Version	Release Date
2026.6.0	June 19, 2026
2026.6.1	June 23, 2026

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

Feature highlights​

• Premium scan retry worker (Helm only) — a new optional, dedicated worker retries failed premium (VCS) scans on a high-memory pod. Large repositories that fail a scan — most often on out-of-memory errors — are retried here instead of repeatedly failing on the standard scanner pool. This lets you keep your base worker-scanners pods small and route only the heavy retries to one or two large, scale-to-zero pods. Learn more.
• Open-source agent skills for ggshield — the new GitGuardian/agent-skills repository ships open-source skills that teach AI coding assistants like Claude Code and Cursor when to scan, how to read findings, and how to walk developers through remediation. Learn more.

Secrets Detection Engine​

• v2.163 — 6 new detectors (Aikido API OAuth2 Credentials, Logflare Access Token, PolyAPI API Key, Apollo.io API Key, AES Cipher Key, SAP OAuth Credentials — replacing sap_ai_core_credentials), 1 new checker (SAP OAuth Credentials), 3 detector precision/format improvements (Azure DevOps PAT, GitHub App Token, Pagar.me API Key), 1 updated checker (Coralogix Personal Key), 2 analyzer updates (Datadog API Credentials, Azure OpenAI).
• v2.164 — 6 new detectors (Authentik API Token, Pagar.me Encryption Key, Adobe Refresh Token, LiteLLM API Key, brapi.dev API Key, Open VSX Access Token), 1 new checker (Google OAuth2 Keys), 6 detector precision improvements (Snyk Key, Finicity Authentication Keys, Hunter API Key, Datadog API Credentials, GitHub PAT, Heroku Platform Key), 1 new analyzer (Adafruit IO API Key).
• v2.165 — 8 new detectors (Stitch API Key, ActiveMQ Credentials, Instantly API Key, Gitea Access Token, Fal.ai API Key, SurrealDB Cloud JWT Token, Kimi API Key, Wiz OAuth Credentials), 8 new checkers (Okta Token, Okta OAuth Credentials, Azure Communication Services Connection String, Azure Storage Account Key, AWS Cognito OAuth 2.0 Credentials, LaunchDarkly SDK Key, Pulumi Access Token, Python Package Index Key), 6 updated checkers (AWS IAM Keys — all regions, Sumo Logic Keys, Supabase API Key, Vultr Key — v2 API, Baidu AI API Key, SAP OAuth Credentials), 1 detector precision improvement (Azure Active Directory API Keys).

Enhancements​

• Microsoft Teams granular alerting for internal monitoring — subscribe to specific incident event types per channel for fine-grained control over notification preferences. Learn more.
• Jira Cloud recurrent scanning instead of webhooks, and VCS historical scans now cover orphaned commits, Git notes, and pull/merge request refs. Learn more.
• Overview analytics now include NHI; GitHub check runs can skip merge commits; dissociate Jira/ServiceNow tickets from incidents; GitLab read-only group hook tokens. Learn more.

Fixes​

• Fixed an issue where unmonitored sources were incorrectly displayed as deleted in the user interface. Learn more.
• Security XSS fix on the mTLS redirect page; custom remediation guidelines now shown on developer share links; Jira & Confluence rate-limit scanning error; GitHub Forbidden error on unauthenticated API root requests. Learn more.
• Self-Hosted: Fixed an in-app Analytics failure that blocked the analytics run from completing.

Hotfixes​

2026.6.1​

  Release Date: June 23, 2026

Fixes​

• ggshield: Fixed ggshield auth login on self-hosted.

Version	Release Date
2026.1.0	January 28, 2026

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

⚠️ Important: This is a required release and cannot be skipped.

Feature highlights​

• Secret Enricher — generic incidents now display enriched secret names powered by our ML model, transforming vague findings into precise, actionable insights. Learn more.
• More NHI Integrations — discover and secure non-human identities across Datadog, Snowflake, Okta, and Auth0. Learn more.
• Unified Identity Governance for Entra & AWS IAM — unified visibility and risk-based prioritization for Microsoft Entra ID and AWS IAM with secret-less OIDC authentication. Learn more.
• GCP Marketplace — GitGuardian is now available on Google Cloud Marketplace, enabling deployment on GKE with consolidated billing through your GCP account. Learn more.

Secrets Detection Engine​

• v2.153 — 6 new detectors (HighLevel, Elastic, Google Cloud Keys, Socket Dev, Upstash Redis, Vapid Key), 8 improved (Cloudflare, MySQL, GitLab Token, Fireworks AI, JSON Web Token, SSH, Duo, Azure Event Grid), 1 new checker (Oracle), 883 new secret providers.
• v2.154 — 3 new detectors (Cloudflare R2, Azure SAS URL, MySQL), 1 new checker (Tailscale SCIM), 10 improved (SendGrid, Dwolla, PubNub, Google OAuth2, Azure Cosmos DB, Generic High Entropy, HashiCorp Vault, Discord Webhook, Alchemy, Fireworks AI), 378 new secret providers.
• v2.155 — 18 new detectors (Oracle, Azure Entra App Secret, Azure Entra Access Token, GitLab SCIM, GitLab Agent Kubernetes, ASI:One, Azure IoT Device, Xendit, Supabase, Neoload, MongoDB, Azure Cache for Redis, GitLab Feed, Clerk Webhook, Better Auth, Elastic Search, Redis, Azure Relay), 8 improved (Doppler, Databricks, TeamCity, Scraper API, Slack Webhook, MongoDB, Okta, Tailscale), 3 analyzer upgrades.

Enhancements​

• Incident API enhanced to include enriched secret names, CSV/JSON exports now include both original detector name and enriched secret name. Learn more.
• Some detectors are now flagged as non-business and disabled by default for business accounts to reduce noise. Use the new "Recommended for business" filter in detector settings to identify and re-enable them if needed. Learn more.
• Improved token refresh reliability for Slack and Atlassian Cloud integrations with automatic retry on transient failures. Learn more.
• GitHub Check Runs message updated for merge queues. Learn more.

Fixes​

• Docker Hub Integration configuration error. Learn more.
• GitHub Check runs blocking pull requests when disabled. Learn more.
• Playbooks auto-ignore reactivation issue, Historical Scans queueing for bulk operations. Learn more.
• Google Cloud Keys validation, detector validity check filter, GitLab health check link, Health Check email notifications, JFrog Container Registry compatibility. Learn more.

Version	Release Date
2025.12.0	December 15, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

Feature highlights​

• Advanced Analytics for Internal Monitoring — track the detection, remediation and prevention of secret leaks with actionable dashboards. Learn more.

  ⚠️ This feature is in beta. It is disabled by default and requires additional resources (12 GB memory). Enabling Analytics also increases database usage by 15-20% (minimum 5-6 GB). Analytics are computed once a day, so data may take up to 24 hours to appear after activation. To enable: set inAppAnalytics.enabled: true in Helm values, or enable "In-App Analytics" in the KOTS Admin Console.

• SCIM team provisioning — automate team creation and sync from Okta and Microsoft Entra ID. Learn more
• Enhanced Slack notifications — complete incident lifecycle coverage for internal monitoring and honeytoken alerting. Learn more.
• CyberArk Secrets Manager Self Hosted integration — discover and enumerate non-human identities stored in your self-hosted CyberArk (Conjur) vault. Learn more.

Secrets Detection Engine​

• v2.151 — 13 new detectors (Hume AI, Azure AI Face, Neon, E2B, MailerSend, Scraper API, AIProxy, Cloudsmith, AWS Bedrock, Harness, Grafbase, AssemblyAI), 8 improved (Generic Password, Pinecone, Keycloak, Discord, Kubernetes JWT, Tableau, Sendinblue), 3 analyzer upgrades.
• v2.152 — 1 new detector (Google Cloud Access Token), 3 improved (Hashicorp Vault Token, PagerDuty, Google Cloud Access Token), 2 analyzer upgrades.

Enhancements​

• New "Valid" saved view for incidents, API filtering by triggered date, GitLab validation and health checks, Docker Hub organization namespaces, Custom Monitored Perimeter for Container Registries, SharePoint, OneDrive, ServiceNow, and Slack, GitLab empty namespaces hidden by default. Learn more.
• Self-Hosted:
  • Added multiple hostname support via extra_hostnames parameter, enabling access through additional domain names. Learn more.
  • Added global podDisruptionBudget.enabled parameter to disable automatic PDB creation for restricted Kubernetes environments that prohibit PodDisruptionBudget resources. Learn more.
  • Added official support for Helm v4.
  • Added IPv6 support via network.ipFamily parameter for Service resources. Learn more.

Fixes​

• Jira Data Center historical scans for large projects, incident details "First detected" date display, Slack notifications user association, Health Check error differentiation. Learn more.
• Bulk action filters, Jira ticketing issues, Perimeter scan behavior, GitLab namespace display and search, Container Registry URLs and caching. Learn more.
• Self-Hosted: Resolved NHI Governance access for manager roles.

Version	Release Date
2025.11.0	November 19, 2025
2025.11.1	November 27, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

Secrets Detection Engine​

• v2.150 — 1 new detector (Coveo API Key), 1 improved (Resend), 1 new checker, 1 analyzer upgrade, 1 engine enhancement.

Enhancements​

• Large occurrence patches display. Learn more.
• Incident list source links, API change_type field. Learn more.
• Dev-in-the-Loop incident ID display and dashboard navigation. Learn more.
• Self-Hosted:
  • Added official support for PostgreSQL 18 and Redis 8.
  • Added terms and conditions acceptance requirement during self-hosted instance setup.
  • Replicated now inherits global image pull secrets, simplifying Helm configuration by removing the need for separate imagePullSecrets in the replicated section. Learn more.

Fixes​

• Perimeter scan button visibility, SSO IDP configuration, sources tooltips and health checks, incidents commit info and code fixing section. Learn more.
• GitLab PAT updates 403 error, SharePoint health-check error 9999. Learn more.
• Microsoft Teams notifier client secret update, incident feedback registration. Learn more.
• Container Registry automatic monitoring, Jira Data Center webhook version. Learn more.
• Fixed an issue where filepath exclusions failed to apply when selecting individual repositories, while working correctly with select all repositories.
• Self-Hosted:
  • Dashboard access now blocked when ReplicatedSDK is not running to enforce proper license validation (cached license fallback up to 10 hours).
  • Fixed PostgreSQL and Redis preflights failing when CA certificate was provided without client certificate and key.

Hotfixes​

2025.11.1​

  Release Date: November 27, 2025

Fixes​

• GitLab Integration:
  • Fixed an issue where GitLab namespaces and projects were incorrectly displayed as "banned" when the instance was actually temporarily detected as unhealthy.
  • Fixed search functionality not working in the entity tree displayed as List view.
• Google Artifact Registry Integration: Source URL now redirects to the Google Artifact Registry repository as expected.
• Incident Management: Fixed filters not being applied to bulk actions when using "select all".

Version	Release Date
2025.10.0	October 27, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

⚠️ Important: This is a required release and cannot be skipped.

Feature highlights​

• Secret Revocation — revoke supported secrets directly from incidents. Learn more
• Context preview for non‑VCS incidents — see surrounding content for leaks in SharePoint, OneDrive, Slack, Confluence. Learn more
• Microsoft Teams attachment scanning — detect secrets in files shared in Teams. Learn more
• ggshield: vault name and path — show secret manager details for vaulted secrets. Learn more
• Unified graph with public leak intelligence — correlate internal and public exposures in one view. Learn more

Secrets Detection Engine​

• v2.147 — 2 new detectors, 4 improved, 4 new checkers.
• v2.148 — 21 new detectors, 3 improved, multiple new checkers.
• v2.149 — 4 new detectors, 1 improved, 4 new checkers, 2 analyzer upgrades.

Enhancements​

• Pattern exclusion performance. Learn more.
• Base64 token decoding, new ignore reasons. Learn more.
• Generic Secret Enricher v2, False Positive Remover v2.5, Jira auto-assignment. Learn more.
• Incident developer identity. Learn more.
• GitLab integration performance, Public API perimeter editing. Learn more.
• Playbooks: Updated the Playbooks settings page with a refreshed, modern interface design.
• Self-Hosted:
  • All GitGuardian images are now multi-arch. Helm deployments now support ARM64 clusters in addition to AMD64. KOTS and Embedded Cluster installations remain AMD64-only. See system requirements.
  • Added support for read-only root filesystem constraint to meet security compliance requirements and enhance container runtime protection.

Fixes​

• Google Artifact Registry auth. Learn more.
• Weekly summary email dates, Jira DC admin detection, historical scan duplicates. Learn more.
• Incident search filters, secret view links. Learn more.
• Occurrence commit info, perimeter scan button visibility. Learn more.
• Self-Hosted:
  • Updated KOTS embedded cluster installation requirements to match documented system requirements.
  • Added missing toleration configuration for secretEngine deployment.
  • Fixed license verification when using a proxy by adding the NO_PROXY to replicated.extraEnv default values.