Skip to main content

Release notes

May 20, 2024

Features

Bug fixes

  • Custom webhook: fix a bug sending notifications for deactivated secret detectors.

May 13, 2024

Bug fixes

  • Jira Cloud Alerting: fix an issue where Jira automatic configurations remained invisible to 'member' role users within the 'All Incidents' team, ensuring uniform visibility across teams.

May 6, 2024

Features

  • API: the workspace_id is now included in the payload of API tokens.
  • Historical scan: improve historical scan status overview on the perimeter page side bar.

Bug fixes

  • Bitbucket integration:
    • fix an issue where uninstalling a Bitbucket project inadvertently occurred when a token was removed, despite other valid tokens being present.
    • enhance logging mechanisms surrounding Bitbucket token operations for better troubleshooting.
  • Check runs: display accurate error message when a check run fails due to rate limiting.

April 29, 2024

Bug fixes

  • API: correct a bug that allowed members to view sources they should not have been able to access when using the /sources endpoint.
  • Check runs: fix a bug that is causing related incident IDs to be missing in the check run summary.

April 23, 2024

Features

Bug fixes

  • GitLab integration: when re-enabling a disabled webhook in GitLab, the error on the GitGuardian dashboard is now cleared automatically within 20 minutes.
  • Filters: the "per-page" selection for each table is now persisted.

April 16, 2024

Features

  • Vault integration: CyberArk, a leader in privileged access management, helps secure, manage, and monitor privileged accounts and credentials. This integration leverages CyberArk to securely manage secrets and automate secret rotation, enhancing security alongside GitGuardian's leak detection capabilities. Refer to our documentation for more details.

April 15, 2024

Features

Bug fixes

  • GitLab integration: fix an issue where the installation status was incorrectly displaying as 'no longer monitored' in the tooltip, despite being actively monitored.

April 10, 2024

Features

  • Jira Cloud integration: introduction of a new version of our Jira Cloud integration for issue tracking. It now offers
    • automatic creation of a Jira issue as soon as a new incident is triggered,
    • management of Jira custom fields,
    • and an auto-resolve feature that marks the incident as resolved in your dashboard when the issue is closed in Jira Cloud. More information available in the documentation.

April 8, 2024

Features

  • Honeytoken: context creation strategies for honeytoken deployment jobs now allow to choose only dynamic contexts.
  • Incidents details: introduction of a secret identity card on each secret incident detail page.
  • Privacy mode: this (mode) allows to obfuscate secrets and other sensitive information on the GitGuardian UI.
  • Secrets detection engine: upgrade to version 2.109 with the addition of 2 new detectors (Azure Open AI API key, Kubernetes Docker Secret) and the improvement of 4 detectors (GitLab Token, Google API Key, Okta Keys, Slack Bot Token)

Bug fixes

  • Incidents: resolve a bug triggered by secret incidents detected by custom detectors, causing the incidents list to fail to load.
  • Check runs:
    • improve error collection on check runs.
    • fix an issue where GitHubNotFound errors prevented the completion of check runs.

April 2, 2024

Features

  • SCA: shifting left metrics available in SCA analytics to demonstrate the impact of ggshield’s use in CI.

March 25, 2024

Features

  • SCA: add support for PHP dependencies.
  • SCA: add the EPSS score to the incidents along with its dedicated filter.

Bug fixes

  • Incidents: resolve a loading error encountered when utilizing the "occurrences count" filter.
  • Audit log: correct the logs related to the creation and removal of teammates through the API.
  • GitLab integration:
    • fix GitLab installation check task issue affecting system hook installations.
    • fix an issue with sending emails to users who are no longer token owners within the GitLab installation.

March 18, 2024

Features

  • Secrets detection engine: upgrade to version 2.108 with the addition of 3 new detectors (Snowflake API credentials, Replicate User Access Token, Workato API Key) and the improvement of 3 detectors (Rails Master Key, Generic password, Generic High Entropy secret)
  • Incidents: it is now possible to filter on Occurrences count.
  • Check runs: skip actions are now aligned with the ignored reasons (false positive, test credential, low risk). Tags (Tagged as [false positive|test credential|low risk] in check runs) are added to the corresponding secret incident when this action is taken.
  • API: the breakdown of secret incidents by severity is displayed in the payload of the sources.

Bug fixes

  • Bitbucket integration: improve handling of token revocation to prevent issues when a repository changes ownership.

March 11, 2024

Features

  • SCA: add support for PHP dependencies.

Bug fixes

  • Health Check: improve health check error messages by differentiating between SaaS and self-hosted environments and utilizing non-HTTP status-like codes.
  • Incident details: fix an issue on the git patch restricted visibility feature that was preventing members from seeing the patch they were involved in based on email matching.
  • Jira integration: fix an issue that was hindering the assignment on JIRA tickets upon creation.

March 4, 2024

Features

Bug fixes

  • GitLab integration:
    • fix an issue where the GitLab instance URL was incorrectly displayed instead of the GitLab token name.
    • remove the "Check Again" button from the health check for users on the Free plan.

February 26, 2024

Features

  • Jira Cloud integration: Jira Cloud integration is now supported for real-time secret detection and honeytoken detection.
  • Secret SLAs: add the "First detected" date in incidents details and the associated filter in the Secret incident dashboard.

February 19, 2024

Features

February 13, 2024

Features

  • Check runs: improve causes of errors transparency and timeouts in the check run summary.
  • IaC Security: shifting left metrics available in IaC analytics to demonstrate the impact of ggshield’s use in CI.

Bug fixes

  • Bitbucket integration: correct failure message and re-check button when the Bitbucket integration stops working.
  • Historical scan: fix an issue with missing audit logs for historical scans.
  • GitHub integration: performance improvement when a lot of repositories are added at the same time.

February 6, 2024

Bug fixes

  • Bitbucket integration:
    • fix an issue which revoke the access token when the project only has read permission.
    • syncing installs with a new token now correctly retains projects linked to the old token, preventing unintended deletion of all projects.

January 29, 2024

Features

  • Incidents: exporting CSV secret incidents now allows changing the separator used, comma (default) or tab. More details in the Export data section of the documentation.
  • Check runs: the incident status is displayed in the GitHub check run details.
  • Secrets detection engine: upgrade to version 2.105 with the addition of 1 new detector (Square Token).

January 22, 2024

Features

Bug fixes

  • GitHub integration: disable repositories are now marked as such when searching GitHub integrations.
  • GitLab integration (group hooks): we now detect and notify by email and raise a healthcheck error when a GitLab group hook was disabled by GitLab, causing the monitoring not to work anymore.

January 15, 2024

Features

January 9, 2024

Features

  • Slack integration: Slack integration is now supported for real-time secret detection and honeytoken detection.
  • Incident details: update of the default remediation workflow.
  • API: addition of hsml_hash in the payload of secret incidents. The hsml_hash is used to discover the potential public leaks of your secrets using Has My Secret Leaked.
  • Secret incidents: addition of 2 new columns (element_url, author_name) in the CSV report of secret occurrences to support other data sources.
  • IaC Security: addition of a new tag named Ignored using ggshield to highlight incidents ignored using ggshield.
  • IaC Security: addition of a new playbook for auto ignoring incidents that are ignored using ggshield. This is a Business-only feature and can be deactivated.
  • Check runs: the preview of the "How to remediate" instructions in markdown is enhanced when you customize them.
  • Custom detectors: improve error messages for invalid regex when requesting a custom detector.

Bug fixes

  • GitLab integration: fix an issue where revoked tokens weren't detected as such if not actively used by a configured GitLab group.
  • Force SSO activation: fix an issue where authentication page “Force SSO Toggle” enabled “By default to all incident team” toggle as well.

December 11, 2023

Features

November 27, 2023

Features

  • Azure Repos integration: the monitoring of your Azure Repos repositories is now done in real-time. Refer to the documentation for more details.
  • Filters: a new way of filtering pages, more streamlined and intuitive.
  • Jira Cloud integration: jira issues can now be created without assigning them to anyone.
  • Source criticality: a new parameter at the source level to help users prioritize their Secret, SCA, and IaC incidents. Refer to the documentation for more details.
  • SCA & IaC grant access: access can now be granted to Members on specific SCA and IaC incidents.
  • IP allow-listing for Honeytoken: it is now possible to add IP ranges to an allow-list, ensuring events from these IPs won’t trigger the honeytokens. Learn more about IP rules.
  • Secrets detection engine: upgrade to version 2.101 with the addition of 1 new detector (Airtable API Key v2) and the improvement of 4 detectors (Generic High Entropy Secret, New Relic API Service Key, GitLab Enterprise Token, GitHub App Keys).

Bug fixes

  • API: fix /secret_detectors endpoint to filter out detectors that have been administratively disabled by GitGuardian.

November 15, 2023

Features

Bug fixes

  • GitHub integration: handling of GitHub app ownership transfer: It is now possible to change ownership without deleting the self-hosted application.
  • Incidents: filtered results in CSV export: CSV export keeps the filters applied.
  • GitHub integration: improvement of checkruns to support the GitHub Merge Queue feature.

October 30, 2023

Features

  • IaC Security: introduction of a new "Source Criticality" field and filter to help prioritization of IaC incidents (for IaC beta testers only). Note that the Source Criticality must first be defined in the Perimeter page.
  • Teams: users can now filter the incidents and the perimeter pages based on their teams. Managers have the flexibility to filter any team, while Members can only filter their own teams.
  • Secrets detection engine: upgrade to version 2.99.1 with the addition of 2 new detectors (Google Bard, Webflow API token) and the improvement of 4 detectors (Microsoft Azure Storage Account key, SSH credentials, Generic High Entropy Secret, Generic password).

Bug fixes

  • Azure repos integration: installation status now persistently remains until completed during user navigation.
  • Azure repos integration: removing a token no longer causes a crash in other installation.
  • Bitbucket integration: prevents connection errors from revoking a Bitbucket token, letting instances go through maintenance without needing to re-enter their token afterwards.

October 16, 2023

Features

  • Incident details: git patches of occurrences can now have restricted visibility to only the teams and developers involved with the occurrence, thanks to a workspace setting.
  • Incident details: if the git patch of an occurrence is too large, a link to the Version Control System is displayed instead.
  • API: New endpoint to retrieve secret incidents of a team.
  • IaC Security: introduction of new remediation analytics accessible on the platform (for IaC beta testers only).
  • ggshield: ggshield auth login flow now asks you to confirm scopes.

Bug fixes

  • Teams: fix a bug that caused incidents belonging to an unmonitored repository to still be visible to the team.

October 3, 2023

Features

  • Historical scan: addition of some details in the status tooltip, including scan duration and number of commits and branches scanned. For failed scans, the tooltip now also displays the reason for the failure.
  • API: a rate limiting is now applied. Refer to our documentation for more details.
  • Secrets detection engine: upgrade to version 2.98 with the addition of four new detectors (Aiven, Infracost API Key, Rollbar API Access Token, Vercel API) and the improvement of 2 detectors (Okta Keys, Username Password).

September 28, 2023

Features

  • Incidents: addition of the Publicly leaked tag to secret incidents that have been leaked outside of your perimeter on public GitHub. Refer to our documentation for more details.

September 21, 2023

Features

  • Incident details: a limit of 1000 occurrences per incident is now in place.
  • Onboarding: addition of links redirecting to the Get Started page in the notifications when the first scan is complete.
  • Secrets detection engine: upgrade to version 2.97.
  • Alerting integrations: alerting integrations are now available at team level. More information in our teams documentation.

Bug fixes

  • Check runs: fix neutral check runs being created on workspaces with check runs disabled.
  • Notifications: fix Linkedin link in email footer.

September 4, 2023

Bug fixes

  • Custom detectors: update the message when a custom detector request cannot be edited due to its current status.
  • Incident details: fix a bug causing the absence of an expiration date on public share links generated by the Auto-healing playbook.
  • Health check: prevent UI from crashing on unknown Health check error code.
  • API: fix timeout issues on the /occurrences/secrets endpoint when using a date filter.
  • SSO: fix conflict happening when signing up via SSO while having a pending invitation.

August 22, 2023

Features

August 7, 2023

Features

Bug fixes

  • Incidents: fix the sorting of incidents by severity when some severities are automatically set.
  • Incidents: fix wrong occurrence count on incident page.
  • Incidents: the tooltip displaying the sources is now displayed correctly.
  • Custom webhook: fix duplicate notifications being sent when setting incident severity using a bulk action.
  • API: fix invalid link in personal access token expiration email notification.

July 25, 2023

Bug fixes

  • Custom webhook: fix notifications for when a bulk action is performed. Previously, only one notification would be sent for the first incident affected by the bulk action. However, now notifications are sent for each incident that is modified by the bulk action.

July 24, 2023

Features

Bug fixes

  • Personal access tokens: personal access tokens can now be searched by name, and ordering by name now works correctly.

July 10, 2023

Features

  • Incident details: filters have been added to the occurrences table.
  • Honeytokens: addition of country flag next to the IP address in the events table.
  • Honeytokens: new IP tagging feature: it is now possible to create custom rules to assign tags to honeytoken events based on their IP address. Use this to recognize events originating from known IP addresses, such as those internal to your organization. For more information, check out the documentation here.
  • API: new endpoints to manage labels for honeytokens.
  • Secrets detection engine: upgrade to version 2.93 with some detection improvements.

Bug fixes

Deprecation

  • Custom webhook v1: the feature has been replaced by the event-based custom webhooks. More information in the documentation here.

June 26, 2023

Features

Bug fixes

  • PagerDuty Integration: title update in PagerDuty incidents to eliminate confusion regarding the number of occurrences.

June 12, 2023

Features

  • Incident details: feedback about the incident can now be submitted in a standardized way through a form that is available on the incident's page. Refer to this page for more information on how to use this form effectively and involve your developer population during the remediation process.
  • Incidents: addition of new filter to select the incidents that are publicly shared.
  • Teams: team owners with the Member role can now invite brand new users to the workspace when adding teammates to their team. This is a Business-only feature and can be deactivated. For more details, please refer to this page.
  • Grant access: users with Full access incident permissions can now invite brand new users to the workspace when granting access to an incident. This is a Business-only feature and can be deactivated. For more details, please refer to this page.
  • Honeytoken: a new button "How to test your honeytoken" has been added to make it easier to test the trigger and alerting mechanism.
  • Honeytoken: clicking on the honeytoken Publicly exposed tag now opens a modal that shows all the public commits where the honeytoken was discovered by GitGuardian.
  • Honeytoken: it is now possible to filter events based on their tags (AWS internal, GitGuardian Public Monitoring IP).
  • Honeytoken: it is now possible to manage labels from the Honeytoken settings page.
  • Secrets detection engine: upgrade to version 2.91 with the addition of two new detectors (Tableau Personal Access Token, Yelp API key) and the improvement of two detectors (GitHub Access Token, OpenAI API Key).

Bug fixes

  • Teams: fix a bug that prevented invitees, who already had a GitGuardian workspace, from being added to the expected teams when they accepted an invitation.
  • Emails: button URLs are now hardcoded to prevent a bad user experience when the button is not visible due to HTML-escaping by email providers.

May 30, 2023

Features

  • Custom severity rules: new option to recompute severity scoring manually.
  • Secrets detection engine: upgrade to version 2.90 with the addition of two new detectors (Palantir JWT, Figma Personal Access Token) and the improvement of one detector (LDAP credentials).
  • Honeytoken: “Created at” column has been added to the honeytoken list, and it is now possible to sort on this property.
  • Honeytoken: honeytokens can now be searched by ID.
  • Honeytoken: an email notification is sent when a honeytoken is found to be publicly exposed.
  • API: labels are added to honeytoken endpoints.

Bug fixes

  • ggshield: fix a redirection issue upon usage of ggshield auth login.

May 15, 2023

Features

  • Custom severity rules: the severity ruleset used by the automated severity scoring is now customizable to maximize the coverage of automatically scored incidents.
  • Automated severity scoring: automated severity scoring is now activated by default for all workspaces under the Free plan.

Bug Fixes

  • Authentication: fix broken email confirmation link when registering with email and password.
  • User signup: fix user signup email verification link.

May 2, 2023

Features

Bug fixes

  • Custom severity rule: fix wrong timeline when setting a manual severity to an incident having only an automatic severity.
  • Grant access: copy-pasting now works correctly.

April 17, 2023

Features

  • Incidents: filepaths can now be searched in the free text search of the secret incidents table.
  • Secrets detection engine: upgrade to version 2.88 with the addition of two new detectors: Cloudinary API keys and MongoDB Atlas Keys.

Bug fixes

  • Incidents: performance for loading secret incidents has been improved for workspaces with a large number of incidents.
  • Loader: fix loader size in incident and Perimeter pages.
  • API: comment field is now required on incident note creation endpoint.

April 11, 2023

Feature

  • Honeytoken: introduction of new Honeytoken icon in the sidebar: module is coming soon! Join the waitlist to be notified when it becomes available.

April 3, 2023

Features

  • Custom remediation workflow: remediation workflow is now 100% customizable thanks to the deletion of the last static step.
  • Secrets detection engine: upgrade to version 2.87 with the addition of a new detector (Keycloak Api Keys).
  • API: new endpoints are added for API tokens management (personal access tokens and service accounts).
  • API: new fields resolver_id and ignorer_id are available into the secret incident payload.

Bug fixes

  • VCS Integrations: Bitbucket instances can be deleted even if the account is no longer in the Business plan.
  • Detectors list: when the validity checks are disabled, the detectors are sorted by status.
  • Notifications: fix empty emails being sent after an occurrence was found during real time scan.
  • Personal access tokens: Restricted users now only see the scan scope in the personal access token form.

March 20, 2023

Bug fixes

  • Jira integration: Jira ticket creation CTAs are hidden for workspaces without a single Jira site installed.
  • Jira integration: fix permission issues by disabling the configure button for users without a Manager role and allowing users with the Restricted role and can edit permissions to create a Jira ticket.

March 6, 2023

Features

  • Subscription: New and existing users can subscribe to a Business plan via the AWS Marketplace.

Bug fixes

  • Members: fix invitation link for new members.

February 20, 2023

Bug fixes

  • ggshield: ggshield auth login flow now expires after 5 minutes.
  • Incidents: performances when filtering incidents on a detector are improved.
  • VCS integrations: fix broken links to documentation.

February 15, 2023

Features

  • Automated severity scoring: incident severity can now be scored and assigned automatically.

February 6, 2023

Features

  • Azure Repos: addition of a loader and notifications when an organization is being installed.
  • API: add filters to multiple endpoints

Bug fixes

  • GitHub: fix the integration of a GitHub installation with a large number of repositories.
  • Incidents: fix performance issue when filtering on detectors.
  • GitHub: fix check-runs running forever by enforcing a timeout.

January 23, 2023

Features

  • Alerting integration: introduction of the new Jira integration. More information available in the documentation.
  • API: Specify missing scopes in error message when the API token being used doesn't include the appropriate scopes.

January 10, 2023

Features

  • Azure Repos: Azure Repos integration is now available. You can scan your Azure Repos repositories for secrets detection.

January 9, 2023

Features

  • IaC: add analytics page to monitor IaC scanning usage (beta).
  • Perimeter: improve display of the historical scan's last status information.

Bug fixes

  • Members: Restricted users can now be promoted without requiring to add them in a team.

December 21, 2022

Features

  • Custom Remediation Workflow: Remediation workflow can now be customized in the settings.

December 15, 2022

Features

  • VCS integrations: workspaces with less than 25 contributing developers can now monitor their private collaborative repositories for free.
  • SSO: SSO configuration is enabled for all plans (free and business).

December 13, 2022

Features

  • Custom webhook: addition of the new event-based custom webhook integration.
  • Teams: addition of a description field for your teams.
  • Teams: the "all-incidents" team is now visible in the members table.

Bug fixes

  • SSO: fix "sign in" redirection for SSO connection.

November 28, 2022

Features

  • API: expose external_id representing the VCS id of a source in API source payload.
  • Historical scan: increase the maximum size of the historical scan from 1GB to 12GB for Business workspaces.

Bug fixes

  • Historical scan: reduce errors during scans of large repositories.
  • Members: fix the sorting when navigating through pages.

November 15, 2022

Features

  • Historical scan: new email template for historical scan report.

Bug fixes

  • GitLab integration: handle timeout errors when setting up a new instance.
  • Playbooks: fix incorrect default permission can view applied with auto-access playbook instead of correct can edit.
  • Filepath exclusions: ignore hidden occurrences in the auto-access playbook and notifications.
  • Custom webhooks: fix incorrect event names.

November 3, 2022

Features

  • Azure Repos: introducing Azure Repos integration. This feature is available in beta upon request.
  • Custom webhooks: update the action field with more user-friendly messages.
  • Perimeter page: update the information displayed in the Protection section.
  • Analytics: addition of all the ggshields modes to the Analytics section.

Bug fixes

  • Check runs: when deactivating a check run, finish the processing if it was already in progress.
  • Custom webhook: remove matches from webhooks' new occurrence.

October 17, 2022

Features

  • Teams: introducing team management within a workspace and granular incident permissions (can view, can edit, full access) for business workspaces.
  • Playbooks: new Auto-resolution playbook to automatically close incidents that have once been valid and that become invalid.
  • Share link: prevent valid secrets from being "marked as revoked" in the public sharing page of a secret incident.

Bug fixes

  • GitHub: fix display latency observed for big GitHub organizations.
  • Settings: fix start trial links not redirecting to correct page.

October 3, 2022

Features

  • Incidents: selection is maintained after a bulk action.
  • API: add an ordering filter on the /incidents/secrets list endpoint.

September 21, 2022

Bug fixes

  • Custom webhook: Fix assign action that was replaced by reassign.
  • Incidents: Provide a more user-friendly error message when a bulk action can't be applied to the selected incidents.

September 8, 2022

Features

  • Custom webhook: New Member payload for the Grant/Remove access action.
  • Members: Notification is sent to users who are removed from a Workspace.

Bug fixes

  • Custom webhook: Remove the resolve_reason field from all payloads.

August 22, 2022

Features

  • API: enrich Members section with retrieve and delete endpoints.

Bug fixes

  • Incident details: Searching GitHub pull requests associated with an issue can be performed on a specific #ID and repository name.
  • GitHub: do not display "scan integrated repositories" modal if autoscan is on.

August 9, 2022

Features

  • API: handle invitations on grant/revoke access endpoints.
  • API: addition of a filter by role and a search on name and email for the /members endpoint.

Bug fixes

  • Incident: secrets with validity status "failed to check" are no longer checked automatically after they have been marked as resolved.
  • Incident: the button to manually check the presence in git history remains when the incident is closed.
  • Incidents: Fix icon for the 'info' severity badge.

July 27, 2022

Features

  • GDPR: closing the banner now automatically rejects the consent and the consent is stored for 6 months.
  • Incidents: include unaffected count for bulk actions.
  • API: add filters to the audit log list endpoint.

Bug fixes

  • Custom webhooks: fix the webhook event based signature.
  • GitLab integration: allow gitlab installation deletion when your business trial expired.
  • GitLab integration: keep unmonitored projects unmonitored.
  • API: API respects the validity checks setting ON/OFF.

July 11, 2022

Features

  • API: add an endpoint to fetch the audit logs. API key needs to have the new audit_logs:read scope to query the endpoint.
  • API: tags are exposed in the incidents endpoint.
  • CSV: tags are exposed in the csv report of secrets incidents.
  • Perimeter: the repository name is now a link to the incidents list filtered on this repository. The link to the VCS is also available as a popup icon.

Bug fixes

  • Perimeter: fix bug preventing Members to launch historical scans.

Deprecation

  • API: deprecated issue_id in favor of incident_id on incident note management endpoints.

June 27, 2022

Features

  • Alerting: the custom webhook alerting is now event-based. More information in the dedicated documentation.
  • API: the /occurrences endpoint can be filtered by author_name and author_info.

Bug fixes

  • Detectors: activating and deactivating detectors is now forbidden for Members.

June 14, 2022

Features

  • Members: invitations can be resent through the dashboard.
  • API: add endpoints to manage invitations. API key needs to have the new members:write scope to query those endpoints.
  • API: add endpoint to set severity of a secret incident.

Bug fixes

  • Service account: fix a permission error allowing all roles to modify service accounts.
  • GitHub: fix re-run action of old check runs to show an explicit error.

June 1, 2022

Features

  • ggshield: setting up ggshield is made easy with the new ggshield auth login command. More information in the dedicated documentation.
  • Grant access: notify Restricted users by email when they are granted access to an incident.
  • Members: notify users by email when their role is updated.
  • CSV: add status, ignore_reason and status_revoked columns to the CSV export of secret incidents.
  • CSV: add occurrence_id column to CSV export of occurrences.
  • CSV: return the dates in isoformat.

Bug fixes

  • GitLab: adding a GitLab project that had been deleted now correctly set it as monitored.
  • Analytics: pre-receive mode is displayed correctly in the shift-left panel.

Deprecation

  • ggshield:: since v1.12 of ggshield, ggshield scan and ggshield ignore commands are deprecated, use ggshield secret scan and ggshield secret ignore instead.

May 17, 2022

Features

  • GitHub: expose base/head branch of GitHub pull requests.
  • Incident: mark the third remediation step "rewrite git history" as optional.

Bug fixes

  • GitHub: explicitly neutralize old check runs that are re-run.
  • GitHub: users with an email address that has a reserved email domain can no longer register via GitHub SSO, but they can still log in if SSO is not forced.
  • Incident: fix grant access modal broken when too many Restricted users.

May 2, 2022

Features

  • API: move the Personal access tokens to the API section.
  • Check runs: improve success message in GitHub UI.

April 19, 2022

Features

  • API documentation: the organization of the API documentation has been reworked for better readability.

Bug fixes

  • Grant Access: Members in Business workspaces can give access to restricted users but can’t invite new users by typing email addresses.
  • Incident details: timestamp of last presence check is updated synchronously upon manual check.
  • CSV Export: disable timeouts.
  • Incidents: improve performance on the incidents table.
  • Detector: improve performance of table of detectors for workspaces with many incidents.

April 4, 2022

Features

  • Incidents list: display repository state (unmonitored or deleted) on incidents list and incident detail pages.
  • API: adapt API to be compatible with personal access tokens.
  • Personal access tokens: Managers can monitor the Personal access tokens created on the workspace in the API section.

Bug fixes

  • Incident detail: prevent users with role Restricted from sharing externally the incident
  • Historical Scan: fix a bug leading to automatic historical scans being stuck in “Pending” state
  • Bitbucket: Deleting a Bitbucket integration deletes the webhook created on the Bitbucket instance.

March 23, 2022

Features

  • API: introduction of a new type of API keys: the Personal Access Tokens.
  • Audit Log: add audit log for “Service Account”.
  • API: new endpoint to list workspace members having access to an incident.
  • API: New pages are now available in the API section: Quota, Service Account and Secrets detection playground.

Bug fixes

  • Check runs: Enforce the 65K characters limit on check run templates.
  • SSO: Fix small Okta logo and missing sso name.
  • Secret detectors: Fix the display of detector logos being sometimes too small.
  • GitLab: Disallow group hook integration on namespaces that are not in the GitLab premium plan.

March 7, 2022

Features

  • Bitbucket integration Bitbucket repositories can now be scanned automatically upon their integration.

Bug fixes

  • Filepath exclusion: improve performances on the filepath suggestions

February 21, 2022

Features

  • API: new endpoint and scope to list members of a workspace
  • API: new fields exported in the Source payload: health, last_scan, open_incidents_count and closed_incidents_count
  • API: add option to filter sources by health and last scan status
  • Grant access: ability to invite new Restricted users directly from an incident.
  • GitLab: GitLab repositories can now be scanned automatically upon their integration.

February 9, 2022

Features

  • Perimeter: add filtering capability on last scan status.
  • Detectors: addition of the number of secret incidents for each detector in the table of detectors.
  • Custom detectors: add questions in Additional notes placeholder
  • Custom detectors: Business plan users can now extend GitGuardian's secrets detection engine to support secrets specific to their organization.
  • GitHub check runs: GitGuardian incidents and GitHub check runs are now linked.

Bug fixes

  • RBAC: Auto-healing playbook is no longer case sensitive for email matching

January 24, 2022

Features

  • Members: added filtering and sorting on the members and invitations tables.
  • Detectors: display detector type (generic/specific) in the table.
  • Incidents list: enable bulk actions for Restricted users
  • GitHub: handle Organization renamed event
  • Filepath exclusions: actions on filepath exclusion are now added to activity logs

Bug fixes

  • Incident detail: fix horizontal scroll for very long lines in git patch
  • Analytics: fix bug when switching the aggregate (day/week) in the analytics.

January 17, 2022

Features

  • Integrations: sort sources alphabetically by default.
  • Incident detail: improve the right sidebar scrolling behaviour.

Bug fixes

  • GitHub SSO: users can link their existing GIM account through the GitHub SSO, unlocking the authentication flow without a configured password.
  • Validity check: fix bug that could make the validity check less frequent than expected.
  • Presence check: fix bug that could make the presence check less frequent than expected.

December 17, 2021

Features

  • API: add the ability to create, update and delete incident notes.

Bug fixes

  • Bitbucket: fix the loader and empty states during various installation steps.

November 30, 2021

Features

  • Settings: add the Regression setting. Managers can decide whether a new occurrence of a previously resolved incident reopens it.

Bug fixes

  • Incident detail: improve performance of issue detail pages when there are a lot of occurrences by paginating them.
  • Analytics: Display deleted sources in the "Top 5 sources" panel.
  • API: Return a valid JSON when maintenance mode is active.

November 14, 2021

Features

  • API added secret validity information.
  • API: new scope incident::share.
  • API: add new endpoints for grant access and revoke access actions.
  • Custom webhook: added validity and severity to payload.

Bug fixes

  • Analytics: fix the links to the incident list filtered by detectors.
  • Historical scan: handle merge commits during historical scan.
  • Incident details: fix the git patch component not highlighting secrets properly when there was a context before the first hunk header.

November 3, 2021

Features

  • GitHub: GitHub repositories can now be scanned automatically upon their integration.
  • GitHub check runs post a comment in pull request timeline upon detection of a secret.
  • Integration add links to the Version Control System for each repository.
  • GitLab implement the token edition token for group hook integration.
  • Historical scanning implement bulk scan cancellation.
  • Audit log ability to search audit logs by incident ids and event name.

Bug fixes

  • Incidents fix activity logs of incidents ignored via API.
  • Navigation fix backward navigation broken when visiting a page with existing filters persisted in the URL query params.
  • Analytics fix the "count of secrets per 1000 commits" stat that included secrets for historical scans.

October 18, 2021

Features

  • GitHub automatic scan of new repos added on GitHub.
  • API added severity information in incident payload.

October 13, 2021

Features

  • RBAC introduction of the Restricted role and the Auto-access granting playbook.
  • API new endpoint for the ability to share and unshare an incident.
  • Footer add footer with detection engine and status page.
  • Detectors add links to documentation for each detector.
  • GitLab handle GitLab.com integration with multiple GitLab groups.
  • Audit log add audit log for check runs setting.

Bug fixes

  • Validity check backpopulate the uncheckability of old Google keys.
  • Settings fix Members table pagination reset on change.

September 20, 2021

Features

  • Incidents: introduction of validity checks for secret incidents. Ability to trigger the validity check manually.
  • Presence check add presence information to incidents in the CSV report and the API occurrence payload.
  • GitHub delete installation dangling for more than 6 months.

Bug fixes

  • Incidents increase source filter limit to 500.
  • Incidents fix a performance issue when filtering by presence.
  • Perimeter fix related incidents count not updated after incident update.

September 7, 2021

Features

  • Incidents: introduction of presence checks for secret occurrences. Ability to trigger the presence check manually.
  • API: new search and filtering capabilities

Bug fixes

  • Historical scan: Fix pending scans running forever.

August 11, 2021

Features

  • GitHub Checkruns allow customization of message and final status (fail or neutral).
  • Integrations possibility of integrating several GitHub Enterprise instances.
  • Historical scan Business workspaces now have a dedicated queue for historical scanning.
  • Incidents handle Bitbucket repositories in search filters.

Bug fixes

  • Authentication email authentication is no longer case sensitive.
  • Filtering filtering and ordering of tables are now kept throughout the app.
  • Incidents quick actions are now propagated immediately.

July 27, 2021

Features

  • Incidents Increase source filter search results limit from 10 to 100.
  • GitHub regularly check that the GitHub App still exists.
  • Share incident adding TTL (Time To Live) to the share link.
  • Integrations add docker integration.

Bug fixes

  • Historical scan fix a race condition in incident creation.
  • Historical scan fix an error where the scan loader remained after the scan finished (or failed).
  • Analytics fix a page crash when a member to display was deleted.

July 13, 2021

Features

  • API introduction of data management scopes for API keys
  • GitHub allow users with a linked GitHub account to link a dangling installation to their workspace. It also works from unauthenticated users installing the GitHub App directly from GitHub.
  • Onboarding implementation of an onboarding todo list to guide users in their first steps on the application

Bug fixes

  • Incidents correctly display incidents closed via the API or by an external developer via a share link.
  • Detectors fix a performance issue when changing a secret detector status in the settings.
  • GitHub fetch GitHub content between 100kB and 1MB when the patch is not returned by GitHub.

June 30, 2021

Features

  • Analytics add panel to visualize your shift left efforts.
  • CI/CD integrations add an instruction page on how to configure ggshield with each CI/CD tool.
  • API API now respects the 20MB limit.

Bug fixes

  • GitLab clean up orphaned webhooks on the GitLab side when installing a new integration.

June 14, 2021

Features

  • Incidents: introduction of severity for incidents. Triaging your incident becomes easier.
  • Filepath exclusion suggestion of filepath to exclude based on workspace incidents
  • API implement incidents list and sources list endpoints.

Bug fixes

  • SSO when force SSO is active, redirect to the SSO login page from the GitHub SSO flow.

May 26, 2021

Features

  • Filepath exclusion add ability to configure filepath to exclude filepaths from monitoring. You can also test a filepath against your exclusion list.
  • Settings users can customize their email notification for each of their workspaces.
  • Incidents show assignee for closed incidents and ability to filter on assignee.
  • Incidents add quick actions to resolve/ignore/reopen/assign directly in the incidents table row.
  • Incidents add the bulk action “add note”.
  • Incident detail update "how to remediate" section with detailed indications and blog links
  • Perimeter add link to incidents page for closed incidents.
  • CI/CD add drone.io and Azure pipelines.

May 5, 2021

Features

  • Playbook introduction of "Auto-healing" playbook. Developers involved in a secret incident can now automatically receive an incident's share link.
  • Incidents add a filter for developer feedback and icons indicating feedback status in the incidents table.
  • Share link add resolve/ignore actions to the share page.
  • Detectors deprecated detectors now appear disabled in the settings.
  • Incidents CSV report now respects the secret incidents table filters and search.

Bug fixes

  • Incidents show number of open incidents in the inactive tab headers.
  • Incident detail fix detector logo not displayed on incident detail page.
  • Incidents fix bug not updating incidents list when navigating back from incident detail page after having updated it.

April 19, 2021

Features

  • Share link ability for a developer to give feedback from the share page of an incident. Feedback is displayed on the incident detail page.
  • Integrations display ggshield integrations (git hook, CI/CD …) on the integrations pages.
  • Alerting integrations add Pagerduty, Discord and Splunk integrations in the app.
  • Historical scan add ability to cancel a running historical scan.

Bug fixes

  • Authentication fix the 404 on some authentication pages.
  • Audit fix a bug that could allow users to have their audit logs created without their IP address.

April 6, 2021

Features

  • Analytics introduction of the Analytics section. This new section provides insight into the evolution of your workspace metrics helping you monitor your security posture over time.
  • Incident detail ability to share an incident externally. Security teams can give visibility to developers, involved in the incident, but who are not authenticated on the workspace.
  • GitLab display in-app warning when an integration is no longer monitored.
  • Bitbucket display in-app warning when an integration is no longer monitored.

Bug fixes

  • Analytics fix incidents coming from an historical scan not taken into account in Analytics.

March 9, 2021

Features

  • Bitbucket Bitbucket integration is now available. You can monitor your Bitbucket repositories for secrets detection.
  • Audit log introduction of an Audit log section in the settings. As the Owner or Managers of your GitGuardian workspace, get a centralized view of all the user activity that took place on your workspace.
  • GitLab improve the settings perimeter of namespaces/projects. Display the number of monitored projects per namespace and display the number of pending changes while changing the monitoring states. Lazy loads the projects only when a namespace is open.

Bug fixes

  • Historical scan do not send email when all scans of a bulk scan fail.

February 22, 2021

Features

  • Incidents introduction of bulk actions. While we highly encourage you to examine an incident closely before closing it, you can now perform bulk actions (such as resolve, ignore, assign) to quickly change the status of multiple incidents.
  • Incident detail implement navigation through matches in the git patch of a secret incident.
  • Historical scan add a new failed reason: "timed out".
  • Perimeter add a banner to remind users of missing integrations and unscanned repositories.

Bug fixes

  • CSV implement streaming download for long term performance fix.

February 8, 2021

Features

  • Settings ability to transfer workspace ownership.
  • Incidents add a loading visual upon table page change.

Bug fixes

  • Alerting integrations do not send notifications for deactivated detectors.

January 25, 2021

Features

  • Incidents introduction of "sensitive file" and "test file" tags. "Sensitive file" tag indicates that one of the occurrences of the incident happened on a potential sensitive file. "Test file" tag indicates that one of the occurrences of the incident happened on a potential test file.
  • Members introduction of Viewer role. A Viewer has access to all the incidents of your workspace. However, a Viewer cannot take actions such as resolving or ignoring an incident.

January 11, 2021

Features

  • Alerting integrations add a setting for alerting frequency. An incident may contain several occurrences. Therefore, you can pick if your Slack or custom webhook notifications fire only when a new incident is triggered (at the first occurrence) or at all occurrences of every incident.
  • GitLab add a configuration page for system hook integration, and improve group hook one.
  • GitLab allow integration of multiple GitLab instances on a workspace.
  • Security strengthen password policy.

Bug fixes

  • Incidents fix regression breaking timeline logs order.
  • Incident fix bug allowing several logs for an action (resolve/ignore) on an incident.

How can I help you ?