Release Date: March 6, 2026

Setting up SSO and user provisioning shouldn't feel like a side project. That's why GitGuardian is now available as an Okta-verified app on the Okta Integration Network — giving your identity team a streamlined, standardized way to connect GitGuardian with your Okta directory.

What does this mean for you?

• One-click SAML SSO: Add GitGuardian from the Okta app catalog and configure SSO in minutes — no custom SAML app required.
• SCIM provisioning built in: Automatically create, update, and deactivate GitGuardian users when changes happen in Okta. No more manual onboarding or orphaned accounts.
• Group Push: Sync your Okta groups and their memberships directly into GitGuardian teams, keeping access aligned with your directory structure.
• SP and IdP-initiated SSO: Users can sign in from the GitGuardian dashboard or straight from their Okta portal — both flows are supported out of the box.
• Just-in-Time provisioning: New users get a GitGuardian account automatically on first login, even without SCIM.

Why is this important?

Managing user access across security tools is a pain point for every identity team. Manual provisioning leads to delays, stale accounts, and inconsistent permissions. With the Okta Integration Network app, GitGuardian plugs directly into your existing identity lifecycle — so access stays in sync, offboarding is instant, and your team can enforce consistent security policies without extra overhead.

Get Started Today!

1. In Okta, go to Applications > Browse App Catalog and search for "GitGuardian"
2. Click Add Integration and enter your GitGuardian Workspace ID
3. Configure SSO in your GitGuardian dashboard under Settings > Authentication
4. Optionally, enable SCIM provisioning under Settings > Identity Provider

Check out the full Okta SSO setup guide and the SCIM configuration guide to learn more.

  Release Date: February 11, 2026

We're introducing Ownership in NHI Governance: you can now assign and track who is responsible for each Non-Human Identity across your inventory. Ownership helps close the accountability gap for machine identities, speed up remediation when secrets are exposed, and align with compliance expectations.

What does this mean for you?

• Suggested owners: GitGuardian automatically suggests owners using data from your integrated sources and from secret incidents.
• Manual control: Add, edit, or remove owners at any time from an NHI's detail view.
• Inventory at a glance: An Owner column in the NHI inventory shows who is responsible for each identity.
• Workspace members and external users: Owners can be workspace members or external users identified by email.

Why is it important?

NHIs outnumber human identities by orders of magnitude, yet accountability for machine identities is usually unclear. Without ownership, remediation slows down, orphaned accounts go unaddressed, and incident response suffers when secrets are exposed or misconfigured. Ownership gives you:

1. Faster remediation – Know who to contact when an NHI is compromised or needs rotation.
2. Fewer orphaned accounts – Assign responsibility so every identity has someone accountable.
3. Stronger compliance – Meet audit and regulatory expectations (e.g. PCI-DSS, SOC 2, HIPAA) that require clear accountability for sensitive resources.
4. Better triage – Filter and prioritize by owner (e.g. "identities with no owner" or "owned by my team") to focus efforts where they matter most.

Get started

Open NHI Governance → Identities to see the Owner column and filter. Open any NHI to view or edit owners in the Owners section. Learn more about Ownership

This feature is available to NHI Governance paying customers.

---

Enhancements​

• Incidents: CSV exports now include new columns (risk_score, custom_tags, incident_name), updated tags, and a dedicated public monitoring export format with additional actor and source information.
• ggshield: Secrets with multiple incidents (when using "By secret per source" grouping) are now correctly ignored in scans if a related incident exists and is closed, preventing CI pipelines from blocking unnecessarily.

Fixes​

• Validity Checks: Secrets marked as invalid are now re-checked periodically, so their status can update to valid when they become usable again.
• Analytics: Commit date in hover tooltips now matches the actual timeline data.
• Developer in the Loop: Duplicate feedback submissions are now prevented by disabling the submit button after click and applying a cooldown period.
• SCIM: Email notifications for user and team sync operations (onboarding, offboarding, team membership changes) are now off by default. A new setting in the identity provider section lets you opt in to these notifications when desired.

  Release Date: February 2, 2026

We've refreshed the GitGuardian interface and introduced Dark Mode so you can work comfortably in any environment. The updated design brings cleaner layouts, improved contrast, and polished forms and navigation, making everyday tasks feel smoother and easier to consume.

What does this mean for you?

• Reduced Eye Strain: Work comfortably during late-night incident responses or in low-light environments with the new Dark theme.
• Personalized Experience: Choose the theme that works best for you—Light or Dark.
• Cleaner Interface: Enjoy improved contrast and polished navigation that makes reviewing incidents or exploring NHI identities faster.

How to Enable Dark Mode

To try it out, head to Account → Interface → Theme and pick your preference. Theme selection is per-user and stored in your profile, so your choice follows you across sessions.

---

Enhancements​

• Incidents API: Added external ticket information (Jira/ServiceNow) to incidents API responses, simplifying integration and improving tracking in alerting and issue management workflows.
• Analytics: Updated period selector options to include "Last 30/60/90 days" and "Previous month/quarter/year" for more flexible date range selection.
• SSO and GitGuardian Bridge configuration: Improved user experience when editing SSO Identity Provider and GG Bridge certificates, with clearer certificate status display and replacement workflows.

Fixes​

• Validity Checks: Implemented automatic retry mechanism for failed validity checks to reduce false alarms caused by transient errors such as temporary service unavailability.
• CSV Export: Fixed an issue where the secret value column in CSV exports contained invalid JSON format with single quotes instead of proper double-quoted JSON.