2025.1.0 - Required
Release Date: January 20, 2025
System Requirements Update
Ensure your infrastructure meets the latest requirements for optimal performance and security:
| Component | Minimum Version | Recommended Version |
|---|---|---|
| KOTS | 1.117.3 | Latest |
| Kubernetes | 1.25 | 1.30 |
| PostgreSQL | 15 | 16 |
| Redis | 6 | 7 |
Helm & Upgrade Considerations
⚠️ Important: This is a required release and cannot be skipped.
To ensure compatibility, please review Helm values updates from the previous version.
Air gap deployment? Find all the images and tag names in the air gap install page.
Upgrade Considerations: This release includes a background migration that may take up to 1 hour post-upgrade. It improves query execution speed and search performance. If upgrading from an older version, multiple upgrades may trigger a retry message—wait 1 hour before retrying.
Database Deprecation Notice: PostgreSQL 13 & 14 are no longer supported. Learn why upgrading to PostgreSQL 16 is recommended in our engineering blog.
Helm Deprecation Notice: Support for External Secrets will be deprecated starting with the 2024.3.0 release.
Microsoft Teams Security Alerts
Never miss a critical security event with real-time GitGuardian alerts in Microsoft Teams.
- Instant notifications when security incidents occur.
- Direct links to investigate issues inside GitGuardian.
Learn more
Jira Auto-Tracking for Security Incidents
Streamline incident response with Jira Data Center integration.
- Auto-create Jira issues when new incidents are detected.
- Sync custom fields for better tracking.
- Auto-resolve incidents when Jira issues are closed.
Learn more
False Positive Remover v1
Our first internal machine learning model halves false positives, ensuring data security and privacy without third-party dependencies. This in-house capability is now available for Self-Hosted. More information is available in the documentation.
Slack Secret Scanning
Slack integration is now supported for scanning the full history of your public and private Slack channels to detect leaked secrets.
Remediation tracking
Enhanced the secrets remediation workflow with precise location details for code fixes and real-time tracking of remediation progress. Learn more here.
⚠️ You can adjust the scan rate limit for the file tracking engine via the scan_after_push_force_rate_limit preference on the Preferences page. Historical scans are recommended to ensure incidents requiring fixes are available in the dashboard.
User management with SCIM
SCIM integration now supports automatic user deprovisioning in GitGuardian when users are removed from your Identity Provider (IdP). Provisioning for users and teams will be included in a future update. Setup details are available in our documentation.
Secrets Detection Engine (v2.129)
Bringing enhanced accuracy and broader coverage:
- New Detectors
- Improved Detection for Sensitive Credentials
- Enhanced identification of Base64 Generic High Entropy Secret
- Improved detection of GitGuardian Test Token Checked
- Refined rules for MSSQL Credentials
- Expanded coverage for Zendesk Token
- Improved handling of FTP Credentials Assignment
Enhancements
- Navigation: The menu has been redesigned with a collapsible left sidebar for a cleaner, more organized experience.
- Jira Data Center integration: Added support for the "User Picker (single user)" custom field in Jira templates. More information is available here.
- GitHub integration:
- Improved handling of real-time events to retrieve more than 100 commits when necessary, ensuring complete coverage.
- Enhanced processing of large patches by making additional API calls to retrieve missing files, up to the
policy__maximum_scan_sizelimit defined in the Preferences page.
- Commit length configuration: Admins can configure the maximum total length of commits to scan, with larger commits truncated. This can be set via the
repo_scan_max_commit_lengthpreference on the Preferences page.
Self-Hosted
- Helm: The ReplicatedSDK image is now pulled from the Replicated registry instead of Docker Hub. For airgap installations, ensure you update your automation processes for pulling and pushing images to your private registry. For more information, refer to the Airgap Installation page.
- Installation and upgrade: Improved error messages for partially initialized databases, providing clear instructions to check logs and ensure the PostgreSQL database is empty before retrying.
- Admin Area: Introduced a Periodic Tasks page to adjust schedules and fine-tune periodic task execution.
- Queues: Merged the
secrets_checksqueue with thebackground validity checksqueue to optimize performance.
Fixes
- Secrets:
- Check runs: Updated messages to note flagged secrets lack commit references and remain compromised once leaked.
- Validity check: Fixed an issue where the tooltip incorrectly indicated a token was valid for all endpoints when it was valid for only one.
- Sources:
- GitLab: Enable viewing of more than 50,000 GitLab projects in the integration settings.
- Alerting:
- Jira issue tracking: Fixed an issue where line feeds (\n) were not properly translated to hardBreak nodes, ensuring correct spacing in Jira tickets.
- Self-Hosted:
- Admin area: Corrected sorting and filters on the Worker Tasks page for improved usability.
Hotfixes
2025.1.1
Release Date: January 23, 2025
Fixes
- Self-Hosted:
- Embedded cluster installation:
- Fix an issue where the GitGuardian dashboard returns a 404 error. Note this fix does not apply to legacy embedded clusters using Kurl.
- Resolved the inability to deploy an embedded cluster with a custom CA.
- Helm:
- Fixed a 404 error on the
/metricsendpoint for fetching GitGuardian applicative metrics on Webapp pods and Celery workers. - Fixed Replicated RBAC resources being created despite rbac.enabled: false in Helm values, causing issues in RBAC-restricted environments.
- Fixed a 404 error on the
- Embedded cluster installation:
