2026.6

June 19, 2026

Version	Release Date
2026.6.0	June 19, 2026

Ensure your infrastructure meets the latest requirements for optimal performance and security:

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

Premium scan retry worker (Helm only) — a new optional, dedicated worker retries failed premium (VCS) scans on a high-memory pod. Large repositories that fail a scan — most often on out-of-memory errors — are retried here instead of repeatedly failing on the standard scanner pool. This lets you keep your base worker-scanners pods small and route only the heavy retries to one or two large, scale-to-zero pods. Learn more.
Open-source agent skills for ggshield — the new GitGuardian/agent-skills repository ships open-source skills that teach AI coding assistants like Claude Code and Cursor when to scan, how to read findings, and how to walk developers through remediation. Learn more.

v2.163 — 6 new detectors (Aikido API OAuth2 Credentials, Logflare Access Token, PolyAPI API Key, Apollo.io API Key, AES Cipher Key, SAP OAuth Credentials — replacing sap_ai_core_credentials), 1 new checker (SAP OAuth Credentials), 3 detector precision/format improvements (Azure DevOps PAT, GitHub App Token, Pagar.me API Key), 1 updated checker (Coralogix Personal Key), 2 analyzer updates (Datadog API Credentials, Azure OpenAI).
v2.164 — 6 new detectors (Authentik API Token, Pagar.me Encryption Key, Adobe Refresh Token, LiteLLM API Key, brapi.dev API Key, Open VSX Access Token), 1 new checker (Google OAuth2 Keys), 6 detector precision improvements (Snyk Key, Finicity Authentication Keys, Hunter API Key, Datadog API Credentials, GitHub PAT, Heroku Platform Key), 1 new analyzer (Adafruit IO API Key).
v2.165 — 8 new detectors (Stitch API Key, ActiveMQ Credentials, Instantly API Key, Gitea Access Token, Fal.ai API Key, SurrealDB Cloud JWT Token, Kimi API Key, Wiz OAuth Credentials), 8 new checkers (Okta Token, Okta OAuth Credentials, Azure Communication Services Connection String, Azure Storage Account Key, AWS Cognito OAuth 2.0 Credentials, LaunchDarkly SDK Key, Pulumi Access Token, Python Package Index Key), 6 updated checkers (AWS IAM Keys — all regions, Sumo Logic Keys, Supabase API Key, Vultr Key — v2 API, Baidu AI API Key, SAP OAuth Credentials), 1 detector precision improvement (Azure Active Directory API Keys).

Microsoft Teams granular alerting for internal monitoring — subscribe to specific incident event types per channel for fine-grained control over notification preferences. Learn more.
Jira Cloud recurrent scanning instead of webhooks, and VCS historical scans now cover orphaned commits, Git notes, and pull/merge request refs. Learn more.
Overview analytics now include NHI; GitHub check runs can skip merge commits; dissociate Jira/ServiceNow tickets from incidents; GitLab read-only group hook tokens. Learn more.

Fixed an issue where unmonitored sources were incorrectly displayed as deleted in the user interface. Learn more.
Security XSS fix on the mTLS redirect page; custom remediation guidelines now shown on developer share links; Jira & Confluence rate-limit scanning error; GitHub Forbidden error on unauthenticated API root requests. Learn more.
Self-Hosted: Fixed an in-app Analytics failure that blocked the analytics run from completing.

Something we didn’t cover?