Past release notes
Browse all past GitGuardian SaaS releases, feature updates, and hotfixes below.
December 23, 2024
Secrets Detection
- Secrets detection engine upgrade to version 2.129:
- Added 1 detector:
- Modified 4 detectors:
Bug fixes
- Check runs: Updated messages to note flagged secrets lack commit references and remain compromised once leaked.
- Validity check: Fixed an issue where the tooltip incorrectly indicated a token was valid for all endpoints when it was valid for only one.
- Jira issue tracking: Fixed issue where line feeds (\n) were not properly translated to hardBreak nodes, ensuring correct spacing in Jira tickets.
December 12, 2024
Secrets Detection
- Secrets detection engine upgrade to version 2.128:
- Added 4 detectors:
- Modified 1 detector:
Platform
- Navigation: The menu has been redesigned with a collapsible left sidebar for a cleaner, more organized experience.
- VCS integration: Workspace Managers can now disable automatic repository monitoring in GitGuardian, giving you more control when adding new repositories to your perimeter. For an example, see GitHub integration.
Bug fixes
- Health Check: Fixed issue where health checks were run for all GitHub installations. Now only the first installation is checked.
December 5, 2024
Secrets Detection
- Check runs: Business workspaces now have the option to improve their code security by enabling GitGuardian check runs on their GitHub forked repositories. Learn more here.
- Secret pattern exclusion: This feature allows users to define patterns and therefore hide any secret matching the pattern defined. Secret pattern can be applied to all repositories or a defined set of repositories. It provides greater control over exclusion rules, allowing for more precise management of incidents. Learn more.
Platform
- User management: SCIM integration allows user deprovisioning in GitGuardian based on changes in your Identity Provider (IdP). User accounts can be automatically deactivated or deleted when removed from your IdP. User and team provisioning will be supported in a future update. For setup details, refer to our documentation.
- Jira Cloud Issue tracking integration: Introduced a template selection dropdown for manual ticket creation.
Bug fixes
- Performance: Fixed an issue that occasionally caused "504 Gateway Timeout" errors when retrieving memberships.
November 18, 2024
Secrets Detection
- Secrets detection engine upgrade to version 2.126:
Platform
- API: A new parameter,
send_email: true|false
, is now available on endpoints that trigger an email notification, such as when an invitation is created. This allows you to determine whether an email should be sent when using these endpoints. By default, if the parameter is not specified, the email will be sent. - Health Check: Distribute health checks over time rather than executing them simultaneously. This reduces system load, avoids bottlenecks, and enhances monitoring accuracy.
- GitLab integration: Give the ability to configure an instance-level GitLab integration using a read-only admin token. However, since the token lacks permissions for creating system hooks, manual setup is required. Learn more.
Bug fixes
- Historical Scans:
- Fixed UI count on the perimeter page so that "sources successful" now shows the total count of monitored sources, regardless of failed or unscanned sources.
- Standardized the date format for start and end dates in the status tooltip.
- Corrected the repo size display in the status tooltip.
- Incidents: Notify team leaders only when a valid secret is intentionally ignored.
November 4, 2024
Secrets Detection
- Secrets detection engine upgrade to version 2.125:
Platform
- API: All Sources endpoints
now require specific scopes for access. The new
sources:read
scope is required for all GET endpoints to retrieve source information, while thesources:write
scope is required for the PATCH endpoint to update a source's attributes, monitoring status, and business criticality. - Settings: To improve navigation on the
settings page,
we’ve introduced two new dedicated sections:
- Integrations: Organized by source and destination for easier access.
- Secrets: Consolidates items previously found under the "Secrets Detection".
October 28, 2024
Platform
-
ServiceNow Issue tracking integration: This new issue tracking integration allows to create ServiceNow issues from GitGuardian incidents. The feature includes the following:
- possibility to create a ServiceNow issue directly from a GitGuardian incident;
- possibility to automate the creation of a ServiceNow issue for any new Gitguardian incident;
- auto-resolve setting to mark the incident as resolved in your dashboard when the issue is closed in ServiceNow.
Follow our documentation to configure the integration.
October 21, 2024
Secrets Detection
- Secrets detection engine upgrade to version 2.124:
- Added 1 detector:
- Modified 5 detectors:
Platform
- Check runs: GitHub's custom properties can now be leveraged to override the GitGuardian global configuration of check runs. This allows customization at both the repository and organization levels. For more details, please refer to our dedicated documentation
- Historical Scan:
- New "Bulk Historical Scans Management" page for easy tracking, filtering, and detailed insights on all scans.
- Simplify source management with a new filter for instances (e.g., production/staging).
- Members: You now have the option to deactivate a member instead of deleting them. For more details, refer to our documentation.
Bug fixes
- Validity check: Fixed GitLab checker wrongly marking some secrets as valid by improving token validation (impacting custom host validity checks).
- Perimeter: Fixed inaccurate historical scanning statistics displayed on the side panel of the perimeter page.
October 17, 2024
Secrets Detection
- Filepath exclusion: File path exclusions are now applicable to one or more repositories. By targeting file path exclusions to specific repositories, users can significantly reduce the number of irrelevant incidents, enabling more accurate incident management. Learn more.
October 14, 2024
Platform
- Analytics Charts: A new page is available in the Analytics menu. This new feature is available for all business users. Analytics Charts is a powerful feature designed to help you visualize and understand your incidents over time. Whether you are a developer, security lead, or manager, Analytics Charts provides valuable tools to track progress, measure performance, and make informed decisions. Access the Analytics Charts.
October 7, 2024
Secrets Detection
- Secrets detection engine upgrade to version 2.122: Enhance recall and
coverage while expanding the range of detectable secrets with new and updated
detectors.
- Added 3 detectors:
- Modified 1 detector:
- VSCode extension: We are excited to announce the release of GitGuardian CLI (ggshield) as a VS Code extension! Files are now automatically scanned upon saving, with detected secrets highlighted in your code and listed as warnings. Additionally, custom remediation messages are provided within your IDE to guide you in resolving any issues efficiently. Download from the marketplace
September 23, 2024
Secrets Detection
- Jira Data Center integration: Jira Data Center integration is now supported for real-time secret detection and honeytoken detection.
Platform
- Saved views: Saved views can now be created in the Honeytoken module.
Bug fixes
- Personal access token: Resolved a bug to ensure the lifetime of a newly generated personal access token is strictly less than the maximum permissible duration.
September 9, 2024
Secrets Detection
- Confluence Data Center integration: Confluence Data Center integration is now supported for real-time secret detection and honeytoken detection.
- Slack integration: Slack integration is now supported for scanning the full history of your public and private Slack channels to detect leaked secrets.
Platform
- IP allowlist: Managers can now restrict access to the dashboard and API to specified IP addresses or ranges for enhanced security. This feature is available only for Business accounts. Refer to our documentation for more details.
- Historical Scan: Streamline source management with new filters for failure reasons and last scan date.
Bug fixes
- Historical Scan: Improved handling of pending states and fixed an issue where sources were reaching the timeout limit.
August 26, 2024
Secrets Detection
Secrets detection engine upgrade to v2.120: Enhance recall and coverage while expanding the range of detectable secrets with updated detectors.
- Added 2 detectors:
- Modified 6 detectors:
Note concerning the reCAPTCHA Key detector: Due to changes in the behavior of some Google APIs, we are no longer able to ensure the validity of reCaptcha keys. As this detector could be quite "noisy" the validity of the keys was a mandatory prerequisite in the detection flow and this can no longer be the case. We have however improved this detector to be as efficient as possible.
Bug fixes
- Jira Cloud Issue tracking integration: Fixed an issue where the assignee dropdown in Jira template creation was incomplete for projects with a large number of assignees due to pagination limits.
August 14, 2024
Secrets Detection
- Secrets detection engine upgrade to version 2.117: Enhance recall and
coverage while expanding the range of detectable secrets with new and updated
detectors.
- Added 2 detectors: Serpapi Token and Tavily API Key
- Modified 1 detector: GitLab Token
- Validity check: Business workspaces that self-host service providers can now perform validity checks. They can specify the host against which to run a check in the configuration of separate secret detectors. For example you can perform a validity check for a GitLab token secret against your own GitLab instance. For more details, refer to our dedicated documentation.
Platform
- GitGuardian CLI (ggshield) custom remediation message: Admins can now customize remediation messages at pre-commit, pre-push or pre-receive stages and provide to developers useful guidance on how to use internal Vaults etc ... See documentation here.
- Saved views: You can now save your most frequently used filters as views for quicker access. Learn more about about saved views here.
- Historical Scan Enhancements: These enhancements provide better visibility and management of the scanning process. They include progress estimation for both individual and bulk scans, along with comprehensive scan status details such as size, duration, start/end dates, number of commits, branches, queue duration, and more.
- Health Check: Let managers manually start health checks from the GitGuardian dashboard so they can address any failed checks immediately without waiting for the next scheduled run.
- Teams: Get simplified team management with a clear designation of team
leaders. Changing "can_manage|cannot_manage team permissions" to a "team
leader" boolean attribute to designate the team owner. ⚠️ The
team_permissions
field has been deprecated and replaced by theis_team_leader
field in our API for the endpoints/v1/teams/{team_id}/team_memberships
and/v1/teams/{team_id}/team_invitations
.
July 29, 2024
Secrets Detection
- False Positive Remover v1: Our first internal machine learning model halves false positives, ensuring data security and privacy without third-party dependencies. This in-house capability is now available to all Business and Enterprise accounts.
- Remediation tracking: Enhanced the secrets remediation workflow with precise location details for code fixes and real-time tracking of remediation progress. Learn more here.
Platform
- GitLab integration: Upon installing a new integration for GitLab Community Edition, it is now possible to skip the historical scan (to launch it manually later).
Bug fixes
- Microsoft Teams integration: Fixed an issue impacting real-time secret detection in Microsoft Teams channels.
July 15, 2024
Secrets Detection
-
Microsoft Teams integration: Microsoft Teams integration is now supported for real-time secret detection and honeytoken detection.
-
Secrets detection engine upgrade to version 2.116: Enhance recall and coverage while expanding the range of detectable secrets with new and updated detectors.
Added 1 detector
Modified 3 generic detectors
Modified 78 specific detectors
We have enhanced our approach to searching for the prefix linked to the secret, considering more complex scenarios. This allows us to improve recall.
- Adafruit IO API Key
- Airtable API Key v2
- Alchemy API Key
- Amazon MWS Token
- Checkout.com Sandbox API Secret Key
- CircleCI Personal Token
- Claude API Key
- Clojars Deploy Token
- Cloudinary API key URL
- Contentful Content Management API Key
- DigitalOcean OAuth Application Token V1
- DigitalOcean Personal Access Token V1
- DigitalOcean Refresh Token V1
- Discord Webhook URL
- Docker Swarm Join Token
- Docker Swarm Unlock Key
- EasyPost API Key
- Firebase Cloud Messaging API Key
- Figma Personal Access Token
- Flutterwave API Key
- Frame IO Token
- GitHub fine-grained personal access token
- GitHub Oauth Access Token
- GitHub Personal Access Token
- GitHub Server-to-server Token
- GitHub User-to-server Token
- GitLab Token
- Grafana Cloud API Key
- Grafana Service Account Token
- Groq API Key
- Heartland API key
- Langchain API Key
- Linear API Key
- Base64 Midtrans API Key
- Notion Integration Token
- npm Token Prefixed
- Nylas API Key
- OpenAI Project API Key
- Paystack Key
- Plaid Access Token
- PlanetScale OAuth Token
- Postman API Key
- PubNub Publish Key
- Readme API Key
- Riot Games API Key
- RubyGems.org API Key
- Samsara API Key
- SendinBlue Key v3
- Sentry Org Auth Token
- Sentry User Auth Token v2
- Shippo API token
- Shopify Generic App Token
- Shopify Private App Token
- Slack App Token
- Slack Configuration Refresh Token
- Slack Configuration Token
- Slack User Token
- Sourcegraph Access Token v3
- Sourcegraph Enterprise subscription Token
- Sourcegraph License Key Token
- Sourcegraph Access Token v2
- Sourcegraph User Gateway Access Token
- Sqreen Token
- Square Access Token
- Stripe Webhook Secret
- Tailscale API Key
- Tailscale OAuth Key
- Tailscale Pre-Authentication Key
- Tailscale SCIM Key
- Tailscale Webhook Key
- Typeform API Token
- Ubidots Token
- Vercel Blob Token
- WakaTime API Key
- WePay token
- Yandex Predictor API Key
- Zillow Key
- Zuplo API Key
-
Incidents: When an incident is ignored with a secret still valid, an email notification is sent to the team manager(s) or to the workspace manager. N.B: this feature is available in the business plan.
-
Weekly email recap: From now on, a new section is displayed in the weekly email recap displaying the number of ignored incident with a secret still valid in the last week. N.B.: this feature is available in the business plan.
SCA
- .NET Support: Scans dependencies for C#, F#, and Visual Basic, broadening the language support.
- Improved Java Support: Transitive dependencies are now scanned in Maven, providing more comprehensive security coverage.
Platform
- Historical Scan:
- Skip historical scan of unchanged repositories since the last scan to save time and resources.
- Filter and sort repositories by scan duration on the Perimeter page for better management.
- Introduced
pending_timeout
status in the API to differentiate between scans failing due to timeouts (timeout
) and those in the queue (pending_timeout
).
- API Enhancements: User feedback on secret incidents is now accessible via
the API, providing better incident management and insights. This information
is included in the
feedback_list
field within the secret incidents' payload - Settings: The data storage location region is now visible in your workspace settings.
Bug fixes
- Check runs: Addition of an optional
Skip
action for check runs on forked repositories that detect secrets, preventing a complete blockage for developers.
June 24, 2024
Secrets Detection
- Incident details: Addition of a 'per page' selector on the occurrences table.
Platform
- Members: Renamed 'role' to 'access level' for clarity.
⚠️ Therole
field has been deprecated and replaced by theaccess_level
field in our API for the endpoints/v1/members
and/v1/invitations
.
June 17, 2024
Secrets Detection
- Secrets detection engine upgrade to version 2.115: Enhance recall and
coverage while expanding the range of detectable secrets with new and updated
detectors.
- 4 detectors added: Sentry Org Auth Token, Sentry User Auth Token v2, Slack Configuration Refresh Token, Slack Configuration Token
- 5 detectors updated: Equinix Authentication Token, Sentry User Auth Token v1, Signifyd API Key, Slack Bot Token, Slack User Token
Bug fixes
- Filepath exclusion: Correct a bug that causes the
*
character in the exclusion pattern to match at least one character when it should match zero or more characters.
June 10, 2024
Secrets Detection
- Confluence Cloud integration: Confluence Cloud integration is now supported for real-time secret detection and honeytoken detection.
June 4, 2024
Secrets Detection
- Secrets detection engine upgrade to version 2.114: Enhance recall and
coverage while expanding the range of detectable secrets with new and updated
detectors.
- 9 detectors added: ASP.NET Decryption Key, ASP.NET Validation Key, Langchain API Key, OpenAI Project API Key, OpenAI Service Account, Sourcegraph Enterprise Subscription Token, Sourcegraph License Key Token, Sourcegraph User Gateway Access Token, WakaTime API Key
- 4 detectors updated: Sentry Token, Generic Database assignment, Generic FTP Assignment, Generic Username Password
- Incidents: Periodic secret validity checks enabled for ignored incidents. See documentation here.
- Filepath exclusions: When adding a new rule, show how many new secret incidents will be hidden by the new filepath exclusion, without recalculating existing hidden incidents.
Platform
- GitLab integration: When a GitLab webhook is found disabled, GitGuardian now attempts to reactivate it automatically (by sending a test payload) before triggering an error message.
- Health Check: Send email notifications when a integration health check fails. For further details, refer to the Configure email preferences page. Note that the notification is not enabled by default for existing accounts and must be turned on manually.
SCA
- Introduction of the Malicious Package detection, to make sure we protect every organization from packages designed to be harmful.
- Highlight Dependency Confusion risk on private dependencies that were not publicly registered, to help organizations lower their exposure to Dependency Confusion attacks.
May 27, 2024
Secrets Detection
- Incidents details: merge commit authors from GitHub are now identified. It is not retroactive.
- API: new endpoint to query the secret incidents of a source.
Bug fixes
- API: fix a problem causing conflicting information between the UI and the API regarding team permissions.
- Historical scan: attribute automatic historical scans of new repositories to "GitGuardian Bot" in audit logs.
May 20, 2024
Secrets Detection
- Secrets detection engine: upgrade to version 2.113 with the addition of 5 new detectors (Nylas API Key,Sourcegraph Access Token v3, Duplo Cloud API Key,Fernet Key, Vercel Blob Token) and the improvement of 10 detectors (Base64 Generic High Entropy Secret, Generic Database Assignment, Generic High Entropy Secret, PostgreSQL CLI Credentials, Postgres assignment attached port, PostgreSQL Pgpass Credentials, PostgreSQL URI, Sourcegraph Access Token v2, Yelp API Key, Google Gemini API Key).
Platform
- Health Check:
- introduce tracking for the last execution and last successful execution times.
- implement periodic health checks to run every hour. This is a Business-only feature.
Bug fixes
- Custom webhook: fix a bug sending notifications for deactivated secret detectors.
May 13, 2024
Bug fixes
- Jira Cloud Issue tracking integration: fix an issue where Jira automatic configurations remained invisible to 'member' role users within the 'All Incidents' team, ensuring uniform visibility across teams.
May 6, 2024
Platform
- API: the
workspace_id
is now included in the payload of API tokens. - Historical scan: improve historical scan status overview on the perimeter page side bar.
Bug fixes
- Bitbucket Data Center integration:
- fix an issue where uninstalling a Bitbucket project inadvertently occurred when a token was removed, despite other valid tokens being present.
- enhance logging mechanisms surrounding Bitbucket token operations for better troubleshooting.
- Check runs: display accurate error message when a check run fails due to rate limiting.
April 29, 2024
Bug fixes
- API: correct a bug that allowed members to view sources they should not
have been able to access when using the
/sources
endpoint. - Check runs: fix a bug that is causing related incident IDs to be missing in the check run summary.
April 23, 2024
Secrets Detection
- Secrets detection engine: upgrade to version 2.111 with the addition of 3 new detectors (Grafana Cloud API Key, Groq API Key, Nx Cloud Token) and the improvement of 1 detector (Generic High Entropy Secret)
Platform
- Filters: the history of AI queries can now be deleted.
Bug fixes
- GitLab integration: when re-enabling a disabled webhook in GitLab, the error on the GitGuardian dashboard is now cleared automatically within 20 minutes.
- Filters: the "per-page" selection for each table is now persisted.
April 16, 2024
Platform
- Vault integration: CyberArk, a leader in privileged access management, helps secure, manage, and monitor privileged accounts and credentials. This integration leverages CyberArk to securely manage secrets and automate secret rotation, enhancing security alongside GitGuardian's leak detection capabilities. Refer to our documentation for more details.