Azure Repos integration: the monitoring of your Azure Repos repositories is now done in real-time. Refer to the documentation for more details.
Filters: a new way of filtering pages, more streamlined and intuitive.
Jira Cloud integration: jira issues can now be created without assigning them to anyone.
Source criticality: a new parameter at the source level to help users prioritize their Secret, SCA, and IaC incidents. Refer to the documentation for more details.
SCA & IaC grant access: access can now be granted to Members on specific SCA and IaC incidents.
IP allow-listing for Honeytoken: it is now possible to add IP ranges to an allow-list, ensuring events from these IPs won’t trigger the honeytokens. Learn more about IP rules.
IaC Security: introduction of a new "Source Criticality" field and filter to help prioritization of IaC incidents (for IaC beta testers only). Note that the Source Criticality must first be defined in the Perimeter page.
Teams: users can now filter the incidents and the perimeter pages based on their teams. Managers have the flexibility to filter any team, while Members can only filter their own teams.
Azure repos integration: installation status now persistently remains until completed during user navigation.
Azure repos integration: removing a token no longer causes a crash in other installation.
Bitbucket integration: prevents connection errors from revoking a Bitbucket token, letting instances go through maintenance without needing to re-enter their token afterwards.
Incident details: git patches of occurrences can now have restricted visibility to only the teams and developers involved with the occurrence, thanks to a workspace setting.
Incident details: if the git patch of an occurrence is too large, a link to the Version Control System is displayed instead.
API: New endpoint to retrieve secret incidents of a team.
IaC Security: introduction of new remediation analytics accessible on the platform (for IaC beta testers only).
ggshield: ggshield auth login flow now asks you to confirm scopes.
Historical scan: addition of some details in the status tooltip, including scan duration and number of commits and branches scanned. For failed scans, the tooltip now also displays the reason for the failure.
API: a rate limiting is now applied. Refer to our documentation for more details.
Incidents: addition of the Publicly leaked tag to secret incidents that have been leaked outside of your perimeter on public GitHub. Refer to our documentation for more details.
Custom webhook: fix notifications for when a bulk action is performed. Previously, only one notification would be sent for the first incident affected by the bulk action. However, now notifications are sent for each incident that is modified by the bulk action.
Incident details: the public sharing toggle has been moved to the "Grant access" modal, which has been renamed to the "Share" modal. For a more detailed explanation, please refer to our collaboration and sharing documentation.
Incidents: add an explanation tooltip to the "Default branch" tag.
Integrations: modification of the Integrations and Settings/Integrations pages.
Incident details: filters have been added to the occurrences table.
Honeytokens: addition of country flag next to the IP address in the events table.
Honeytokens: new IP tagging feature: it is now possible to create custom rules to assign tags to honeytoken events based on their IP address. Use this to recognize events originating from known IP addresses, such as those internal to your organization. For more information, check out the documentation here.
API: new endpoints to manage labels for honeytokens.
Secret detection engine: upgrade to version 2.93 with some detection improvements.
Incident details: feedback about the incident can now be submitted in a standardized way through a form that is available on the incident's page. Refer to this page for more information on how to use this form effectively and involve your developer population during the remediation process.
Incidents: addition of new filter to select the incidents that are publicly shared.
Teams: team owners with the Member role can now invite brand new users to the workspace when adding teammates to their team. This is a Business-only feature and can be deactivated. For more details, please refer to this page.
Grant access: users with Full access incident permissions can now invite brand new users to the workspace when granting access to an incident. This is a Business-only feature and can be deactivated. For more details, please refer to this page.
Honeytoken: a new button "How to test your honeytoken" has been added to make it easier to test the trigger and alerting mechanism.
Honeytoken: clicking on the honeytoken Publicly exposed tag now opens a modal that shows all the public commits where the honeytoken was discovered by GitGuardian.
Honeytoken: it is now possible to filter events based on their tags (AWS internal, GitGuardian Public Monitoring IP).
Honeytoken: it is now possible to manage labels from the Honeytoken settings page.
Teams: fix a bug that prevented invitees, who already had a GitGuardian workspace, from being added to the expected teams when they accepted an invitation.
Emails: button URLs are now hardcoded to prevent a bad user experience when the button is not visible due to HTML-escaping by email providers.
Custom severity rules: the severity ruleset used by the automated severity scoring is now customizable to maximize the coverage of automatically scored incidents.
Automated severity scoring: automated severity scoring is now activated by default for all workspaces under the Free plan.
Jira integration: Jira ticket creation CTAs are hidden for workspaces without a single Jira site installed.
Jira integration: fix permission issues by disabling the configure button for users without a Manager role and allowing users with the Restricted role and can edit permissions to create a Jira ticket.
ggshield:: since v1.12 of ggshield, ggshield scan and ggshield ignore commands are deprecated, use ggshield secret scan and ggshield secret ignore instead.
GitHub: explicitly neutralize old check runs that are re-run.
GitHub: users with an email address that has a reserved email domain can no longer register via GitHub SSO, but they can still log in if SSO is not forced.
Incident: fix grant access modal broken when too many Restricted users.
API introduction of data management scopes for API keys
GitHub allow users with a linked GitHub account to link a dangling installation to their workspace. It also works from unauthenticated users installing the GitHub App directly from GitHub.
Onboarding implementation of an onboarding todo list to guide users in their first steps on the application
Analytics introduction of the Analytics section. This new section provides insight into the evolution of your workspace metrics helping you monitor your security posture over time.
Incident detail ability to share an incident externally. Security teams can give visibility to developers, involved in the incident, but who are not authenticated on the workspace.
GitLab display in-app warning when an integration is no longer monitored.
Bitbucket display in-app warning when an integration is no longer monitored.
Bitbucket Bitbucket integration is now available. You can monitor your Bitbucket repositories for secrets detection.
Audit log introduction of an Audit log section in the settings. As the Owner or Managers of your GitGuardian workspace, get a centralized view of all the user activity that took place on your workspace.
GitLab improve the settings perimeter of namespaces/projects. Display the number of monitored projects per namespace and display the number of pending changes while changing the monitoring states. Lazy loads the projects only when a namespace is open.
Incidents introduction of bulk actions. While we highly encourage you to examine an incident closely before closing it, you can now perform bulk actions (such as resolve, ignore, assign) to quickly change the status of multiple incidents.
Incident detail implement navigation through matches in the git patch of a secret incident.
Historical scan add a new failed reason: "timed out".
Perimeter add a banner to remind users of missing integrations and unscanned repositories.
Incidents introduction of "sensitive file" and "test file" tags. "Sensitive file" tag indicates that one of the occurrences of the incident happened on a potential sensitive file. "Test file" tag indicates that one of the occurrences of the incident happened on a potential test file.
Members introduction of Viewer role. A Viewer has access to all the incidents of your workspace. However, a Viewer cannot take actions such as resolving or ignoring an incident.
Alerting integrations add a setting for alerting frequency. An incident may contain several occurrences. Therefore, you can pick if your Slack or custom webhook notifications fire only when a new incident is triggered (at the first occurrence) or at all occurrences of every incident.
GitLab add a configuration page for system hook integration, and improve group hook one.
GitLab allow integration of multiple GitLab instances on a workspace.