Release Date: August 1, 2025

For customers with Public Monitoring enabled, we're excited to announce the release of dedicated API endpoints, enabling programmatic access to manage Public Monitoring findings.

What's new?

We've introduced new endpoints that allow you to:

• Manage and interact with public secret incidents
• List public perimeter developers information The new endpoints maintain consistency with our internal incidents API structure, ensuring a familiar experience for existing API users.

Why does this matter?

With these new API endpoints, you can:

• Integrate GitGuardian's public monitoring capabilities directly into your existing security tools
• Create automated workflows to handle incidents more efficiently
• Reduce response time by eliminating manual platform interactions

Check our API documentation to get started.

---

Fixes​

• Incident permissions: Fixed an issue where assignees with "can view" permissions would be hidden from the incident's UI.
• Slack integration: Fixed an issue where duplicate secret occurrences were created when thread replies were posted to channels in Slack.
• JFrog Artifactory integration:
  • Fixed an error in repository last update date retrieval during recurrent scans.
  • Improved error handling and diagnostics for health check connectivity issues.

  Release Date: June 19, 2025

The GitGuardian MCP (Model Context Protocol) Server is now available on GitHub. This integration brings GitGuardian's security capabilities directly into your AI-powered development environment, supporting Cursor, Windsurf, and any IDE implementing the Model Context Protocol.

The MCP Server enables your AI agent to read and analyze security incidents, generate honeytokens, and perform automated remediation tasks—all without leaving your development workflow.

Key Benefits

1. Eliminate Context Switching: Access security scanning and incident management directly within your AI IDE without switching to GitGuardian dashboards.
2. Real-Time Security Feedback: Catch security issues immediately during development, before they enter your codebase.
3. Enhanced Developer Autonomy: Empower developers to manage security posture independently with direct access to GitGuardian's tools.

Getting Started

For Cursor users: Click the button to install the GitGuardian MCP Server directly in your IDE.

For other IDEs: Follow our setup instructions to integrate the MCP Server into your environment.

---

Enhancements​

• Custom Tags API: Enhanced the custom tags filter in the public API to support filtering by key/value pairs in addition to IDs, improving search flexibility for better incident management. Learn more.
• Teams: Optimized the /teams API endpoint to reduce loading times for workspaces with large team structures.
• Playbook: "Auto-resolve secrets incidents when valid secrets are revoked" playbook is officially activated for all accounts. Learn about Playbooks
• Custom remediation: Added dynamic links to custom remediation pages, providing users with seamless access to relevant documentation and revocation support.

Fixes​

• Emails: Resolved an issue where email alerts were being sent to inactive workspace members.
• Custom Tags:
  • Resolved pagination issues in the custom_tags endpoint that were causing incorrect next page URLs.
  • Fixed an issue where assigning tags to selected filtered issues was incorrectly applying tags to all issues instead of only the selected ones.
• GitLab: Improve permission checking for GitLab group integrations to properly handle inherited permissions from parent groups.
• Azure DevOps Integration: Improved token handling to prevent unnecessary revocation of Azure DevOps installations due to intermittent 401 errors.
• Secret analyzer: Improved behavior to ensure secret analyzer is properly disabled when validity checking is turned off.

  Release Date: May 23, 2025

GitGuardian is excited to announce a new API endpoint /v1/secrets/{secret_id}, allowing users to securely access secret values directly through our API.

This feature introduces several key benefits:

1. Enhanced Security Automation - Integrate secret remediation into existing security workflows and tools with secure API access to secret values.
2. Reduced Manual Intervention - Eliminate the need to manually copy secrets from the UI, saving time and reducing human error.
3. Comprehensive Security Controls - Multiple security layers (PAT permissions, workspace settings, IP allowlisting) ensure secrets are accessed only by authorized users.
4. Complete Secret Context - Receive both the secret value and detector information in a single API call for efficient remediation.

Read more in the documentation