Release Date: July 15, 2025

This release introduces new detectors for GitLab incoming mail tokens, Coze personal access tokens, Tavus API keys, and more. It also includes significant improvements to existing detectors and analyzers, such as those for Zendesk, Sendinblue, and Algolia, enhancing detection accuracy and performance.

New Detectors

• GitLab Incoming Mail Token – Detects tokens used for GitLab incoming mail.
• Coze Personal Access Token – Detects personal access tokens for Coze services.
• Tavus API Key – Recognizes API keys for Tavus services.
• Heroku Platform Key – Detects prefixed variants of Heroku Platform Keys.
• SSH Credentials – New detector ssh_password_with_port allows matching SSH passwords with ports.
• Tableau Cloud PAT – Detects personal access tokens for Tableau Cloud.
• Notion Integration Token v2 – Detects the new Notion token format.

New Checkers These checkers are implemented to verify the detected secrets, adding another layer of security and ensuring their validity and correct application:

• Coze Personal Access Token
• Tavus API Key
• Heroku Platform Key
• Tableau Cloud PAT
• Notion Integration Token v2
• Salesforce OAuth2

Detector Improvements

• Google OAuth2 Keys – Improved precision for Google OAuth2 detector.
• Zendesk Token – ZendeskTokenAnalyzer has been rewritten in Rust for improved performance.
• Sendinblue Key – SendinblueSecretAnalyzer has been rewritten in Rust.
• Generic High Entropy Secret – No longer considers IDs in ServiceNow migration files as secrets.
• Algolia Keys – AlgoliaKeysSecretAnalyzer has been rewritten in Rust.
• Fastly Personal Token – FastlySecretAnalyzer has been rewritten in Rust.
• [Hugging Face User Access] – Migrated analyzer to Rust for improved performance.

Engine Enhancements

• All JWT detectors will now only catch signed JWTs, enhancing security.

  Release Date: July 2, 2025

This release introduces new detectors for AI71 and AMP API tokens, along with significant improvements to existing detectors and analyzers, such as those for GitHub, Slack, and DigitalOcean, enhancing detection accuracy and performance.

New Detectors

• AI71 API Key – Detects API keys for AI71 services.
• AMP API Token – Recognizes API tokens for AMP services.

New Checkers These checkers are implemented to verify the detected secrets, adding another layer of security and ensuring their validity and correct application:

• AI71 API Key
• AMP API Token

Detector Improvements

• Kubernetes Docker Secret – Enhanced detection for kubernetes.io/dockercfg secrets with more precise regex for JWTs.
• MySQL Assignment – Restricted the maximum number of secrets per document to prevent combinatorial explosion.
• Sourcegraph Token – Updated regex for sourcegraph_access_token_v3 as per customer request.
• GitHub Access Token – GitHub classic analyzer has been rewritten in Rust for improved performance.
• HashiCorp Vault Token – Improved precision for HashiCorp Vault token detection.
• Confluent Keys – Updated checker for Confluent API keys.
• GitHub Fine-Grained PAT – Analyzer now handles archived repositories.
• Slack Tokens – SlackBot analyzer has been rewritten in Rust for improved performance and applies to Slackbot, Slack App, and Slack User tokens.
• DigitalOcean Spaces Token – Fixed checker for tokens that do not have permission to list buckets.

  Release Date: June 16, 2025

This release introduces several new detectors for Kubernetes user certificates, NVIDIA API keys, and various other services such as Alchemy, OpenRouter, and Duffel. We've also made improvements to existing detectors for enhanced detection accuracy and reduced false positives.

New Detectors

• Kubernetes User Certificate with Port – Extracts port numbers for Kubernetes user certificates.
• NVIDIA API Key – Detects API keys for NVIDIA services.
• Alchemy API Key v2 – Identifies API keys for Alchemy services.
• OpenRouter API Key – Detects API keys for OpenRouter services.
• Duffel API Key – Recognizes API keys for Duffel services.
• Apify Token – Captures tokens for Apify services.
• Jina API Key – Detects API keys for Jina services.
• Deno Account Token – Identifies tokens for Deno accounts.
• Segment Workspace Key v2 – Detects workspace keys for Segment services.
• Resend API Key – Recognizes API keys for Resend services.
• VKontakte Access Token – Detects access tokens for VKontakte services.
• Fireworks AI API Key – Captures API keys for Fireworks AI services.

New Checkers These checkers are implemented to verify the detected secrets, adding another layer of security and ensuring their validity and correct application:

• Kubernetes User Certificate with Port
• Alchemy API Key v2
• OpenRouter API Key
• Duffel API Key
• Apify Token
• Jina API Key
• Deno Account Token
• Resend API Key
• VKontakte Access Token
• Fireworks AI API Key

Detector Improvements

• Generic High Entropy Secret – Removed AWS ECR images that were misclassified as secrets.
• Google OAuth2 Keys – Improved regex for better detection accuracy.
• Checkout Secret Key – Updated endpoint to avoid deprecated usage.
• Checkout Sandbox Secret Key – Enhanced pattern and updated endpoint for improved accuracy.
• Bunny.net API Key – Fixed checker for better validation.
• Dify API Key – Updated checker endpoint for enhanced detection.

  Release Date: June 10, 2025

This release adds 12 new detectors covering GitLab tokens, Kubernetes JWTs, Laravel encryption keys, and API keys for AI services like Dify, Firecrawl, and Llama Cloud. We've also enhanced existing detectors for Ubidots, Azure Cosmos DB, GitLab tokens, and ODBC connections to improve accuracy and reduce false positives.

New Detectors

• Laravel Encryption Key with Host – Detects Laravel encryption keys associated with a host.
• GitLab Feature Flags Client Token with Project ID – Identifies tokens and project IDs for GitLab feature management.
• Kubernetes JWT with Host – Detects JWTs used in Kubernetes environments.
• GitLab Trigger Token – Recognizes tokens for triggering GitLab pipelines.
• Brave Search API Key – Detects API keys for accessing Brave Search.
• GitLab Deploy Token – Identifies deploy tokens for managing GitLab project deployments.
• Firecrawl API Key – Detects API keys for Firecrawl services.
• Dify API Key – Detects API keys for Dify services.
• GitLab Runner Authentication Token – Captures authentication tokens for GitLab runners.
• Ubidots API Key – Detects API keys for Ubidots.
• Vapi API Key – Detects API keys for Vapi services.
• Llama Cloud API Key – Ensures detection of API keys for Llama Cloud.

New Checkers These checkers are implemented to verify the detected secrets, adding another layer of security and ensuring their validity and correct application:

• Laravel Encryption Key with Host
• GitLab Feature Flags Client Token with Project ID
• Kubernetes JWT with Host
• Brave Search API Key
• Firecrawl API Key
• Dify API Key
• GitLab Runner Authentication Token

Detector Improvements

• Ubidots Token – Now includes new secret prefixes and improved checker responses for tokens from disabled accounts.
• Azure Cosmos DB Credentials – Enhanced host pattern to improve recall and detection accuracy.
• GitLab Token – Refined pattern to minimize false positives.
• ODBC Connection String – Advanced detection precision for ODBC strings.

Engine Enhancements

• Expanded detection pattern list for encrypted strings to increase precision.
• Enhanced AssignmentRegexMatcher for N prefixed strings in SQL, supporting Microsoft SQL Server.

  Release Date: May 29, 2025

In our latest release, we have focused on refining our detection capabilities and introducing new tools to enhance the security of your digital assets. This update includes a new detector for GitLab feature flags tokens, along with significant improvements to existing detectors for AMQP credentials, Confluent keys, and Azure services.

New Detectors

• GitLab Feature Flags Client Token – Detects tokens used for managing feature flags in GitLab projects, crucial for controlling feature rollouts and ensuring smooth deployment processes.

Detector Improvements

• AMQP Credentials – Detector Upgrade: Enhanced multimatch selection to reduce false positive combinations, vital for secure message queuing in distributed systems.
• Confluent Keys – Detector Upgrade: Improved multimatch selection for better accuracy and fewer false positives, essential for managing access to Kafka clusters.
• Generic High Entropy Secret – Detector Upgrade: Excludes secrets ending with '.certificate' from being reported, reducing noise by ignoring non-sensitive certificates.
• Artifactory Token – Analyzer Upgrade: Improved stability by preventing crashes when analyzing secrets with multiple scopes, key for managing and securing software artifacts.
• Microsoft Azure Storage Connection String – Checker Upgrade: Enhanced to accept additional fields, crucial for accessing and managing Azure storage resources securely.
• Microsoft Azure Storage Account Key – Detector Upgrade: Increased precision, reducing false positives, critical for safeguarding data in cloud storage.

Miscellaneous

• Established a priority rule favoring the confluent_api_keys detector over amqp_assignment and amqp_assignment_attached_port detectors.