Detection Engine Updates Version 2.159
Release Date: March 20, 2026
This release introduces 19 new detectors and checkers including Azure, DeepL, Oracle, SAP, and Polar tokens, 4 new analyzers, and improved detection precision and checker reliability across multiple existing secrets.
New Detectors and Checkers
- Polar Organization Access Token: Add a detector for Polar Organization Access Token.
- Google Cloud Express API Key: Add a detector for Google Cloud Express API Key
- Microsoft Azure Storage Account Key: Add a new detector for Microsoft Azure Storage Account Key with Account Name.
- Azure Language API Key: Add a new detector for Azure Language API Key.
- Azure IoT Hub Connection String: Add a new detector for Azure IoT Hub Connection String.
- DeepL Free API Keys: Implemented detector for DeepL Free API keys
- DeepL Pro API Keys: Implemented detector for DeepL Pro API keys
- Azure Document Intelligence Key: Add a new detector for Azure Document Intelligence Key.
- Azure Speech Services Key: Add a new detector for Azure Speech Services Key.
- Azure Computer Vision Key: Add a new detector for Azure Computer Vision API Key.
- Azure Text Translation Key: Add a new detector for Azure Text Translation Key.
- Oracle Credentials: Add a new detector for Oracle JDBC credentials.
- GitGuardian Public Monitoring API Key: Add detector for new GitGuardian Public Monitoring API Key format
- GitGuardian Internal Monitoring Key: Add detector for new GitGuardian Internal Monitoring Key format
- SAP AI Core Credentials: Add a new detector for SAP AI Core Credentials.
- Odoo External API Key: Add a new detector for Odoo External API Key.
New Detectors
- K3s Token: Add a detector for K3s tokens
- Zoho API Key: Add a detector for Zoho API Key
- ServiceNow Generic Password: Add a new detector for passwords in ServiceNow configuration files.
New Analyzers
- Azure App Configuration Connection String: Add a new analyzer for Azure App Configuration Connection String.
- Google API Key: Add a new analyzer for Google API Key.
- Azure Speech Services Key: Add a new analyzer for Azure Speech Services Key.
- FTP Credentials: Add a new analyzer for FTP credentials.
Detector Upgrades
- Oracle Credentials: Improve the Oracle JDBC connection string detector by updating the regex.
- AWS IAM STS Keys: Reduce false positives by requiring assignment context for client_secret match
- GitLab incoming mail token: Improve precision by updating the regex pattern.
- Pusher Channels Keys: Remove unneeded CWPV pattern
- Jina API Key: Pin key length according to empirical evidence.
Checker Upgrades
- SMTP credentials: hard-coded well-known SMTP services parameters
- MongoDB Credentials: Fix false positives by using authenticated operation instead of server_info()
- Langfuse Credentials: Add custom host support for langfuse_credentials checker
- GitLab Agent Kubernetes Token: Add custom host support for gitlab_agent_kubernetes_token checker
- GitLab CI/CD Job Token: Add custom host support for gitlab_ci_cd_job_token checker
- GitLab SCIM Token: Add custom host support for gitlab_scim_token checker
- Microsoft Power Apps Webhook: Return invalid check status for deleted webhooks.
- Jina API Key: Interpret 402 low credit status as a sign of a valid key.
- Snowflake Credentials: Refactor snowflake_uri checker to use Snowflake's REST login endpoint.
Analyzer Upgrades
- GitLab Token: The
gitlab_tokenanalyzer now includes more info about the token, and if available, about the token owner. - PostgreSQL Credentials: Handle connection timeout errors gracefully with a proper AnalyzerFailed exception
