Detection Engine Updates Version 2.159
Release Date: March 20, 2026
This release introduces 19 new detectors and checkers including Azure, DeepL, Oracle, SAP, and Polar tokens, 4 new analyzers, and improved detection precision and checker reliability across multiple existing secrets.
Notable Detection Changes
Starting with this release, we'll highlight notable detector changes that may affect your scan results. In this release, all detectors remain stable - you can expect minimal changes to detection accuracy. Future releases with significant changes will be called out here.
New Detectors and Checkers
- Polar Organization Access Token: Add a detector for Polar Organization Access Token.
- Google Cloud Express API Key: Add a detector for Google Cloud Express API Key
- Microsoft Azure Storage Account Key: Add a new detector for Microsoft Azure Storage Account Key with Account Name.
- Azure Language API Key: Add a new detector for Azure Language API Key.
- Azure IoT Hub Connection String: Add a new detector for Azure IoT Hub Connection String.
- DeepL Free API Keys: Implemented detector for DeepL Free API keys
- DeepL Pro API Keys: Implemented detector for DeepL Pro API keys
- Azure Document Intelligence Key: Add a new detector for Azure Document Intelligence Key.
- Azure Speech Services Key: Add a new detector for Azure Speech Services Key.
- Azure Computer Vision Key: Add a new detector for Azure Computer Vision API Key.
- Azure Text Translation Key: Add a new detector for Azure Text Translation Key.
- Oracle Credentials: Add a new detector for Oracle JDBC credentials.
- GitGuardian Public Monitoring API Key: Add detector for new GitGuardian Public Monitoring API Key format
- GitGuardian Internal Monitoring Key: Add detector for new GitGuardian Internal Monitoring Key format
- SAP AI Core Credentials: Add a new detector for SAP AI Core Credentials.
- Odoo External API Key: Add a new detector for Odoo External API Key.
New Detectors
- K3s Token: Add a detector for K3s tokens
- Zoho API Key: Add a detector for Zoho API Key
- ServiceNow Generic Password: Add a new detector for passwords in ServiceNow configuration files.
New Analyzers
- Azure App Configuration Connection String: Add a new analyzer for Azure App Configuration Connection String.
- Google API Key: Add a new analyzer for Google API Key.
- Azure Speech Services Key: Add a new analyzer for Azure Speech Services Key.
- FTP Credentials: Add a new analyzer for FTP credentials.
Detector Upgrades
- Oracle Credentials: Improve the Oracle JDBC connection string detector by updating the regex.
- AWS IAM STS Keys: Reduce false positives by requiring assignment context for client_secret match
- GitLab incoming mail token: Improve precision by updating the regex pattern.
- Pusher Channels Keys: Remove unneeded CWPV pattern
- Jina API Key: Pin key length according to empirical evidence.
Checker Upgrades
- SMTP credentials: hard-coded well-known SMTP services parameters
- MongoDB Credentials: Fix false positives by using authenticated operation instead of server_info()
- Langfuse Credentials: Add custom host support for langfuse_credentials checker
- GitLab Agent Kubernetes Token: Add custom host support for gitlab_agent_kubernetes_token checker
- GitLab CI/CD Job Token: Add custom host support for gitlab_ci_cd_job_token checker
- GitLab SCIM Token: Add custom host support for gitlab_scim_token checker
- Microsoft Power Apps Webhook: Return invalid check status for deleted webhooks.
- Jina API Key: Interpret 402 low credit status as a sign of a valid key.
- Snowflake Credentials: Refactor snowflake_uri checker to use Snowflake's REST login endpoint.
Analyzer Upgrades
- GitLab Token: The
gitlab_tokenanalyzer now includes more info about the token, and if available, about the token owner. - PostgreSQL Credentials: Handle connection timeout errors gracefully with a proper AnalyzerFailed exception
