Version	Release Date
2025.12.0	December 15, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

Feature highlights​

• Advanced Analytics for Internal Monitoring — track the detection, remediation and prevention of secret leaks with actionable dashboards. Learn more.

  This feature is disabled by default and requires additional resources (12 GB memory). Analytics are computed once a day, so data may take up to 24 hours to appear after activation. To enable: set inAppAnalytics.enabled: true in Helm values, or enable "In-App Analytics" in the KOTS Admin Console.

• SCIM team provisioning — automate team creation and sync from Okta and Microsoft Entra ID. Learn more
• Enhanced Slack notifications — complete incident lifecycle coverage for internal monitoring and honeytoken alerting. Learn more.
• CyberArk Secrets Manager Self Hosted integration — discover and enumerate non-human identities stored in your self-hosted CyberArk (Conjur) vault. Learn more.

Secrets Detection Engine​

• v2.151 — 13 new detectors (Hume AI, Azure AI Face, Neon, E2B, MailerSend, Scraper API, AIProxy, Cloudsmith, AWS Bedrock, Harness, Grafbase, AssemblyAI), 8 improved (Generic Password, Pinecone, Keycloak, Discord, Kubernetes JWT, Tableau, Sendinblue), 3 analyzer upgrades.
• v2.152 — 1 new detector (Google Cloud Access Token), 3 improved (Hashicorp Vault Token, PagerDuty, Google Cloud Access Token), 2 analyzer upgrades.

Enhancements​

• New "Valid" saved view for incidents, API filtering by triggered date, GitLab validation and health checks, Docker Hub organization namespaces, Custom Monitored Perimeter improvements, GitLab empty namespaces hidden by default. Learn more.
• Self-Hosted:
  • Added multiple hostname support via extra_hostnames parameter, enabling access through additional domain names. Learn more.
  • Added global podDisruptionBudget.enabled parameter to disable automatic PDB creation for restricted Kubernetes environments that prohibit PodDisruptionBudget resources. Learn more.
  • Added official support for Helm v4.
  • Added IPv6 support via network.ipFamily parameter for Service resources. Learn more.

Fixes​

• Jira Data Center historical scans for large projects, incident details "First detected" date display, Slack notifications user association, Health Check error differentiation. Learn more.
• Bulk action filters, Jira ticketing issues, Perimeter scan behavior, GitLab namespace display and search, Container Registry URLs and caching. Learn more.
• Self-Hosted: Resolved NHI Governance access for manager roles.

Version	Release Date
2025.7.0	July 25, 2025
2025.7.1	August 8, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

⚠️ Important: This is a required release and cannot be skipped.

Feature highlights​

• Jira and Confluence Data Center historical scanning — scan past content for secrets. Learn more
• Auto-ignore invalid incidents playbook — automatically clear confirmed invalid secrets. Learn more

Secrets Detection Engine​

• v2.141 — 12 new detectors (Kubernetes User Certificate with Port, NVIDIA, Alchemy v2, OpenRouter, Duffel, Apify, Jina, Deno Account, Segment Workspace v2, Resend, VKontakte, Fireworks AI), 6 improved, 10 new checkers.
• v2.142 — 2 new detectors (AI71, AMP), 9 improved (Kubernetes Docker, MySQL, Sourcegraph, GitHub, HashiCorp Vault, Confluent, GitHub Fine-Grained PAT, Slack, DigitalOcean Spaces), 2 new checkers.
• v2.143 — 7 new detectors (GitLab Incoming Mail, Coze PAT, Tavus, Heroku Platform, SSH with port, Tableau Cloud PAT, Notion v2), 7 improved, 6 new checkers. All JWT detectors now only catch signed JWTs.

Enhancements​

• Custom tags API key/value filtering, auto-resolve revoked secrets playbook, custom remediation links. Learn more.
• Jira DC leaker emails. Learn more.
• Custom tags API documentation. Learn more.
• GitLab multi-hook support. Learn more.

Fixes​

• Custom tags bulk assignment, Azure DevOps token handling. Learn more.
• GitHub installation checks. Learn more.
• Teams email notifications. Learn more.
• SCIM case-insensitive emails. Learn more.
• Deletion line scanning. Learn more.

Hotfixes​

2025.7.1​

  Release Date: August 8, 2025

Fixes​

• Self-Hosted:
  • Embedded Cluster with Embedded Redis configuration to use bitnamilegacy/redis registry following Bitnami's registry changes.
  • ML Secret Engine updated to version 20250806 fixing critical CVE-2025-54381.
  • NHI Scout bumped to version 0.18.2.

Version	Release Date
2025.6.0	June 20, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

Feature highlights​

• Secure API access to secret values — retrieve secret values via API endpoint for automation workflows. Learn more
• Microsoft Teams secret detection — scan Teams messages for hardcoded secrets with real-time and historical scanning. Learn more
• Jira and Confluence Cloud historical scanning — detect secrets leaked in the past across Jira and Confluence Cloud. Learn more
• Container Registries secret detection — detect hardcoded secrets in Azure, Google, JFrog, and DockerHub registries. Learn more
• Self-Hosted: Export GitGuardian logs to Splunk, Loki, Elasticsearch, Kafka, and Datadog for centralized monitoring. Learn more

Secrets Detection Engine​

• v2.139 — 1 new detector (GitLab Feature Flags Client Token), 6 improved (AMQP, Confluent, Generic High Entropy, Artifactory, Azure Storage), 1 engine enhancement.
• v2.140 — 12 new detectors (Laravel, GitLab tokens, Kubernetes JWT, Brave Search, Dify, Firecrawl, Ubidots, Vapi, Llama Cloud), 4 improved, 7 new checkers, 2 engine enhancements.

Enhancements​

• Teams API endpoint optimization. Learn more.
• Self-Hosted:
  • Improved ML Secret Engine Docker image permissions to support running with custom user and group IDs for better Kubernetes security contexts.
  • Improved Docker image permissions to support running with custom user and group IDs for better Kubernetes security contexts.
  • Improved handling of failed index creation migrations to allow safe re-execution of database updates.
  • Added capability to specify constraint of only one worker per node in Kubernetes deployments to optimize resource allocation. Learn more about scaling.

Fixes​

• Email alerts to inactive members, custom tags pagination, GitLab parent group permissions, secret analyzer validity checking. Learn more.
• Self-Hosted:
  • Corrected an issue preventing Self-Hosted customers from adding or editing custom severity rule sets.
  • Fixed an issue with ACL limitations on GCP and Azure cloud platforms where Redis deployments disable the ACL command, causing pre-deployment checks for the FLUSHDB command to fail. The system now gracefully handles scenarios where ACL commands are unavailable.

Version	Release Date
2025.5.0	May 22, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version.

FIPS: This release uses Chainguard images without FIPS-approved cryptographic modules. If you would like to use Chainguard images with FIPS, please contact our support team.

Feature highlights​

• ServiceNow secret scanning — detect secrets and honeytokens in ServiceNow for automated incident tracking. Learn more
• Customizable incidents view — create custom views with specific properties for better context exploration and prioritization. Learn more
• SCIM user provisioning — automate user onboarding and offboarding with Okta and Microsoft Entra ID integration. Learn more
• NHI Policies improvements — enhanced policy breach visibility with filtering, analytics, and Secret Reuse policy support.

Secrets Detection Engine​

• v2.136 + v2.137 — 5 new detectors (Perplexity AI, Azure SignalR, Azure Event Grid, Anthropic Admin, GitGuardian Magic Link), 7 improved (LDAP, JWT, Cloudinary, Auth0, Claude, Riot Games, LINE Notify), 2 new checkers.
• v2.138 — 6 new detectors (Azure Entra ID, Azure Communication Services, Azure DevOps PAT, Laravel, Azure App Configuration, X AI), 5 improved (Azure Storage, ODBC, Jira, SMB, Octopus).

Enhancements​

• Weekly digest and historical scan email subject lines, Jira DC ticket creation permissions. Learn more.
• Self-Hosted:
  • Ensured that the Redis FLUSHDB command is available for use before installing or upgrading GitGuardian. Learn more.
  • Added support for configuring proxy username and password using Kubernetes secrets. Learn more.
  • GitGuardian Chainguard images are now used by default and include a shell for troubleshooting and maintenance.
  • Implemented a Content Security Policy in response headers to better control which resources can be loaded, strengthening overall security.

Fixes​

• GitLab read-only token errors, dashboard toast messages, empty GitHub repo scans, deleted sources API display. Learn more.
• Self-Hosted:
  • Resolved an issue where deployment failed when using Kustomize.
  • Increased the readiness probe timeout for public-api to enhance stability and prevent failures.