Version	Release Date
2026.4.0	April 22, 2026

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

⚠️ Important: This is a required release and cannot be skipped.

Feature highlights​

• Advanced Analytics enabled by default for Helm installation — actionable dashboards for detection, remediation, and prevention of secret leaks are now activated by default on all instances. Learn more.

  Requires ~12 GB extra memory and increases database usage by 15-20% (min. 5-6 GB). Data refreshes once a day. KOTS installation must enable the new analytics in KOTS admin console.

• Email verification MFA — email-based verification codes are now required at login and before sensitive workspace actions for users authenticating with email and password. Learn more.
• Secret scanning for AI coding tools — ggshield now scans prompts, tool calls, and agent actions in real time to prevent secrets from leaking through Cursor, Claude Code, and GitHub Copilot. Learn more.
• Team perimeter for non-VCS sources — scope incident visibility by team across container registries, messaging, docs, tickets, package registries and custom sources. Learn more.
• In-cluster support bundle generation — Helm administrators can now generate, download, and upload support bundles directly from the Admin area > Support Bundle page, without kubectl access or the Krew plugin. Learn more.

  Init container memory scales with bundle size (~45 Mi/MB); large bundles may need higher limits to avoid OOMKilled. See Sizing the init container.

Secrets Detection Engine​

• v2.159 — 16 new detectors and checkers (Polar Organization Access Token, Microsoft Azure Storage Account Key, Azure Language API Key, Azure IoT Hub Connection String, DeepL Free/Pro API Keys, Azure Document Intelligence Key, Azure Speech Services Key, Azure Computer Vision Key, Azure Text Translation Key, Oracle Credentials, Google Cloud Express API Key, GitGuardian Public/Internal Monitoring Keys, SAP AI Core Credentials, Odoo External API Key), 3 new detectors (K3s Token, Zoho API Key, ServiceNow Generic Password), 4 new analyzers, 5 detector upgrades, 9 checker upgrades, 2 analyzer upgrades.
• v2.160 — 2 new detectors and checkers (Paymob API Key, Paymob Secret Key), 2 new detectors (ConvertTo-SecureString Password, Paymob HMAC Secret), 5 new checkers (Kubernetes Docker Secret, Generic/OpenSSH/RSA/Elliptic Curve Private Keys with GitLab/GitHub registration checks), 4 new analyzers (Sentry, Figma, Datadog, Google Cloud Keys), 2 detector upgrades, 1 checker upgrade.

Enhancements​

• Bring Your Own Sources location.url field, v2 format for Personal and Service Account Tokens. Learn more.
• Critical saved view as default, privacy mode in public API, historical scan trigger/cancel endpoints, severity rule ID and detector category on incidents, /v1/severity-rules endpoint. Learn more.
• Workspace-level privacy mode enforcement, audit log event types exposed via public API. Learn more.
• Self-Hosted:
  • New namespace-scoped NetworkPolicy support for the GIM namespace, configurable via networkPolicy.* Helm values with a dryrun → enforce rollout. See Network policies.
  • Manual encryption secret creation is now required for all new Helm installations (Helm, Argo CD, Flux). Existing installations are unaffected. See Mandatory secret.
  • Removed the API quota page for self-hosted instances, as quotas do not apply. The API endpoint helper banner is now displayed on the Personal Access Tokens and Service Accounts pages.
  • Added support for bundling JSON schemas into the deployment package, removing the need to fetch them at runtime in air-gapped environments.
  • Added support for replicated.readOnlyMode, which prevents the Replicated subchart from creating or patching Secrets, enabling deployments in environments with strict admission policies.

Fixes​

• Audit log actor display, missing audit logs for Custom Sources via API, bulk filter select-all, NHI Governance timeouts on large Entra ID datasets. Learn more.
• ggshield incident URL for shared-hash secrets, analytics "All time" date range, Jira Data Center authentication drops, Honeytoken GitLab deployment encoding. Learn more.
• GitLab instance health check compatibility with GitLab.com and upcoming GitLab 19 self-hosted versions. Learn more.

Version	Release Date
2025.11.0	November 19, 2025
2025.11.1	November 27, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

Secrets Detection Engine​

• v2.150 — 1 new detector (Coveo API Key), 1 improved (Resend), 1 new checker, 1 analyzer upgrade, 1 engine enhancement.

Enhancements​

• Large occurrence patches display. Learn more.
• Incident list source links, API change_type field. Learn more.
• Dev-in-the-Loop incident ID display and dashboard navigation. Learn more.
• Self-Hosted:
  • Added official support for PostgreSQL 18 and Redis 8.
  • Added terms and conditions acceptance requirement during self-hosted instance setup.
  • Replicated now inherits global image pull secrets, simplifying Helm configuration by removing the need for separate imagePullSecrets in the replicated section. Learn more.

Fixes​

• Perimeter scan button visibility, SSO IDP configuration, sources tooltips and health checks, incidents commit info and code fixing section. Learn more.
• GitLab PAT updates 403 error, SharePoint health-check error 9999. Learn more.
• Microsoft Teams notifier client secret update, incident feedback registration. Learn more.
• Container Registry automatic monitoring, Jira Data Center webhook version. Learn more.
• Fixed an issue where filepath exclusions failed to apply when selecting individual repositories, while working correctly with select all repositories.
• Self-Hosted:
  • Dashboard access now blocked when ReplicatedSDK is not running to enforce proper license validation (cached license fallback up to 10 hours).
  • Fixed PostgreSQL and Redis preflights failing when CA certificate was provided without client certificate and key.

Hotfixes​

2025.11.1​

  Release Date: November 27, 2025

Fixes​

• GitLab Integration:
  • Fixed an issue where GitLab namespaces and projects were incorrectly displayed as "banned" when the instance was actually temporarily detected as unhealthy.
  • Fixed search functionality not working in the entity tree displayed as List view.
• Google Artifact Registry Integration: Source URL now redirects to the Google Artifact Registry repository as expected.
• Incident Management: Fixed filters not being applied to bulk actions when using "select all".

Version	Release Date
2025.5.0	May 22, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version.

FIPS: This release uses Chainguard images without FIPS-approved cryptographic modules. If you would like to use Chainguard images with FIPS, please contact our support team.

Feature highlights​

• ServiceNow secret scanning — detect secrets and honeytokens in ServiceNow for automated incident tracking. Learn more
• Customizable incidents view — create custom views with specific properties for better context exploration and prioritization. Learn more
• SCIM user provisioning — automate user onboarding and offboarding with Okta and Microsoft Entra ID integration. Learn more
• NHI Policies improvements — enhanced policy breach visibility with filtering, analytics, and Secret Reuse policy support.

Secrets Detection Engine​

• v2.136 + v2.137 — 5 new detectors (Perplexity AI, Azure SignalR, Azure Event Grid, Anthropic Admin, GitGuardian Magic Link), 7 improved (LDAP, JWT, Cloudinary, Auth0, Claude, Riot Games, LINE Notify), 2 new checkers.
• v2.138 — 6 new detectors (Azure Entra ID, Azure Communication Services, Azure DevOps PAT, Laravel, Azure App Configuration, X AI), 5 improved (Azure Storage, ODBC, Jira, SMB, Octopus).

Enhancements​

• Weekly digest and historical scan email subject lines, Jira DC ticket creation permissions. Learn more.
• Self-Hosted:
  • Ensured that the Redis FLUSHDB command is available for use before installing or upgrading GitGuardian. Learn more.
  • Added support for configuring proxy username and password using Kubernetes secrets. Learn more.
  • GitGuardian Chainguard images are now used by default and include a shell for troubleshooting and maintenance.
  • Implemented a Content Security Policy in response headers to better control which resources can be loaded, strengthening overall security.

Fixes​

• GitLab read-only token errors, dashboard toast messages, empty GitHub repo scans, deleted sources API display. Learn more.
• Self-Hosted:
  • Resolved an issue where deployment failed when using Kustomize.
  • Increased the readiness probe timeout for public-api to enhance stability and prevent failures.

  Release Date: February 20, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

Feature highlights​

• Search incidents by secret value — monitor secret leaks across thousands of repositories and sources. Learn more
• Bitbucket Cloud scanning — detect exposed credentials in Bitbucket Cloud repositories in real-time. Learn more
• Custom Tags Early Access — organize incidents with custom tags via API (UI support coming soon). Learn more
• Enhanced email incident alerting controls — manage email notification settings via API and customize account-level defaults. Learn more
• Autoscaling — HPA support for web applications with automatic scaling based on demand. Learn more

Secrets Detection Engine​

• v2.130 — 2 new detectors (Artifactory Token With Host, HubSpot Private App), 6 improved GitHub tokens (Enterprise, OAuth, PAT, Server-to-Server, User-to-Server).
• v2.131 — 2 new detectors (Azure Storage Connection String, HashiCorp Vault AppRole).

Enhancements​

• Scan only addition lines in commits, Jira custom fields support. Learn more.
• Jira Data Center user picker custom fields. Learn more.

Fixes​

• GitLab revocation on plan downgrades, Confluence Cloud spaceKey events, restricted user incident view, teammates table action menus, email notifications team routing. Learn more.
• GitLab large instance support, Azure Repos organization sync, PagerDuty real-time alerts. Learn more.
• User deletion with saved views, Azure Repos organization sync. Learn more.
• Self-Hosted:
  • Fixed Redis Sentinel connection with special characters in password (Helm).
  • Restored left navigation menu in KOTS admin console for embedded cluster installations (KOTS).