Release Date: March 20, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

⚠️ Please install the PostgreSQL pgvector extension to enable vector similarity search. This is essential for upcoming features leveraging our internal machine learning engine. Follow the installation instructions to ensure compatibility.

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version.

⚠️ Ensure you're using Helm version > 3.13. We recommend upgrading to the latest version.

Air gap deployment? We’ve updated the path and names of our images in this release. Follow the upgrade instructions to update your tooling for downloading and uploading GitGuardian images to your private registry. Find all image and tag names on the Air Gap Install page.

Explore and prioritize your Generic Incidents​

We are excited to unveil the "Generic Secret Enricher V1", a machine learning model designed to enhance our capabilities in generic secret detection. This innovative model analyzes the entire context of a document, identifying the company and category associated with a secret, thereby providing meaningful insights to help users understand the origin and type of a discovered secret.

New Features​

• Contextual Analysis: Upon detection of a generic secret, our platform analyzes the full document context to determine the associated provider or category of a secret.

• Efficient Classification: This feature reduces the need for manual classification, enabling users to quickly comprehend the source and nature of a discovered generic secret.

• New Filters: We've introduced three new filters - Provider, Category, Family - to help identify critical generic incidents. To use these, filter your incidents by the "Generic" type, then apply a combination of these filters.

Goals​

Our long-term goal is to provide you with actionable insights, prioritize their generic incidents, and improve their remediation efforts.

Usage​

To use the new filters, simply filter your incidents by the "Generic" type, then apply a combination of the Provider, Category, and Family filters. This will help you identify the most significant or critical generic incidents, such as those classified under "Data Storage" or linked to the provider "Postgresql".

Leverage insights from your Secrets Managers​

GitGuardian now integrates with AWS Secrets Manager, HashiCorp Vault, Azure Key Vault, Google Secret Manager, Delinea, and Akeyless through ggscout, letting you sync secret incidents with your Secrets Managers—without exposing sensitive data.

What’s in it for you?

• Prioritize Faster – Instantly see which secrets are already vaulted and focus on real risks.
• Remediate Quicker – Vault unprotected secrets in a click and speed up fixes.
• Streamline Workflows – Leverage vaulted secrets insights directly in GitGuardian.
• Improve Secrets Hygiene – Spot duplicate, weak, or mismanaged secrets with ggscout.
• Simplify Vault Consolidation – Track migrations, filter secrets, and purge outdated ones effortlessly.

Secrets Detection Engine (v2.133)​

Bringing enhanced accuracy and broader coverage:

• New Detectors
  • OpenAI Project API Key (v2) – Added support for detecting the new format of OpenAI project API keys.
  • OpenAI Admin API Key – New detection capability for OpenAI admin API keys.
  • Netlify Token (v2) – Introduced detection for the latest version of Netlify tokens.
  • 1Password Service Account Token – New detector added to identify 1Password service account tokens.
  • DeepSeek API Key – Now detecting DeepSeek API keys.
• Improved Detection
  • OpenAI Service Account – Expanded pattern coverage for better identification.
  • Rails Master Key – Updated detection rules to minimize false positives.
  • GitHub Tokens – Improved recall and validation for GitHub authentication tokens.
  • Groq API Key – Enhanced detection rules for greater accuracy.
  • Artifactory Token – New checker added to improve detection effectiveness.
  • Generic Passwords – Excluded secrets containing ***** as they are likely false positives.
  • Dropbox Key – Detector group split into Dropbox Key and Dropbox Access Token for improved granularity.
  • FCM API Key – Validity check is no longer available since the API has been removed. While we can no longer retrieve the validity status for FCM secrets, we still detect the keys.

Enhancements​

• Jira Issue Tracking Integration:
  • Added Incident ID as an optional variable in Jira ticket templates for improved customization.
  • Enabled instant ticket creation in Jira without requiring a predefined template.
• ggscout: Additional improvements to the integration of ggscout with self-hosted. Learn more.
  • Ensured Vault configurations are reachable via the preflight check for Helm and KOTS.
  • Hardened Helm chart (custom CA support, optional GitGuardian hostname).
  • Used Replicated Proxy to pull the ggscout image.
  • Enabled support for embedded cluster deployment (HashiCorp Vault only).
  • Included ggscout logs in the support bundle.
• Self-Hosted:
  • Public API: Added ability to customize maximum page size for the Public API pagination. More info here.
  • Embedded cluster: Machine learning is now activated by default for embedded cluster installations.
  • License: GitGuardian will now automatically synchronize license information for non-air-gap environments, eliminating the need for manual license syncs after installation or upgrades.
  • Helm: Added support for nodeSelector in Helm jobs to enhance node scheduling flexibility.

Fixes​

• Jira Cloud Issue Tracking Integration: Resolved an issue where integration entered an invalid state after being uninstalled.
• Microsoft Teams Alerts for Security Incidents: Resolved an issue where the wrong team was displayed during configuration.
• Self-Hosted:
  • Machine Learning: Added support for using custom security contexts, allowing to configure security settings for the machine learning pods.
  • Preflights: Fixed an issue with Redis TLS that could cause connection errors.

  Release Date: February 20, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version.
Air gap deployment? Find all the images and tag names in the air gap install page.

Search Incidents by Secret Value​

GitGuardian allows you to monitor secret leaks across thousands of your repositories and over 30 different types of sources. It is reassuring to know that this critical secret, which provides access to your corporate LDAP, has not been detected anywhere.

Bitbucket Cloud Scanning​

Secure your Bitbucket Cloud repositories with secrets detection powered by GitGuardian.

• Detect exposed credentials and secrets in real-time.
• Gain visibility into security incidents directly in your dashboard.
  Learn more

Custom Tags Early Access​

Improve incident organization and tracking with Custom Tags, allowing users to filter, sort, and categorize incidents more effectively. For now, custom tag management (CRUD) and tag assignments to incidents can only be done via the API (API documentation), with UI support coming soon.

To activate this feature, enable custom_tags_enabled in the Preferences page.

Autoscaling​

HPA now supports web applications (e.g., webapp-public_api), allowing automatic scaling based on demand for improved performance and resource efficiency. Learn more on the autoscaling page.

Secrets Detection Engine (v2.131)​

Bringing enhanced accuracy and broader coverage:

• New Detectors
  • Artifactory Token With Host
  • HubSpot Private App Token
  • Microsoft Azure Storage Connection String
  • Hashicorp Vault AppRole Authentication
• Improved Detection for GitHub Tokens
  • Enhanced validation for GitHub Enterprise Token
  • Refined rules for various GitHub authentication tokens:
    • OAuth Access Token
    • Personal Access Token
    • Server-to-Server Token
    • GitHub Token
    • User-to-Server Token

Enhancements​

• Scan Only Addition Lines in Commits: Now, when using ggshield or our check runs integration, we only scan for added lines in commits. Developers will no longer be blocked while remediating incidents.
• Jira Issue Tracking Integration: Added support for "Numbers (or float)" and "Group Pickers (single group)" custom fields in Jira templates, allowing more customization in notifications and issue tracking.
• Enhanced Email Incident Alerting Controls for Members: You can now manage email notification settings more effectively with an option that allows updates through the API, and customize account-level defaults, ensuring a more tailored communication experience for all members. Learn more

Fixes​

• Sources:
  • Azure Repos Integration: Fixed an issue where organization deletions were not properly synced when using ADO installations in Organization-mode.
  • GitLab Integration: Resolved an issue where GitLab installations were incorrectly revoked due to temporary plan downgrades or admin status changes.
• Users & Teams:
  • Incidents: Resolved an issue where restricted users could not view the Vulnerable Sources block.
  • Users: Resolved an issue where user deletion was prevented due to the presence of saved views associated with the user.
  • Teams Management: Resolved an issue where action menus were not displayed in the teammates table for non-admin users in certain cases.
• Alerting:
  • Confluence Cloud Integration: Fixed an issue where some Confluence Cloud events without a spaceKey were incorrectly ignored.
  • PagerDuty Alerts for Security Incidents: Fixed an issue where the integration was not sending alerts for real-time incidents.
  • Email Notifications: Fixed an issue where emails for ignored and valid incidents were sent to all teams a user belongs to, instead of only the teams managing the affected repository.
• Self-Hosted:
  • Helm: Fixed an issue where connecting to Redis Sentinel failed when using a password with special characters.
  • Kots: Restore the left navigation menu in the KOTS admin console for embedded cluster installations.

  Release Date: January 20, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

⚠️ Important: This is a required release and cannot be skipped.

To ensure compatibility, please review Helm values updates from the previous version.
Air gap deployment? Find all the images and tag names in the air gap install page.

Upgrade Considerations: This release includes a background migration that may take up to 1 hour post-upgrade. It improves query execution speed and search performance. If upgrading from an older version, multiple upgrades may trigger a retry message—wait 1 hour before retrying.

Database Deprecation Notice: PostgreSQL 13 & 14 are no longer supported. Learn why upgrading to PostgreSQL 16 is recommended in our engineering blog.

Microsoft Teams Security Alerts​

Never miss a critical security event with real-time GitGuardian alerts in Microsoft Teams.

• Instant notifications when security incidents occur.
• Direct links to investigate issues inside GitGuardian.
  Learn more

Jira Auto-Tracking for Security Incidents​

Streamline incident response with Jira Data Center integration.

• Auto-create Jira issues when new incidents are detected.
• Sync custom fields for better tracking.
• Auto-resolve incidents when Jira issues are closed.
  Learn more

False Positive Remover v1​

Our first internal machine learning model halves false positives, ensuring data security and privacy without third-party dependencies. This in-house capability is now available for Self-Hosted. More information is available in the documentation.

Slack Secret Scanning​

Slack integration is now supported for scanning the full history of your public and private Slack channels to detect leaked secrets.

Remediation tracking​

Enhanced the secrets remediation workflow with precise location details for code fixes and real-time tracking of remediation progress. Learn more here.

⚠️ You can adjust the scan rate limit for the file tracking engine via the scan_after_push_force_rate_limit preference on the Preferences page. Historical scans are recommended to ensure incidents requiring fixes are available in the dashboard.

User management with SCIM​

SCIM integration now supports automatic user deprovisioning in GitGuardian when users are removed from your Identity Provider (IdP). Provisioning for users and teams will be included in a future update. Setup details are available in our documentation.

Secrets Detection Engine (v2.129)​

Bringing enhanced accuracy and broader coverage:

• New Detectors
  • GitLab OAuth Application Token
  • Jenkins API Token
  • chpasswd Username Password
  • Nessus Agent Key
  • Statsig Server Secret Key
• Improved Detection for Sensitive Credentials
  • Enhanced identification of Base64 Generic High Entropy Secret
  • Improved detection of GitGuardian Test Token Checked
  • Refined rules for MSSQL Credentials
  • Expanded coverage for Zendesk Token
  • Improved handling of FTP Credentials Assignment

Enhancements​

• Navigation: The menu has been redesigned with a collapsible left sidebar for a cleaner, more organized experience.
• Jira Data Center integration: Added support for the "User Picker (single user)" custom field in Jira templates. More information is available here.
• GitHub integration:
  • Improved handling of real-time events to retrieve more than 100 commits when necessary, ensuring complete coverage.
  • Enhanced processing of large patches by making additional API calls to retrieve missing files, up to the policy__maximum_scan_size limit defined in the Preferences page.
• Commit length configuration: Admins can configure the maximum total length of commits to scan, with larger commits truncated. This can be set via the repo_scan_max_commit_length preference on the Preferences page.

Self-Hosted​

• Helm: The ReplicatedSDK image is now pulled from the Replicated registry instead of Docker Hub. For airgap installations, ensure you update your automation processes for pulling and pushing images to your private registry. For more information, refer to the Airgap Installation page.
• Installation and upgrade: Improved error messages for partially initialized databases, providing clear instructions to check logs and ensure the PostgreSQL database is empty before retrying.
• Admin Area: Introduced a Periodic Tasks page to adjust schedules and fine-tune periodic task execution.
• Queues: Merged the secrets_checks queue with the background validity checks queue to optimize performance.

Fixes​

• Secrets:
  • Check runs: Updated messages to note flagged secrets lack commit references and remain compromised once leaked.
  • Validity check: Fixed an issue where the tooltip incorrectly indicated a token was valid for all endpoints when it was valid for only one.
• Sources:
  • GitLab: Enable viewing of more than 50,000 GitLab projects in the integration settings.
• Alerting:
  • Jira issue tracking: Fixed an issue where line feeds (\n) were not properly translated to hardBreak nodes, ensuring correct spacing in Jira tickets.
• Self-Hosted:
  • Admin area: Corrected sorting and filters on the Worker Tasks page for improved usability.

Hotfixes​

2025.1.1​

  Release Date: January 23, 2025

Fixes​

• Self-Hosted:
  • Embedded cluster installation:
    • Fix an issue where the GitGuardian dashboard returns a 404 error. Note this fix does not apply to legacy embedded clusters using Kurl.
    • Resolved the inability to deploy an embedded cluster with a custom CA.
  • Helm:
    • Fixed a 404 error on the /metrics endpoint for fetching GitGuardian applicative metrics on Webapp pods and Celery workers.
    • Fixed Replicated RBAC resources being created despite rbac.enabled: false in Helm values, causing issues in RBAC-restricted environments.

Browse all past GitGuardian Self-Hosted releases, feature updates, and hotfixes in the release notes archive.