Detection Engine Updates Version 2.160

  Release Date: March 31, 2026

This release introduces new detectors for Paymob and ConvertTo-SecureString, analyzers for Sentry, Figma, Datadog, and Google Cloud, plus various detector and checker fixes.

The highlight of this release is a new family of private key checkers. For generic PKCS#8, OpenSSH, RSA, and elliptic curve private keys, GitGuardian can now verify whether the key is registered with GitLab or GitHub, letting you distinguish live, account-linked keys from unused ones and prioritize remediation accordingly.

Notable precision improvements:

• gitlab_token: improved precision.
• azure_subscription_key: improved precision.

New Detectors and Checkers

• Paymob API Key: Add a new detector for Paymob API Key.
• Paymob Secret Key: Add a new detector for Paymob Secret Key.

New Detectors

• ConvertTo-SecureString Password: Add a new detector for ConvertTo-SecureString Password.
• Paymob HMAC Secret: Add a new detector for Paymob HMAC Secret.

New Checkers

• Kubernetes Docker Secret: Add custom checkers to handle individual secrets stored in the base64-encoded string.
• Generic Private Key: Check whether a PKCS#8 private key is registered with GitLab or GitHub.
• OpenSSH Private Key: Check whether an OpenSSH private key is registered with GitLab or GitHub.
• RSA Private Key: Check whether an RSA private key is registered with GitLab or GitHub.
• Elliptic Curve Private Key: Check whether an EC private key is registered with GitLab or GitHub.

New Analyzers

• Sentry User Auth Token: Add a new analyzer for Sentry Token.
• Figma Personal Access Token: Add a new analyzer for Figma Personal Access Token.
• Datadog API Credentials: Add a new analyzer for Datadog API credentials.
• Google Cloud Keys: Add a new analyzer for Google Cloud Keys.

Detector Upgrades

• GitLab Token: Fix false positive matching passwords in user:pass context
• Azure Subscription Key: azure_subscription_key detector no longer mistakenly reports ServiceNow sys ID as secrets.

Checker Upgrades

• Supabase API Key: Fix checker to correctly return INVALID for revoked keys.