 1 + +%build +%ifnarch ppc64 +export GOFLAGS="-buildmode=pie" +%endif +go build + +%check +# execute the binary as a basic check +./%{name} --help + +%install +install -D -m 0755 %{name} %{buildroot}%{_bindir}/%{name} + +%files +%doc README.md +%license LICENSE +%{_bindir}/%{name} + +%changelog diff --git a/vendor.tar.gz b/vendor.tar.gz new file mode 100644 index 0000000..677aa00 --- /dev/null +++ b/vendor.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:cfdff2a8f4868090dd89f9ae571369ddfe60af083685b4b98287f3ec9ffdacca +size 23460249