Release Date: January 8, 2025

Introducing ML-Powered Similar Incident Grouping - a smart solution to combat incident fatigue by automatically grouping related incidents for efficient bulk remediation.

Key Benefits:

• Reduce incident overload by identifying patterns in similar security incidents
• Streamline bulk actions on groups of related incidents
• Focus on unique issues while efficiently handling repetitive cases

Common grouping scenarios:

• Rotating tokens in automated deployments
• QA test credentials appearing across multiple files
• Database connection strings to the same environment
• Repeated false positives from templating code or tutorials
• High-entropy strings in logs that are likely system-generated
• Known noisy patterns from specific services or file types

Our ML algorithms analyze incident context beyond just detector types to identify meaningful relationships between incidents. View similar incidents in the sidebar of any incident detail page, then use bulk actions to resolve them efficiently.

This feature is available for both Internal Monitoring and Public Monitoring on the Business & Enterprise plans.

Fixes​

• Playbooks: Fixed an issue where the "Auto-ignore incidents when secrets are tagged as false positive" playbook was incorrectly reactivated when a Business account's plan was edited in the back office.
• Historical Scans: Resolved a scan queueing issue that prevented all eligible sources from being properly enqueued during bulk scan operations.

  Release Date: December 19, 2025

We're launching a streamlined Overview Analytics page that gives executives an instant pulse on security posture. At the top, unified KPIs for Protect, Detect, Remediate, and Govern surface repository coverage, incident volume, remediation speed, and identity safeguards—all at a glance.

What does this mean for you?

• Unified KPI Strip: Quick status check across all security dimensions—repository coverage, critical incidents, remediation time, and governance metrics.
• Monitored Perimeter Trends: Visualize how your monitored repository count evolves week over week.
• Top Risky Data Sources: Identify which repositories generate the most critical and high-severity incidents.
• Critical Incident Trajectories: Track how incident volume changes over time to spot emerging risks.
• Most Common Secret Types: Understand which secret categories appear most frequently in your perimeter.
• Closure Progress: Monitor remediation performance including auto-closures and manual resolutions.
• Governance Signals: View vaulted secrets and breached policies for NHI governance insights.

Why is this important?

This view is purpose-built for leadership reviews and status reporting. Use it to:

1. Identify where risk concentrates: Quickly pinpoint which data sources need immediate attention.
2. Measure response speed: Track how fast teams respond to security incidents.
3. Plan coverage expansion: Understand where monitoring should grow next.
4. Demonstrate progress: Show month-over-month / quarter-over-quarter improvements in security posture.

Get started

Navigate to Analytics > Overview to access the new dashboard. Use the KPI strip for a quick status check, then drill into each section to pinpoint hotspots and validate remediation performance.

Learn more about Analytics overview

---

Fixes​

• Risk Score: Removed an empty bullet point that appeared in the risk score explanation when no specific factors were highlighted.
• GitHub Check runs: Fixed an issue where check runs continued to run and block pull requests despite being disabled by property.

  Release Date: October 28, 2025

We're excited to announce a major enhancement to GitGuardian's visualization capabilities: the improved identity graph with enhanced publicly leaked detection. This transforms how you investigate and understand secret incidents across your entire security perimeter.

What does this mean for you?

Comprehensive Context at a Glance: Our enhanced graph interface now consolidates scattered visualizations into one unified, context-rich view. You'll see critical details like severity levels, source information, and occurrence data directly within the graph, eliminating the need to switch between multiple pages during incident investigation.

Advanced Public Leak Intelligence: Building on our HasMySecretLeaked capabilities, the platform now provides enhanced visibility into three distinct types of public exposure—secrets in monitored public sources, incidents in your public perimeter, and external GitHub locations—all clearly categorized and contextualized within your incident workflows.

Why is this important?

Modern security teams need to understand the full scope of secret exposure across both private and public domains. With secrets often appearing in multiple locations—from internal repositories to external GitHub commits—having a unified view that correlates these incidents is crucial for effective remediation and risk assessment.

Enhanced Public Monitoring Integration

The new "Publicly Leaked" tag unifies previously scattered exposure indicators, providing clear visibility when secrets appear across your monitored sources, public incidents, or external locations discovered through our HasMySecretLeaked database. This integration ensures you have complete visibility into your organization's secret exposure landscape.

Get Started Today!

The enhanced graph views are now available across Internal Monitoring, Public Monitoring, and NHI Governance modules. Navigate to any incident to experience the new unified visualization that brings together comprehensive context, public leak detection, and streamlined investigation workflows in one powerful interface.

Enhancements​

• Incidents: Enhanced display capabilities to show large occurrence patches that previously showed "Diff too long to render".
• Explore (Public Monitoring): Added history tracking for Explore searches and scans.

Fixes​

• GitLab Integration: Fixed a 403 error that could occur during personal access token updates.
• SharePoint Integration: Resolved an issue where health-check operations would fail with error code 9999.

  Release Date: October 25, 2025

We're excited to announce a major enhancement to our Slack integration that brings comprehensive notification coverage for all incident lifecycle events, honeytoken alerts, and public monitoring incidents. This unified notification framework provides complete visibility into your security posture directly in Slack.

What's new?

Complete Incident Lifecycle Coverage: Previously, Slack notifications only covered new incident detections and regression. Now you can receive notifications for every critical event including resolution, assignment, status changes, comments, access control, and sharing - giving you complete visibility into incident management workflows.

Public Monitoring Support: Public monitoring incidents can be sent directly to Slack channels, enabling teams to receive perimeter security alerts alongside internal monitoring alerts.

Honeytoken Alerting: Slack notifications now support honeytoken events, providing immediate alerts for honeytoken activity, previously only available via custom webhooks and email.

Flexible Configuration: Enhanced Slack webhook configuration allows teams to subscribe to specific event types per channel, providing granular control over notification preferences.

Why is this important?

Security teams need real-time visibility into all security events to respond quickly and effectively. This enhancement addresses key customer feedback about missing notification updates for incident resolution and status changes, while extending Slack integration to public monitoring and honeytoken.

Get Started Today!

This enhancement is automatically available for all workspaces. Existing Slack integrations will maintain their current notification settings, while new configurations can be set up with expanded event coverage.

Learn more about Slack integration configuration | Configure honeytoken alerts

Enhancements​

• GitGuardian Bridge: Extended support for GitGuardian Bridge to SaaS EU. Learn more about GG Bridge.
• Public API: Enabled editing of Custom Monitored Perimeter via Public API for all sources (except for custom sources).
• GitLab Integration: Improved performance of the GitLab source selection interface to prevent browser unresponsiveness when searching through large numbers of namespaces, groups, and repositories.

Fixes​

• Perimeter: Fixed an issue where the scan button was not visible for members who are not in the all incidents team.
• SSO: Fixed an issue preventing IDP configuration creation due to missing default SCIM team permissions.
• Sources:
  • Fixed tooltip displaying "unknown error" for failed scans when the actual reason was branch deletion.
  • Resolved JFrog Container Registry health check failure when the first registry contains no repositories.
• Incidents:
  • Fixed an issue where occurrences displayed incorrect commit and file information, ensuring accurate incident tracking data.
  • Fixed an issue where the "Requires code fixing" section failed to load in some condition.

  Release Date: September 23, 2025

We're thrilled to introduce Secret Revocation directly from the GitGuardian platform for supported providers, including GitHub, GitLab, and OpenAI. This enhancement is designed to accelerate your incident response process, reducing manual efforts and enabling you to quickly prevent attackers from leveraging your compromised secrets.

How it works:

• Quickly identify revocable secrets: Using the newly introduced Revocable by GitGuardian Tag.
• Access Controls: Requires full-access permissions on the incidents.
• Instant Revocation: Revoke secrets immediately using the call-to-acttion from the incident detail view.
• Safety First: Includes a confirmation step to prevent accidental revocations.
• Closing the incident loop: Automatically resolves incidents when valid secrets are revoked.
• Comprehensive Audit Trail: Every revocation activities are tracked and logged within the incident timeline for compliance and auditing purposes.

Assess the impact first:

To prevent operational disruption, always assess the impact of a revocation first. GitGuardian provides the context you need to evaluate the risk, including identifying which workloads depend on the credential, so you can act confidently.

Why it matters:

Manual secret revocation is traditionally slow and complex, as it often involves different teams. This delays the incident response and increases the security risk compromised secrets pose. This integrated revocation feature significantly shortens secret exposure times and expedites incident response workflows, especially once the investigation confirms secret shall be revoked.

Learn more about revocation.

---

Enhancements​

• Public API: Added Container Registries endpoints to the public API documentation.
• Pattern Exclusion: Improved performance and memory usage when checking the impact of secret pattern exclusions.

Fixes​

• Container Registries Integrations: Fixed authentication error with Google Artifact Registry that was causing scan failures.
• Explore: Fixed incorrect secret count display in scan results to ensure consistency with actual detected secrets.

  Release Date: September 17, 2025

We're excited to introduce AI Filters - use natural language to navigate through Incidents, Perimeter, and Audit Logs. Finding what you need has never been easier.

What it does:

• Type queries in plain English (e.g., "Show me critical incidents from last week")
• AI automatically converts your request into the appropriate filters
• Works alongside your existing filter settings
• Save AI-generated filters as views for team sharing

Available in: Incidents, Perimeter, and Audit Logs

Look for the AI input field in your filter bars to get started! Learn more about AI filters.

---

Enhancements​

• Confluence Cloud Integration: Enhanced Confluence Cloud secret scanning to work with outbound-only network connections through OAuth2 authentication, eliminating the need for inbound access previously required by Connect app installations. This improvement enables organizations with strict network policies to securely scan their Confluence Cloud content using historical scanning capabilities. Learn more
• GitHub Check Runs: Added option to include public share links in check runs, enabling developers outside your workspace to access and resolve incident details directly from pull requests without requiring GitGuardian dashboard access. Learn more
• Security: Added Content Security Policy (CSP) headers to improve browser security.

Fixes​

• Remediation tracking: Disabled file tracking for non-default branches. Learn more
• Perimeter:
  • Fixed "invalid time value" error when applying filters with running bulk scans.
  • Fixed scan bar and buttons visibility for team members not in the global team.
• Notifications:
  • Fixed Honeytoken events to only appear in "All incidents" team notifications instead of all teams.
  • Fixed custom webhook URL validation to properly handle escaped URLs.
• Integrations:
  • Fixed installation validation blocking customers from setting up on-prem JFrog Docker registry integration.
  • Fixed direct URL display in occurrences for older Confluence Data Center versions.

  Release Date: July 28, 2025

We’re excited to announce a powerful enhancement to your incident management experience, designed to help you focus on what matters: we are introducing a new playbook: Automatically Ignore Invalid Incidents.

What's new?

This new playbook will automatically ignore incidents where the detected secret has been confirmed invalid and revoked, even for those that have never been valid. With this new capability, your team can immediately focus on genuine, actionable threats without being distracted by unnecessary noise from already-resolved issues.

Why This Matters?

By automatically clearing these known invalid incidents, you'll save valuable time, reduce alert fatigue, and maintain a clear focus on critical security issues that require your attention.

Important Note

This playbook is designed for incidents from standard detectors and will not impact those related to detectors with a custom host.

You Stay in Control

The playbook will be enabled by default, but you can opt out at any time if it doesn’t fit your needs. All incidents will remain accessible in your workspace for review.

Documentation

---

Fixes​

• Incidents Management: Resolved a regression where secrets detected on deletion lines could reopen incidents. Deletion lines are no longer scanned for secrets, as per the expected "Scan only addition line" behavior.

  Release Date: May 2, 2025

With this new feature, users can create fully customized views of their incidents, displaying specific properties and exploring their security data in an entirely new way.

---

This customization capability offers two key advantages:

1. Leverage the Generic Secret Enricher model (read release page) - You can now explore and prioritize generic incidents more effectively by visualizing the AI-classified secret categories and providers
2. Harness extensive incident context - Access the rich contextual data we provide for each incident, which is essential for efficient prioritization efforts

Context is critical for effective remediation. CyberSecurity is fundamentally a data business, and by collecting and presenting the richest, most structured context possible, we enable you to filter, sort, and prioritize incidents effectively and make informed decisions.

Read more in the documentation

  Release Date: February 11, 2025

GitGuardian allows you to monitor secret leaks across thousands of your repositories and over 30 different types of sources. It is reassuring to know that this critical secret, which provides access to your corporate LDAP, has not been detected anywhere.

---

Enhancements​

• Scan Only Addition Lines in Commits: Now, when using ggshield or our check runs integration, we only scan for added lines in commits. Developers will no longer be blocked while remediating incidents.
• Jira Issue Tracking Integration: Added support for "Numbers (or float)" and "Group Pickers (single group)" custom fields in Jira templates, allowing more customization in notifications and issue tracking.

Fixes​

• GitLab Integration: Resolved an issue where GitLab installations were incorrectly revoked due to temporary plan downgrades or admin status changes.
• Confluence Cloud Integration: Fixed an issue where some Confluence Cloud events without a spaceKey were incorrectly ignored.
• Incidents: Resolved an issue where restricted users could not view the Vulnerable Sources block.
• Teams Management: Resolved an issue where action menus were not displayed in the teammates table for non-admin users in certain cases.
• Email Notifications: Fixed an issue where emails for ignored and valid incidents were sent to all teams a user belongs to, instead of only the teams managing the affected repository.