2026.1 - Required
| Version |  Release Date |
|---|---|
| 2026.1.0 | January 28, 2026 |
System Requirements Update
Ensure your infrastructure meets the latest requirements for optimal performance and security:
| Component | Minimum Version | Recommended Version |
|---|---|---|
| KOTS | 1.117.3 | Latest |
| Kubernetes | 1.28 | 1.34 |
| PostgreSQL | 15 | 17 |
| Redis | 6 | 7 |
| ggscout | 0.19.0 | Latest |
Helm & Upgrade Considerations
To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.
⚠️ Important: This is a required release and cannot be skipped.
Upgrading to 2026.1
- KOTS Embedded installations: You must manually delete the PostgreSQL StatefulSet before upgrading. See Upgrade KOTS > Upgrading to 2026.1.
Feature highlights
- Secret Enricher — generic incidents now display enriched secret names powered by our ML model, transforming vague findings into precise, actionable insights. Learn more.
- More NHI Integrations — discover and secure non-human identities across Datadog, Snowflake, Okta, and Auth0. Learn more.
- Unified Identity Governance for Entra & AWS IAM — unified visibility and risk-based prioritization for Microsoft Entra ID and AWS IAM with secret-less OIDC authentication. Learn more.
- GCP Marketplace — GitGuardian is now available on Google Cloud Marketplace, enabling deployment on GKE with consolidated billing through your GCP account. Learn more.
Secrets Detection Engine
- v2.153 — 6 new detectors (HighLevel, Elastic, Google Cloud Keys, Socket Dev, Upstash Redis, Vapid Key), 8 improved (Cloudflare, MySQL, GitLab Token, Fireworks AI, JSON Web Token, SSH, Duo, Azure Event Grid), 1 new checker (Oracle), 883 new secret providers.
- v2.154 — 3 new detectors (Cloudflare R2, Azure SAS URL, MySQL), 1 new checker (Tailscale SCIM), 10 improved (SendGrid, Dwolla, PubNub, Google OAuth2, Azure Cosmos DB, Generic High Entropy, HashiCorp Vault, Discord Webhook, Alchemy, Fireworks AI), 378 new secret providers.
- v2.155 — 18 new detectors (Oracle, Azure Entra App Secret, Azure Entra Access Token, GitLab SCIM, GitLab Agent Kubernetes, ASI:One, Azure IoT Device, Xendit, Supabase, Neoload, MongoDB, Azure Cache for Redis, GitLab Feed, Clerk Webhook, Better Auth, Elastic Search, Redis, Azure Relay), 8 improved (Doppler, Databricks, TeamCity, Scraper API, Slack Webhook, MongoDB, Okta, Tailscale), 3 analyzer upgrades.
Enhancements
- Incident API enhanced to include enriched secret names, CSV/JSON exports now include both original detector name and enriched secret name. Learn more.
- Detectors: Some detectors are now flagged as non-business and disabled by default for business accounts to reduce noise. Use the new "Recommended for business" filter in detector settings to identify and re-enable them if needed. Learn more.
- GitHub Check Runs message updated for merge queues. Learn more.
Fixes
- Docker Hub Integration configuration error. Learn more.
- GitHub Check runs blocking pull requests when disabled. Learn more.
- Playbooks auto-ignore reactivation issue, Historical Scans queueing for bulk operations. Learn more.
- Google Cloud Keys validation, detector validity check filter, GitLab health check link, Health Check email notifications, JFrog Container Registry compatibility. Learn more.
