Question 1

How does Kingfisher compare to TruffleHog?

Accepted Answer

Kingfisher adds live validation and blast radius mapping for more accurate, actionable results, but requires API access and has a more complex setup than TruffleHog's pattern-based scanning.

Question 2

How to set up Kingfisher for scanning AWS S3 buckets?

Accepted Answer

Configure AWS credentials via KF_AWS_KEY and KF_AWS_SECRET environment variables, then use 'kingfisher scan s3 bucket-name'. Detailed authentication steps are in INTEGRATIONS.md.

Question 3

Does Kingfisher work with private Jira or Confluence instances?

Accepted Answer

Yes, it supports on-premises instances by setting KF_JIRA_TOKEN or KF_CONFLUENCE_TOKEN with the appropriate URL, but token permissions must allow API access as per the docs.

Question 4

How accurate is the checksum intelligence feature?

Accepted Answer

It provides offline verification for tokens with built-in checksums, like GitHub's newer formats, reducing false positives without API calls, but only works for supported credential types.

Question 5

Can Kingfisher integrate into CI/CD pipelines easily?

Accepted Answer

Yes, with pre-commit hooks and options like --since-commit for diff scanning, though setting up environment variables for validation in CI can add configuration complexity.

Question 6

What happens if a provider API is rate-limited during validation?

Accepted Answer

Kingfisher allows throttling with --validation-rps flags, but excessive validation requests might still trigger rate limits, requiring careful tuning for large scans.

kingfisher

What is kingfisher?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions