Skip to main content

2 posts tagged with "secrets-detection"

View All Tags

Detection Engine Updates Version 2.140

calendar icon   Release Date: June 10, 2025

This release adds 12 new detectors covering GitLab tokens, Kubernetes JWTs, Laravel encryption keys, and API keys for AI services like Dify, Firecrawl, and Llama Cloud. We've also enhanced existing detectors for Ubidots, Azure Cosmos DB, GitLab tokens, and ODBC connections to improve accuracy and reduce false positives.

New Detectors

New Checkers These checkers are implemented to verify the detected secrets, adding another layer of security and ensuring their validity and correct application:

  • Laravel Encryption Key with Host
  • GitLab Feature Flags Client Token with Project ID
  • Kubernetes JWT with Host
  • Brave Search API Key
  • Firecrawl API Key
  • Dify API Key
  • GitLab Runner Authentication Token

Detector Improvements

Engine Enhancements

  • Expanded detection pattern list for encrypted strings to increase precision.
  • Enhanced AssignmentRegexMatcher for N prefixed strings in SQL, supporting Microsoft SQL Server.

Detection Engine Updates Version 2.139

calendar icon   Release Date: May 29, 2025

In our latest release, we have focused on refining our detection capabilities and introducing new tools to enhance the security of your digital assets. This update includes a new detector for GitLab feature flags tokens, along with significant improvements to existing detectors for AMQP credentials, Confluent keys, and Azure services.

New Detectors

  • GitLab Feature Flags Client Token – Detects tokens used for managing feature flags in GitLab projects, crucial for controlling feature rollouts and ensuring smooth deployment processes.

Detector Improvements

  • AMQP CredentialsDetector Upgrade: Enhanced multimatch selection to reduce false positive combinations, vital for secure message queuing in distributed systems.
  • Confluent KeysDetector Upgrade: Improved multimatch selection for better accuracy and fewer false positives, essential for managing access to Kafka clusters.
  • Generic High Entropy SecretDetector Upgrade: Excludes secrets ending with '.certificate' from being reported, reducing noise by ignoring non-sensitive certificates.
  • Artifactory TokenAnalyzer Upgrade: Improved stability by preventing crashes when analyzing secrets with multiple scopes, key for managing and securing software artifacts.
  • Microsoft Azure Storage Connection StringChecker Upgrade: Enhanced to accept additional fields, crucial for accessing and managing Azure storage resources securely.
  • Microsoft Azure Storage Account KeyDetector Upgrade: Increased precision, reducing false positives, critical for safeguarding data in cloud storage.

Miscellaneous

  • Established a priority rule favoring the confluent_api_keys detector over amqp_assignment and amqp_assignment_attached_port detectors.