Discover Kingfisher, MongoDB’s open-source tool for security and DevOps engineers to detect and validate exposed secrets in code and repositories.

The MongoDB blog offers developers insights into MongoDB database technology, including tutorials, best practices, and use cases for building scalable and flexible applications. Developers can learn about MongoDB's document-oriented data model, query language, and distributed architecture, as well as explore topics such as data modeling, indexing strategies, and performance optimization.

MongoDB

MongoDB has released Kingfisher, an open-source secret scanning tool built in Rust that detects and validates exposed credentials in real-time. Unlike traditional scanners that only flag potential secrets, Kingfisher actively tests detected secrets against external systems to confirm if they're still active, reducing false positives. The tool uses advanced pattern matching with Hyperscan, source code parsing with Tree-sitter, and supports over 700 detection rules across multiple cloud platforms. Kingfisher runs entirely on-premises, ensuring sensitive data never leaves the user's environment, and can be integrated into CI/CD pipelines for automated security scanning.

Introducing Kingfisher: Real-Time Secret Detection and Validation