Skip to main content

2026.2

Versioncalendar icon Release Date
2026.2.0February 23, 2026

System Requirements Update

Ensure your infrastructure meets the latest requirements for optimal performance and security:

ComponentMinimum VersionRecommended Version
KOTS1.117.3Latest
Kubernetes1.30 ⚠️1.35
PostgreSQL1517
Redis67
ggscout0.19.0Latest

Helm & Upgrade Considerations

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

Using Argo CD? A pre-created encryption secret is now required before deploying — see the Argo CD installation guide.

Upgrading to 2026.2 Kubernetes Support

GitGuardian 2026.2 now requires Kubernetes 1.30 as the minimum supported version. However, Kubernetes 1.30 is no longer receiving active or maintenance support from the Kubernetes project (see end-of-life schedule).

We strongly recommend upgrading to Kubernetes 1.35 for optimal security and stability. See our system requirements for more details.

Feature highlights

  • Dark Mode — we've refreshed the GitGuardian interface and introduced Dark Mode so you can work comfortably in any environment, with cleaner layouts, improved contrast, and polished navigation. Head to Account → Interface → Theme to pick your preference. Learn more.

Secrets Detection Engine

  • v2.156 — 7 new detectors (Modelscope, Proxmox, ZegoCloud, Deepgram, Microsoft Power Apps Webhook, Mem0, Obsidian), 4 improved (Azure SAS URL, Okta OAuth, Azure Entra Access Token, Azure OpenAI), 1 analyzer upgrade (Azure SAS URL expiration check), 1 deprecated (Azure Logic App Sig Key).

Enhancements

  • Incidents API enhanced with external ticket information (Jira/ServiceNow), analytics period selector with flexible date range options, improved SSO certificate editing experience. Learn more.
  • ggshield correctly ignores secrets with closed related incidents. Learn more.
  • Self-Hosted:
    • Helm charts now include a strict JSON schema generated from values.yaml. Any property not defined in values.yaml will be rejected at install or upgrade time. If you encounter validation errors, you can temporarily use the --skip-schema-validation Helm flag while we address any missing properties.
    • The background_validity_check queue has moved from worker-long to worker-worker. If you have scaled your workers for validity checks, you may need to adjust your worker-worker replicas accordingly. See the application topology page for the full queue mapping.
    • New optional worker-check-runs worker to offload check_run processing from worker-worker. Disabled by default. Enable it by setting celeryWorkers.check-runs.replicas in your Helm values.
    • Remove terms and conditions acceptance requirement for self-hosted instance.
    • License grace period extended from 10 hours to 120 hours when ReplicatedSDK is unreachable.

Fixes

  • Validity checks automatic retry mechanism, CSV export JSON format. Learn more.
  • Validity checks periodic re-check for invalid secrets, analytics tooltip dates, Developer in the Loop duplicate submissions, SCIM email notification defaults. Learn more.
  • Self-Hosted: Fixed Redis password handling when using existing secrets in ArgoCD environments.

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status