Release Date: April 23, 2026

We're excited to announce that the GitGuardian Slack app is now officially listed and approved on the Slack Marketplace, available in both US and EU regions ! This means you can install GitGuardian directly from Slack's app directory, and the peace of mind that comes with Slack's marketplace review process. Beyond marketplace approval, this release bundles several improvements to the Slack integration that make it more powerful, more privacy-aware, and easier to operate at scale.

What's new?

• Channel selection at setup time: You now choose which public channels to monitor during installation, instead of the app automatically joining every public channel. This gives you full control over your scanning perimeter from day one.
• File attachment scanning: Secrets hiding in file attachments dropped in channels and messages are now detected alongside text-based messages.
• Interactive messages (Beta): When GitGuardian detects a secret, it posts a threaded response directly in the original conversation with details about the finding and quick actions — including the ability to ignore low-risk incidents without leaving Slack.
• Enhanced privacy controls: Private channel names are now redacted for users who don't have access to those channels in Slack, fully respecting Slack's privacy model. A privacy information banner is also displayed during setup to clarify what GitGuardian can and cannot access.

Why does this matter?

Slack is where developers share code snippets, debug outputs, and configuration examples in real-time. These casual exchanges frequently contain accidentally pasted API keys, database credentials, and tokens that persist in chat history. With the new GitGuardian Slack app, you extend your proactive defense and efficiently streamline the efforts with the responsibles of the leaks!

Get started

1. Open the listing for your region: GitGuardian (US) or GitGuardian EU.
2. In GitGuardian, go to Settings → Integrations → Sources and install Slack from the Messaging section, then complete the OAuth flow for your workspace.

If you previously covered your Slack Perimeter with GitGuardian, you will need to reinstall your Slack App using the same procedure.

Check out the full Slack integration guide for perimeters, private channels, and interactive messages configuration.

---

Enhancements​

• Accessibility: Added support for Ctrl+Enter to submit forms, improving keyboard navigation efficiency.

Fixes​

• Dashboard: Fixed an issue where filtering Personal Access Tokens could cause the UI to become unresponsive.
• Bitbucket Cloud Integration: Updated API calls to use the new workspace-scoped endpoints, following Bitbucket Cloud's deprecation of cross-workspace APIs.

  Release Date: November 17, 2025

SCIM now supports team provisioning for Okta and Microsoft Entra ID. IdP groups are created as GitGuardian teams and kept in sync, completing end-to-end automation for users and teams.

Highlights

• Automated team creation: IdP groups become teams in GitGuardian.
• Near real-time sync: Group changes propagate to teams quickly.
• Full lifecycle automation: Works alongside user provisioning.
• Less manual work: Fewer errors and no hand-made team management.

Get started

• Available with Okta and Microsoft Entra ID.
• Service account token needs teams:write and members:write.
• Enable in Settings > Authentication and follow your IdP setup.
• See the product documentation for details.

---

Enhancements​

• Dev-in-the-Loop: Added incident ID display and dashboard navigation link for authenticated users on public incident sharing pages, improving investigation workflow.

Fixes​

• Container Registry Integrations: Fixed an issue where the sync task incorrectly unmonitored all repositories when automatic monitoring was disabled.
• Jira Data Center Integration:
  • Fixed an error that occurred when the installation version was not properly set during webhook synchronization.
  • Fixed an issue where historical scans failed with an unknown error for large projects.
• Incident Details: Fixed incorrect "First detected" date display by replacing it with "Detected date" and adding an "Opened for" field to show incident duration.
• Slack Notifications: Fixed incorrect user association and event triggering in Slack notifications.
• Health Check: Improved error differentiation to distinguish between GitGuardian Bridge connectivity issues and source system downtime.

  Release Date: June 19, 2025

The GitGuardian MCP (Model Context Protocol) Server is now available on GitHub. This integration brings GitGuardian's security capabilities directly into your AI-powered development environment, supporting Cursor, Windsurf, and any IDE implementing the Model Context Protocol.

The MCP Server enables your AI agent to read and analyze security incidents, generate honeytokens, and perform automated remediation tasks—all without leaving your development workflow.

Key Benefits

1. Eliminate Context Switching: Access security scanning and incident management directly within your AI IDE without switching to GitGuardian dashboards.
2. Real-Time Security Feedback: Catch security issues immediately during development, before they enter your codebase.
3. Enhanced Developer Autonomy: Empower developers to manage security posture independently with direct access to GitGuardian's tools.

Getting Started

For Cursor users: Click the button to install the GitGuardian MCP Server directly in your IDE.

For other IDEs: Follow our setup instructions to integrate the MCP Server into your environment.

Documentation: Read the full GitGuardian MCP Server documentation for detailed setup, tool reference, and security information.

---

Enhancements​

• Custom Tags API: Enhanced the custom tags filter in the public API to support filtering by key/value pairs in addition to IDs, improving search flexibility for better incident management. Learn more.
• Teams: Optimized the /teams API endpoint to reduce loading times for workspaces with large team structures.
• Playbook: "Auto-resolve secrets incidents when valid secrets are revoked" playbook is officially activated for all accounts. Learn about Playbooks
• Custom remediation: Added dynamic links to custom remediation pages, providing users with seamless access to relevant documentation and revocation support.

Fixes​

• Emails: Resolved an issue where email alerts were being sent to inactive workspace members.
• Custom Tags:
  • Resolved pagination issues in the custom_tags endpoint that were causing incorrect next page URLs.
  • Fixed an issue where assigning tags to selected filtered issues was incorrectly applying tags to all issues instead of only the selected ones.
• GitLab: Improve permission checking for GitLab group integrations to properly handle inherited permissions from parent groups.
• Azure DevOps Integration: Improved token handling to prevent unnecessary revocation of Azure DevOps installations due to intermittent 401 errors.
• Secret analyzer: Improved behavior to ensure secret analyzer is properly disabled when validity checking is turned off.

  Release Date: May 23, 2025

GitGuardian is excited to announce a new API endpoint /v1/secrets/{secret_id}, allowing users to securely access secret values directly through our API.

This feature introduces several key benefits:

1. Enhanced Security Automation - Integrate secret remediation into existing security workflows and tools with secure API access to secret values.
2. Reduced Manual Intervention - Eliminate the need to manually copy secrets from the UI, saving time and reducing human error.
3. Comprehensive Security Controls - Multiple security layers (PAT permissions, workspace settings, IP allowlisting) ensure secrets are accessed only by authorized users.
4. Complete Secret Context - Receive both the secret value and detector information in a single API call for efficient remediation.

Read more in the documentation

  Release Date: May 21, 2025

SCIM (System for Cross-domain Identity Management) integration now supports both automatic user provisioning and deprovisioning in GitGuardian. When users are added or removed from your Identity Provider (IdP)—such as Okta or Microsoft Entra ID—they are automatically created or deactivated in your GitGuardian workspace.

Now, all your developers can be automatically onboarded to GitGuardian and are ready to handle security incidents as soon as they are added to your IdP. This means you can fully automate the onboarding and offboarding of users, directly from your IdP, ensuring your entire development team is always prepared to respond to incidents.

Why is this important?

• Streamlined onboarding: New users are automatically provisioned in GitGuardian as soon as they are added to your IdP—no more manual invites or user creation.
• Automated offboarding: When a user is removed or deactivated in your IdP, their access to GitGuardian is automatically revoked, reducing security risks.
• Real-time synchronization: User changes in your IdP are reflected in GitGuardian almost instantly, ensuring your workspace always stays up to date.
• Improved compliance: Automated user lifecycle management helps you meet security and compliance requirements by ensuring only authorized users have access.
• Reduced manual work: Save time and reduce errors by eliminating manual user management tasks.

Note: Team provisioning via SCIM is not yet available, but is planned for a future update.

How to get started?

• SCIM is available for workspaces using Okta or Microsoft Entra ID as their IdP.
• To enable SCIM, go to your workspace Settings > Authentication and follow the setup instructions for your IdP.
• For detailed configuration steps and best practices, check out our product documentation.

---

Enhancements​

• Emails: Included the number of incidents to both weekly digest and historical scan emails subject line
• Jira Data Center Issue Tracking Integration: Creating Jira tickets now only requires regular user permissions. Administrator privileges on the Jira Data Center site are only needed when setting up the two-way synchronization (Auto-resolve feature).

Fixes​

• GitLab Integrations: Resolved a problem where system hook checks returned a 403 forbidden error when using a read-only token.
• Dashboard: Resolved an issue where a toast message displayed "unknown error" in certain situations.
• Historical Scan: Resolved an issue where scans of empty GitHub repositories were incorrectly marked as failed.
• API: Resolved an issue where deleted sources were incorrectly displayed as monitored.