Skip to main content

Release notes

May 17, 2022#

Features#

  • GitHub: expose base/head branch of GitHub pull requests.
  • Incident: mark the third remediation step "rewrite git history" as optional.

Bug fixes#

  • GitHub: explicitly neutralize old check runs that are re-run.
  • GitHub: users with an email address that has a reserved email domain can no longer register via GitHub SSO, but they can still log in if SSO is not forced.
  • Incident: fix grant access modal broken when too many Restricted users.

May 2, 2022#

Features#

  • API: move the Personal access tokens to the API section.
  • Check runs: improve success message in GitHub UI.

April 19, 2022#

Features#

  • API documentation: the organization of the public API documentation has been reworked for better readability.

Bug fixes#

  • Grant Access: Members in Business workspaces can give access to restricted users but can’t invite new users by typing email addresses.
  • Incident details: timestamp of last presence check is updated synchronously upon manual check.
  • CSV Export: disable timeouts.
  • Incidents: improve performance on the incidents table.
  • Detector: improve performance of table of detectors for workspaces with many incidents.

April 4, 2022#

Features#

  • Incidents list: display repository state (unmonitored or deleted) on incidents list and incident detail pages.
  • API: adapt entire public API to be compatible with personal access tokens.
  • Personal access tokens: Managers can monitor the Personal access tokens created on the workspace in the API section.

Bug fixes#

  • Incident detail: prevent users with role Restricted from sharing externally the incident
  • Historical Scan: fix a bug leading to automatic historical scans being stuck in “Pending” state
  • Bitbucket: Deleting a Bitbucket integration deletes the webhook created on the Bitbucket instance.

March 23, 2022#

Features#

  • API: introduction of a new type of API keys: the Personal Access Tokens.
  • Audit Log: add audit log for “Service Account”.
  • API: new endpoint to list workspace members having access to an incident.
  • API: New pages are now available in the API section: Quota, Service Account and Secrets detection playground.

Bug fixes#

  • Check runs: Enforce the 65K characters limit on check run templates.
  • SSO: Fix small Okta logo and missing sso name.
  • Secret detectors: Fix the display of detector logos being sometimes too small.
  • GitLab: Disallow group hook integration on namespaces that are not in the GitLab premium plan.

March 7, 2022#

Features#

  • BitBucket: Bitbucket repositories can now be scanned automatically upon their integration.

Bug fixes#

  • Filepath exclusion: improve performances on the filepath suggestions

February 21, 2022#

Features#

  • API: new endpoint and scope to list members of a workspace
  • API: new fields exported in the Source payload: health, last_scan, open_incidents_count and closed_incidents_count
  • API: add option to filter sources by health and last scan status
  • Grant access: ability to invite new Restricted users directly from an incident.
  • GitLab: GitLab repositories can now be scanned automatically upon their integration.

February 9, 2022#

Features#

  • Perimeter: add filtering capability on last scan status.
  • Detectors: addition of the number of secret incidents for each detector in the table of detectors.
  • Custom detectors: add questions in Additional notes placeholder
  • Custom detectors: Business plan users can now extend GitGuardian's secrets detection engine to support secrets specific to their organization.
  • GitHub check runs: GitGuardian incidents and GitHub check runs are now linked.

Bug fixes#

  • RBAC: Auto-healing playbook is no longer case sensitive for email matching

January 24, 2022#

Features#

  • Members: added filtering and sorting on the members and invitations tables.
  • Detectors: display detector type (generic/specific) in the table.
  • Incidents list: enable bulk actions for Restricted users
  • GitHub: handle Organization renamed event
  • Filepath exclusions: actions on filepath exclusion are now added to activity logs

Bug fixes#

  • Incident detail: fix horizontal scroll for very long lines in git patch
  • Analytics: fix bug when switching the aggregate (day/week) in the analytics.

January 17, 2022#

Features#

  • Integrations: sort sources alphabetically by default.
  • Incident detail: improve the right sidebar scrolling behaviour.

Bug fixes#

  • GitHub SSO: users can link their existing GIM account through the GitHub SSO, unlocking the authentication flow without a configured password.
  • Validity check: fix bug that could make the validity check less frequent than expected.
  • Presence check: fix bug that could make the presence check less frequent than expected.

December 17, 2021#

Features#

  • API: add the ability to create, update and delete incident notes.

Bug fixes#

  • Bitbucket: fix the loader and empty states during various installation steps.

November 30, 2021#

Features#

  • Settings: add the Regression setting. Managers can decide whether a new occurrence of a previously resolved incident reopens it.

Bug fixes#

  • Incident detail: improve performance of issue detail pages when there are a lot of occurrences by paginating them.
  • Analytics: Display deleted sources in the "Top 5 sources" panel.
  • API: Return a valid JSON when maintenance mode is active.

November 14, 2021#

Features#

  • API added secret validity information.
  • API: new scope incident::share.
  • API: add new endpoints for grant access and revoke access actions.
  • Custom webhook: added validity and severity to payload.

Bug fixes#

  • Analytics: fix the links to the incident list filtered by detectors.
  • Historical scan: handle merge commits during historical scan.
  • Incident details: fix the git patch component not highlighting secrets properly when there was a context before the first hunk header.

November 3, 2021#

Features#

  • GitHub: GitHub repositories can now be scanned automatically upon their integration.
  • GitHub check runs post a comment in pull request timeline upon detection of a secret.
  • Integration add links to the Version Control System for each repository.
  • GitLab implement the token edition token for group hook integration.
  • Historical scanning implement bulk scan cancellation.
  • Audit log ability to search audit logs by incident ids and event name.

Bug fixes#

  • Incidents fix activity logs of incidents ignored via API.
  • Navigation fix backward navigation broken when visiting a page with existing filters persisted in the URL query params.
  • Analytics fix the "count of secrets per 1000 commits" stat that included secrets for historical scans.

October 18, 2021#

Features#

  • GitHub automatic scan of new repos added on GitHub.
  • API added severity information in incident payload.

October 13, 2021#

Features#

  • RBAC introduction of the Restricted role and the Auto-access granting playbook.
  • API new endpoint for the ability to share and unshare an incident.
  • Footer add footer with detection engine and status page.
  • Detectors add links to documentation for each detector.
  • GitLab handle GitLab.com integration with multiple GitLab groups.
  • Audit log add audit log for check runs setting.

Bug fixes#

  • Validity check backpopulate the uncheckability of old Google keys.
  • Settings fix Members table pagination reset on change.

September 20, 2021#

Features#

  • Incidents: introduction of validity checks for secret incidents. Ability to trigger the validity check manually.
  • Presence check add presence information to incidents in the CSV report and the API occurrence payload.
  • GitHub delete installation dangling for more than 6 months.

Bug fixes#

  • Incidents increase source filter limit to 500.
  • Incidents fix a performance issue when filtering by presence.
  • Perimeter fix related incidents count not updated after incident update.

September 7, 2021#

Features#

  • Incidents: introduction of presence checks for secret occurrences. Ability to trigger the presence check manually.
  • API: new search and filtering capabilities

Bug fixes#

  • Historical scan: Fix pending scans running forever.

August 11, 2021#

Features#

  • GitHub Checkruns allow customization of message and final status (fail or neutral).
  • Integrations possibility of integrating several GitHub Enterprise instances.
  • Historical scan Business workspaces now have a dedicated queue for historical scanning.
  • Incidents handle BitBucket repositories in search filters.

Bug fixes#

  • Authentication email authentication is no longer case sensitive.
  • Filtering filtering and ordering of tables are now kept throughout the app.
  • Incidents quick actions are now propagated immediately.

July 27, 2021#

Features#

  • Incidents Increase source filter search results limit from 10 to 100.
  • GitHub regularly check that the GitHub App still exists.
  • Share incident adding TTL (Time To Live) to the share link.
  • Integrations add docker integration.

Bug fixes#

  • Historical scan fix a race condition in incident creation.
  • Historical scan fix an error where the scan loader remained after the scan finished (or failed).
  • Analytics fix a page crash when a member to display was deleted.

July 13, 2021#

Features#

  • API introduction of data management scopes for API keys
  • GitHub allow users with a linked GitHub account to link a dangling installation to their workspace. It also works from unauthenticated users installing the GitHub App directly from GitHub.
  • Onboarding implementation of an onboarding todo list to guide users in their first steps on the application

Bug fixes#

  • Incidents correctly display incidents closed via the API or by an external developer via a share link.
  • Detectors fix a performance issue when changing a secret detector status in the settings.
  • GitHub fetch GitHub content between 100kB and 1MB when the patch is not returned by GitHub.

June 30, 2021#

Features#

  • Analytics add panel to visualize your shift left efforts.
  • CI/CD integrations add an instruction page on how to configure ggshield with each CI/CD tool.
  • API API now respects the 20MB limit.

Bug fixes#

  • GitLab clean up orphaned webhooks on the GitLab side when installing a new integration.

June 14, 2021#

Features#

  • Incidents: introduction of severity for incidents. Triaging your incident becomes easier.
  • Filepath exclusion suggestion of filepath to exclude based on workspace incidents
  • API implement incidents list and sources list endpoints.

Bug fixes#

  • SSO when force SSO is active, redirect to the SSO login page from the GitHub SSO flow.

May 26, 2021#

Features#

  • Filepath exclusion add ability to configure filepath to exclude filepaths from monitoring. You can also test a filepath against your exclusion list.
  • Settings users can customize their email notification for each of their workspaces.
  • Incidents show assignee for closed incidents and ability to filter on assignee.
  • Incidents add quick actions to resolve/ignore/reopen/assign directly in the incidents table row.
  • Incidents add the bulk action “add note”.
  • Incident detail update "how to remediate" section with detailed indications and blog links
  • Perimeter add link to incidents page for closed incidents.
  • CI/CD add drone.io and Azure pipelines.

May 5, 2021#

Features#

  • Playbook introduction of "Auto-healing" playbook. Developers involved in a secret incident can now automatically receive an incident's share link.
  • Incidents add a filter for developer feedback and icons indicating feedback status in the incidents table.
  • Share link add resolve/ignore actions to the share page.
  • Detectors deprecated detectors now appear disabled in the settings.
  • Incidents CSV report now respects the secret incidents table filters and search.

Bug fixes#

  • Incidents show number of open incidents in the inactive tab headers.
  • Incident detail fix detector logo not displayed on incident detail page.
  • Incidents fix bug not updating incidents list when navigating back from incident detail page after having updated it.

April 19, 2021#

Features#

  • Share link ability for a developer to give feedback from the share page of an incident. Feedback is displayed on the incident detail page.
  • Integrations display ggshield integrations (git hook, CI/CD …) on the integrations pages.
  • Alerting integrations add Pagerduty, Discord and Splunk integrations in the app.
  • Historical scan add ability to cancel a running historical scan.

Bug fixes#

  • Authentication fix the 404 on some authentication pages.
  • Audit fix a bug that could allow users to have their audit logs created without their IP address.

April 6, 2021#

Features#

  • Analytics introduction of the Analytics section. This new section provides insight into the evolution of your workspace metrics helping you monitor your security posture over time.
  • Incident detail ability to share an incident externally. Security teams can give visibility to developers, involved in the incident, but who are not authenticated on the workspace.
  • GitLab display in-app warning when an integration is no longer monitored.
  • Bitbucket display in-app warning when an integration is no longer monitored.

Bug fixes#

  • Analytics fix incidents coming from an historical scan not taken into account in Analytics.

March 9, 2021#

Features#

  • Bitbucket Bitbucket integration is now available. You can monitor your Bitbucket repositories for secrets detection.
  • Audit log introduction of an Audit log section in the settings. As the Owner or Managers of your GitGuardian workspace, get a centralized view of all the user activity that took place on your workspace.
  • GitLab improve the settings perimeter of namespaces/projects. Display the number of monitored projects per namespace and display the number of pending changes while changing the monitoring states. Lazy loads the projects only when a namespace is open.

Bug fixes#

  • Historical scan do not send email when all scans of a bulk scan fail.

February 22, 2021#

Features#

  • Incidents introduction of bulk actions. While we highly encourage you to examine an incident closely before closing it, you can now perform bulk actions (such as resolve, ignore, assign) to quickly change the status of multiple incidents.
  • Incident detail implement navigation through matches in the git patch of a secret incident.
  • Historical scan add a new failed reason: "timed out".
  • Perimeter add a banner to remind users of missing integrations and unscanned repositories.

Bug fixes#

  • CSV implement streaming download for long term performance fix.

February 8, 2021#

Features#

  • Settings ability to transfer workspace ownership.
  • Incidents add a loading visual upon table page change.

Bug fixes#

  • Alerting integrations do not send notifications for deactivated detectors.

January 25, 2021#

Features#

  • Incidents introduction of "sensitive file" and "test file" tags. "Sensitive file" tag indicates that one of the occurrences of the incident happened on a potential sensitive file. "Test file" tag indicates that one of the occurrences of the incident happened on a potential test file.
  • Members introduction of Viewer role. A Viewer has access to all the incidents of your workspace. However, a Viewer cannot take actions such as resolving or ignoring an incident.

January 11, 2021#

Features#

  • Alerting integrations add a setting for alerting frequency. An incident may contain several occurrences. Therefore, you can pick if your Slack or custom webhook notifications fire only when a new incident is triggered ( at the first occurrence) or at all occurrences of every incident.
  • GitLab add a configuration page for system hook integration, and improve group hook one.
  • GitLab allow integration of multiple GitLab instances on a workspace.
  • Security strenghten password policy.

Bug fixes#

  • Incidents fix regression breaking timeline logs order.
  • Incident fix bug allowing several logs for an action (resolve/ignore) on an incident.