Skip to main content

5 posts tagged with "secrets-detection"

View All Tags

Detection Engine Updates Version 2.143

calendar icon   Release Date: July 15, 2025

This release introduces new detectors for GitLab incoming mail tokens, Coze personal access tokens, Tavus API keys, and more. It also includes significant improvements to existing detectors and analyzers, such as those for Zendesk, Sendinblue, and Algolia, enhancing detection accuracy and performance.

New Detectors

New Checkers These checkers are implemented to verify the detected secrets, adding another layer of security and ensuring their validity and correct application:

  • Coze Personal Access Token
  • Tavus API Key
  • Heroku Platform Key
  • Tableau Cloud PAT
  • Notion Integration Token v2
  • Salesforce OAuth2

Detector Improvements

  • Google OAuth2 Keys – Improved precision for Google OAuth2 detector.
  • Zendesk Token – ZendeskTokenAnalyzer has been rewritten in Rust for improved performance.
  • Sendinblue Key – SendinblueSecretAnalyzer has been rewritten in Rust.
  • Generic High Entropy Secret – No longer considers IDs in ServiceNow migration files as secrets.
  • Algolia Keys – AlgoliaKeysSecretAnalyzer has been rewritten in Rust.
  • Fastly Personal Token – FastlySecretAnalyzer has been rewritten in Rust.
  • [Hugging Face User Access] – Migrated analyzer to Rust for improved performance.

Engine Enhancements

  • All JWT detectors will now only catch signed JWTs, enhancing security.

Detection Engine Updates Version 2.142

calendar icon   Release Date: July 2, 2025

This release introduces new detectors for AI71 and AMP API tokens, along with significant improvements to existing detectors and analyzers, such as those for GitHub, Slack, and DigitalOcean, enhancing detection accuracy and performance.

New Detectors

New Checkers These checkers are implemented to verify the detected secrets, adding another layer of security and ensuring their validity and correct application:

  • AI71 API Key
  • AMP API Token

Detector Improvements

  • Kubernetes Docker Secret – Enhanced detection for kubernetes.io/dockercfg secrets with more precise regex for JWTs.
  • MySQL Assignment – Restricted the maximum number of secrets per document to prevent combinatorial explosion.
  • Sourcegraph Token – Updated regex for sourcegraph_access_token_v3 as per customer request.
  • GitHub Access Token – GitHub classic analyzer has been rewritten in Rust for improved performance.
  • HashiCorp Vault Token – Improved precision for HashiCorp Vault token detection.
  • Confluent Keys – Updated checker for Confluent API keys.
  • GitHub Fine-Grained PAT – Analyzer now handles archived repositories.
  • Slack Tokens – SlackBot analyzer has been rewritten in Rust for improved performance and applies to Slackbot, Slack App, and Slack User tokens.
  • DigitalOcean Spaces Token – Fixed checker for tokens that do not have permission to list buckets.

Detection Engine Updates Version 2.141

calendar icon   Release Date: June 16, 2025

This release introduces several new detectors for Kubernetes user certificates, NVIDIA API keys, and various other services such as Alchemy, OpenRouter, and Duffel. We've also made improvements to existing detectors for enhanced detection accuracy and reduced false positives.

New Detectors

New Checkers These checkers are implemented to verify the detected secrets, adding another layer of security and ensuring their validity and correct application:

  • Kubernetes User Certificate with Port
  • Alchemy API Key v2
  • OpenRouter API Key
  • Duffel API Key
  • Apify Token
  • Jina API Key
  • Deno Account Token
  • Resend API Key
  • VKontakte Access Token
  • Fireworks AI API Key

Detector Improvements

Detection Engine Updates Version 2.140

calendar icon   Release Date: June 10, 2025

This release adds 12 new detectors covering GitLab tokens, Kubernetes JWTs, Laravel encryption keys, and API keys for AI services like Dify, Firecrawl, and Llama Cloud. We've also enhanced existing detectors for Ubidots, Azure Cosmos DB, GitLab tokens, and ODBC connections to improve accuracy and reduce false positives.

New Detectors

New Checkers These checkers are implemented to verify the detected secrets, adding another layer of security and ensuring their validity and correct application:

  • Laravel Encryption Key with Host
  • GitLab Feature Flags Client Token with Project ID
  • Kubernetes JWT with Host
  • Brave Search API Key
  • Firecrawl API Key
  • Dify API Key
  • GitLab Runner Authentication Token

Detector Improvements

Engine Enhancements

  • Expanded detection pattern list for encrypted strings to increase precision.
  • Enhanced AssignmentRegexMatcher for N prefixed strings in SQL, supporting Microsoft SQL Server.

Detection Engine Updates Version 2.139

calendar icon   Release Date: May 29, 2025

In our latest release, we have focused on refining our detection capabilities and introducing new tools to enhance the security of your digital assets. This update includes a new detector for GitLab feature flags tokens, along with significant improvements to existing detectors for AMQP credentials, Confluent keys, and Azure services.

New Detectors

  • GitLab Feature Flags Client Token – Detects tokens used for managing feature flags in GitLab projects, crucial for controlling feature rollouts and ensuring smooth deployment processes.

Detector Improvements

  • AMQP CredentialsDetector Upgrade: Enhanced multimatch selection to reduce false positive combinations, vital for secure message queuing in distributed systems.
  • Confluent KeysDetector Upgrade: Improved multimatch selection for better accuracy and fewer false positives, essential for managing access to Kafka clusters.
  • Generic High Entropy SecretDetector Upgrade: Excludes secrets ending with '.certificate' from being reported, reducing noise by ignoring non-sensitive certificates.
  • Artifactory TokenAnalyzer Upgrade: Improved stability by preventing crashes when analyzing secrets with multiple scopes, key for managing and securing software artifacts.
  • Microsoft Azure Storage Connection StringChecker Upgrade: Enhanced to accept additional fields, crucial for accessing and managing Azure storage resources securely.
  • Microsoft Azure Storage Account KeyDetector Upgrade: Increased precision, reducing false positives, critical for safeguarding data in cloud storage.

Miscellaneous

  • Established a priority rule favoring the confluent_api_keys detector over amqp_assignment and amqp_assignment_attached_port detectors.