Release Date: March 19, 2025

We are excited to introduce Secret detection for Container Registries, including:

• Azure Container Registry
• Amazon Elastic Container Registry
• Google Artifact Registry
• JFrog Artifactory
• DockerHub

Secrets often end up in container images due to common mistakes during development and image creation, mainly:

• Hardcoding Secrets in Code: Developers may directly embed sensitive credentials, such as API keys or passwords, into application code, which gets packaged into container images.
• Misconfigured Dockerfiles: Commands like ENV or RUN in Dockerfiles can inadvertently expose sensitive data during the build process.

By identifying and addressing hardcoded credentials early in the development pipeline, this feature significantly minimizes the risk of security breaches, helping you prevent the unintended exposure of sensitive information before it even reaches production.

Check out our Blog Post to learn more!

---

Secrets Detection Engine (v2.134)​

Bringing enhanced accuracy and broader coverage:

New Detectors

• Azure Logic App Shared Access Signature – New detector for Azure Logic App Shared Access Signature.

Detector Improvements

• LINE Messaging OAuth2 – Removed false positives from the LINE Messaging OAuth2 detector.
• OpenAI API Key – Fixed a bug in the analyzer for OpenAI API Key that prevented it from reporting threads:* scopes.

Detector changes

• FCM API Key – Removed FCM API Key checker since its API was removed.

Miscellaneous

• Add User Agent GitGuardian in HTTPClient class used by analyzers.

Fixes​

• Jira Cloud Issue Tracking Integration: Fixed an issue where Jira project keys were incorrectly changed during synchronization.

  Release Date: March 10, 2025

We are excited to unveil the "Generic Secret Enricher V1", a machine learning model designed to enhance our capabilities in generic secret detection. This innovative model analyzes the entire context of a document, identifying the company and category associated with a secret, thereby providing meaningful insights to help users understand the origin and type of a discovered secret.

New Features​

• Contextual Analysis: Upon detection of a generic secret, our platform analyzes the full document context to determine the associated provider or category of a secret.

• Efficient Classification: This feature reduces the need for manual classification, enabling users to quickly comprehend the source and nature of a discovered generic secret.

• New Filters: We've introduced three new filters - Provider, Category, Family - to help identify critical generic incidents. To use these, filter your incidents by the "Generic" type, then apply a combination of these filters.

Goals​

Our long-term goal is to provide you with actionable insights, prioritize their generic incidents, and improve their remediation efforts.

Usage​

To use the new filters, simply filter your incidents by the "Generic" type, then apply a combination of the Provider, Category, and Family filters. This will help you identify the most significant or critical generic incidents, such as those classified under "Data Storage" or linked to the provider "Postgresql".

---

Fixes​

• Jira Cloud Issue Tracking Integration: Resolved an issue where integration entered an invalid state after being uninstalled.
• Microsoft Teams Alerts for Security Incidents: Resolved an issue where the wrong team was displayed during configuration.

  Release Date: February 28, 2025

GitGuardian now integrates with AWS Secrets Manager, HashiCorp Vault, Azure Key Vault, Google Secret Manager, Delinea, and Akeyless through ggscout, letting you sync secret incidents with your Secrets Managers—without exposing sensitive data.

What’s in it for you?

• Prioritize Faster – Instantly see which secrets are already vaulted and focus on real risks.
• Remediate Quicker – Vault unprotected secrets in a click and speed up fixes.
• Streamline Workflows – Leverage vaulted secrets insights directly in GitGuardian.
• Improve Secrets Hygiene – Spot duplicate, weak, or mismanaged secrets with ggscout.
• Simplify Vault Consolidation – Track migrations, filter secrets, and purge outdated ones effortlessly.

  Release Date: February 27, 2025

 You can now manage email notification settings more effectively with an option that allow updates through the API, and customize account-level defaults, ensuring a more tailored communication experience for all members. Learn more

---

Secrets Detection Engine (v2.133)​

Bringing enhanced accuracy and broader coverage:

• New Detectors
  • OpenAI Project API Key (v2) – Added support for detecting the new format of OpenAI project API keys.
  • OpenAI Admin API Key – New detection capability for OpenAI admin API keys.
  • Netlify Token (v2) – Introduced detection for the latest version of Netlify tokens.
  • 1Password Service Account Token – New detector added to identify 1Password service account tokens.
  • DeepSeek API Key – Now detecting DeepSeek API keys.
• Improved Detection
  • OpenAI Service Account – Expanded pattern coverage for better identification.
  • Rails Master Key – Updated detection rules to minimize false positives.
  • GitHub Tokens – Improved recall and validation for GitHub authentication tokens.
  • Groq API Key – Enhanced detection rules for greater accuracy.
  • Artifactory Token – New checker added to improve detection effectiveness.
  • Generic Passwords – Excluded secrets containing ***** as they are likely false positives.
  • Dropbox Key – Detector group split into Dropbox Key and Dropbox Access Token for improved granularity.
  • FCM API Key – Validity check is no longer available since the API has been removed. While we can no longer retrieve the validity status for FCM secrets, we still detect the keys.

Enhancements​

• Jira Issue Tracking Integration:
  • Added Incident ID as an optional variable in Jira ticket templates for improved customization.
  • Enabled instant ticket creation in Jira without requiring a predefined template.

Fixes​

• Users & Teams:
  • Incidents: Resolved an issue where restricted users could not view the Vulnerable Sources block.

  Release Date: February 11, 2025

GitGuardian allows you to monitor secret leaks across thousands of your repositories and over 30 different types of sources. It is reassuring to know that this critical secret, which provides access to your corporate LDAP, has not been detected anywhere.

---

Secrets Detection Engine (v2.131)​

We've enhanced accuracy and expanded coverage with new detectors for:

• Microsoft Azure Storage Connection String
• HashiCorp Vault AppRole Authentication

Enhancements​

• Scan Only Addition Lines in Commits: Now, when using ggshield or our check runs integration, we only scan for added lines in commits. Developers will no longer be blocked while remediating incidents.
• Jira Issue Tracking Integration: Added support for "Numbers (or float)" and "Group Pickers (single group)" custom fields in Jira templates, allowing more customization in notifications and issue tracking.

Fixes​

• GitLab Integration: Resolved an issue where GitLab installations were incorrectly revoked due to temporary plan downgrades or admin status changes.
• Confluence Cloud Integration: Fixed an issue where some Confluence Cloud events without a spaceKey were incorrectly ignored.
• Incidents: Resolved an issue where restricted users could not view the Vulnerable Sources block.
• Teams Management: Resolved an issue where action menus were not displayed in the teammates table for non-admin users in certain cases.
• Email Notifications: Fixed an issue where emails for ignored and valid incidents were sent to all teams a user belongs to, instead of only the teams managing the affected repository.

  Release Date: January 28, 2025

ServiceNow is now supported for secrets detection and honeytoken detection, enabling automated tracking of security incidents. Learn more

---

Secrets Detection Engine (v2.130)​

Bringing enhanced accuracy and broader coverage:

• New Detectors
  • Artifactory Token With Host
  • HubSpot Private App Token
• Improved Detection for GitHub Tokens
  • Enhanced validation for GitHub Enterprise Token
  • Refined rules for various GitHub authentication tokens:
    • OAuth Access Token
    • Personal Access Token
    • Server-to-Server Token
    • GitHub Token
    • User-to-Server Token

Enhancements​

• Jira Data Center Integration: Added support for "User Picker (single user)" custom fields in Jira templates for improved issue tracking. Learn more

Fixes​

• GitLab Integration: Improved support for instances with over 50,000 GitLab projects, enabling better visibility in integration settings.
• Azure Repos Integration: Fixed an issue where organization deletions were not properly synced when using ADO installations in Organization-mode.
• PagerDuty Alerts for Security Incidents: Resolved an issue that prevented real-time alerts from being sent.