December 2024

This release introduces several significant updates, including Jira Data Center integration for seamless issue tracking. Enhancements to Secrets Detection include an upgraded detection engine with new detectors and secret pattern exclusions for better customization. The self-hosted environment now supports advanced ingress configurations, a new worker monitoring page, and enriched metrics for improved performance insights. Explore these updates and more in the detailed release notes below.

As always, we encourage you to update to the latest version to take full advantage of these enhancements. Detailed instructions for the update process are available in our documentation.

	Minimum	Recommended
KOTS Version	1.117.3	latest
Kubernetes Version	1.25	1.30
PostgreSQL Version	13	16
Redis Version	6	7

📋 Check out the Helm values file changes from the previous version.

2024.12.0

  Release Date: December 23, 2024

  Secrets Detection

• Expanded Secrets Detection Engine
  The detection engine has been upgraded to version 2.127.0, introducing 7 new detectors and enhancing 1 existing detector to provide broader and more precise coverage for sensitive information:

  • New Detectors:
    These detectors enable identification of previously undetected secrets, enhancing overall security:

    • X-API-Key Secret: Detects API keys shared in a generic format across various platforms.
    • Azure Functions App Key Header: Identifies Azure Functions app keys when passed in HTTP headers.
    • Azure Functions App Key Query Parameter: Catches Azure Functions app keys embedded in URL query parameters.
    • Jenkins API Token: Detects API tokens used in Jenkins for automation and integrations.
    • chpasswd Username Password: Recognizes username and password combinations used in chpasswd commands.
    • Nessus Agent Key: Identifies agent keys specific to Nessus for vulnerability scanning setups.
    • Statsig Server Secret Key: Detects secret keys utilized by Statsig servers for feature flag management.

  • Enhanced Detector:

    • FTP Credentials Assignment: Improved detection of FTP credential assignments in configurations, ensuring better accuracy and fewer false positives.

• Secret pattern exclusion: This feature allows users to define patterns and therefore hide any secret matching the pattern defined. Secret pattern can be applied to all repositories or a defined set of repositories. It provides greater control over exclusion rules, allowing for more precise management of incidents. Learn more.

• Jira Data Center integration: Jira Data Center integration is now supported for real-time secret detection and honeytoken detection. For more details, refer to the documentation here.

  Platform

• Jira Data Center Issue tracking integration: Introduction of Jira Data Center integration for issue tracking. It offers
  • automatic creation of a Jira issue as soon as a new incident is triggered,
  • management of Jira custom fields,
  • and an auto-resolve feature that marks the incident as resolved in your dashboard when the issue is closed in Jira. More information available in the documentation.
• GitLab integration: Added the ability to configure an instance-level GitLab integration using a read-only admin token. However, since the token lacks permissions for creating system hooks, manual setup is required. Learn more.
• Check runs: Added the option to improve your code security by enabling GitGuardian check runs on their GitHub forked repositories. Learn more here.
• VCS integration: Workspace Managers can now disable automatic repository monitoring in GitGuardian, giving you more control when adding new repositories to your perimeter. For an example, see GitHub integration.

  Self-Hosted

• Helm: front.ingress has been renamed ingress to improve consistency and standardize the ingress object across the Helm chart. ⚠️ This release includes breaking changes. Upgrade to 2024.12.0 using the upgrade notes.
• Cluster management: Replaced the nginx container with Ingress support, compatible with several controllers (ingress-nginx, traefik, contour, aws_alb, openshift, istio). This feature is optional and disabled by default. For more details, refer to the ingress page.
• Admin Area: Added a Worker Tasks page for monitoring task activity and worker usage to help optimize scaling and performance.
• Applicative Metrics: Added the following metrics: gim_periodic_task_period_seconds, gim_periodic_task_not_run_for_seconds, gim_check_runs_long_running, gim_health_check_result_count, and gim_outdated_health_check_count for better monitoring and insight. For more details, refer to the Applicative metrics page.
• Support Bundle: Enhanced diagnose_instance to include celery worker data.
• KOTS: Minor UI updates to the KOTS Admin Console, replacing radio buttons with dropdowns in some cases.
• Historical Scan: Added minutes_between_scans_per_source in the preference table.
• License: The license check is now managed by the ReplicatedSDK for all installation types, replacing the previous reliance on KOTS for this function in KOTS installations.

  Fixes

• Health Check: Fixed issue where health checks were run for all GitHub installations. Now only the first installation is checked.
• License: Corrected license info display in the Admin Area for Helm installations.
• Historical Scans: Categorized certain unknown scans that should have been identified as timeout failures.

  Security fixes

• CVE: Updated packages to resolve CVE-2024-45337, CVE-2024-11053 with critical severity; CVE-2024-53908 with high severity; and CVE-2024-53907, CVE-2024-52304, CVE-2024-52303, CVE-2024-50602 with medium severity.

  Deprecation notice

• Policy breaks: Starting with the 2024.12 version, the Policy Breaks module will be removed from your dashboard as we enhance our focus on our core Secrets Security offering.
  Deprecating the Policy Breaks module will not affect your overall security coverage; it will only reduce the number of alerts you receive. Previously, alerts for Policy Breaks incidents (such as an exposed .env  file) required manual investigation to determine if they contained secrets. Our “Secrets detection” module already handles the detection, incident creation, and alerting for these secrets.

---

2024.12.1

  Release Date: January 13, 2025

  Fixes

• Jira Issue tracking integration: Fixed an issue where the project page did not display any items.
• SCA: Removed SCA from the left bar menu, which was incorrectly displayed for Managers.