Version	Release Date
2026.5.0	May 21, 2026
2026.5.1	May 28, 2026

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Component	Minimum Version	Recommended Version
KOTS	1.117.3	Latest
Kubernetes	1.30	1.35
PostgreSQL	15	17
Redis	6	7
ggscout	0.19.0	Latest

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

Feature highlights​

• Advanced Analytics enabled by default for Helm installation — actionable dashboards for detection, remediation, and prevention of secret leaks are now activated by default on all instances, including the new Analytics Overview page, previously available in early access, that aggregates KPIs across Protect, Detect, Remediate, and Govern in a single dashboard. Learn more.

  Requires ~12 GB extra memory and increases database usage by 15-20% (min. 5-6 GB). Data refreshes once a day. KOTS installation must enable the new analytics in KOTS admin console.

• New AI workspace setting — workspace owners now have a self-service Settings → Workspace → AI page to enable or disable external LLM calls and configure Bring Your Own Cloud (BYOC) providers, with AWS Bedrock supported at launch. External LLM features are disabled by default on self-hosted instances. Once the integration is up and running, the selected Anthropic model powers every LLM-driven feature in the app. See AI settings and the AWS Bedrock setup guide.
• NHI admin and overprivileged flags — NHI Governance now flags admin-level and overprivileged non-human identities across AWS IAM, Microsoft Entra, and Okta, and automatically bumps the severity of any policy breach landing on an admin NHI. Learn more.
• Attachment scanning across Atlassian — secret detection now covers file attachments on Jira Cloud, Jira Data Center, Confluence Cloud, and Confluence Data Center. Reinstall your Atlassian integrations to grant the new attachment scopes. Learn more.
• New Slack capabilities — file attachment scanning, interactive thread responses (beta), and private channel name redaction. To enable them, add the latest Bot Token Scopes to your existing Slack app (no reinstall required). See the updated permissions list. Learn more.

Secrets Detection Engine​

• v2.161 — 7 new detectors (Payhere App Credentials, HubSpot API Key, Birdeye API Key, Datadog API Credentials, Payhere Merchant Secret, GitGuardian Personal Access Token, GitGuardian Service Access Token), 1 new checker (Azure SignalR Connection String), 4 detector precision improvements (Jira Basic Auth, Atlassian OAuth2, npm Token, OpenWeatherMap Token), 5 new analyzers (Intercom Access Token, GitGuardian PAT/SAT, Notion Integration Token, Azure Cosmos DB Credentials).
• v2.162 — 16 new detectors (Aikido CI Scanning Token, Baidu AI API Key, Baidu Cloud API Keys, Bitrise Personal/Workspace Access Tokens, Canva Integration OAuth2, Cloudflare API Token V2, CockroachDB API Key, Coder Session Token, Datadog Application Key, ElevenLabs API Key, HashiCorp Consul ACL Token, MaxMind License Key, QQ Robot API Keys, Snyk Key V2, Volcengine API Key), 6 detector updates (Azure OpenAI, GitLab Token, Google Cloud Keys, Grafbase, PayPal Braintree, Slack Bot Token), 2 new analyzers (Azure AI Search Key, Azure OpenAI), 3 analyzer updates (Anthropic Admin Key, GitLab Token, PostgreSQL Credentials).

Enhancements​

• Accessibility: Ctrl+Enter to submit forms; dynamic variables (e.g., {secretType}, {sourceName}, {sourceType}) now supported across all Jira integration fields. Learn more.
• Deprecated Honeytoken Labels Public API removed (use Custom Tags), Jira templates flag unsupported required fields, GitHub Check runs reliability during partial outages. Learn more.
• Microsoft Teams notifications expanded to full incident lifecycle; new Public API Health Checks endpoints; archived-source filters on Sources and Incidents endpoints. Learn more.
• Microsoft Teams Issue Regression event backfilled for existing notifiers, leak author now captured on JFrog Artifactory incidents. Learn more.
• Self-Hosted:
  • Improved the support bundle upload with a more descriptive filename (including hostname, date, and ticket ID and an instance ID display.
  • Added logCollector.supportBundle.logLevel to filter Loki queries when generating a support bundle.
  • Added dedicated celeryWorkers.automatic-severities worker — moves the automatic_severities queue out of the long worker into its own scalable worker. See the updated application topology.
  • Helm upgrades no longer fail when the chart is configured with a third-party cert-manager issuer plugin. The certManager values schema now accepts plugin issuer kinds in addition to the built-in Issuer and ClusterIssuer.

Fixes​

• PAT source scopes not applied correctly, Bitbucket Cloud workspace-scoped APIs. Learn more.
• Dashboard unresponsive when filtering PATs, Bitbucket Cloud cross-workspace API deprecation handled. Learn more.
• SendGrid revocation error, JFrog Artifactory bulk select-all in team perimeters, GitHub Enterprise health check on GHES 3.19.4, GitHub Enterprise PR Check runs analytics dashboards, perimeter page rendering on workspaces with 200k+ sources. Learn more.

Hotfixes​

2026.5.1​

  Release Date: May 28, 2026

Fixes​

• Security: Fixed an XSS / open-redirect vulnerability via a crafted redirect_url query parameter in the login and bulk-scan flows.
• Jira Data Center: Fixed scan timeouts on large instances and improved handling of missing or null fields during scans.
• Machine Learning: Removed a test artifact from the ML Secret Engine image that was being flagged as a private key by container scanners.
• Self-Hosted: Bundled component bumps — Replicated SDK, MinIO (log collector), ML Secret Engine. See the air gap install page for the updated tags.

Version	Release Date
2026.3.0	March 16, 2026
2026.3.1	March 23, 2026
2026.3.2	March 26, 2026
2026.3.3	April 2, 2026

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Component	Minimum Version	Recommended Version
KOTS	1.117.3	Latest
Kubernetes	1.30	1.35
PostgreSQL	15	17
Redis	6	7
ggscout	0.19.0	Latest

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

Using Argo CD? A pre-created encryption secret is required before deploying — see the Argo CD installation guide.

Feature highlights​

• JFrog Artifactory Package Registries — scan Maven, npm, PyPI, NuGet, Go, and 7 more package ecosystems for secrets hiding in your software supply chain, with historical and incremental scanning support. Currently in beta. Learn more.
• Red Hat Quay Integration — detect secrets in container images across quay.io and self-hosted Quay deployments, with full image layer analysis and OAuth2 authentication. Currently in beta. Learn more.
• Okta Integration Network — GitGuardian is now an Okta-verified app with one-click SAML SSO, SCIM provisioning, and Group Push for streamlined identity management. Learn more.

Secrets Detection Engine​

• v2.157 — 26 new detectors (WooCommerce, Iyzico, Mercado Pago, Bitbucket HTTP Access Token, PostgreSQL, MariaDB, Azure Event Hub, Azure Container Registry, Coralogix, Azure Web PubSub, Azure Batch, Azure APIM Gateway, Azure IoT Provisioning, Azure AI Search, GitLab CI/CD Job Token, PostHog, and more), 13 improved, 4 analyzer upgrades, 4 new revokers (SendGrid, Slack User Token, Slackbot, Heroku), scanning throughput nearly doubled.
• v2.158 — 4 new detectors (MiniMax, Retell, Azure Storage Account Key, Curl Username Password), 2 improved (Azure Container Registry, MongoDB), scanning speed improved by 12%.

Enhancements​

• Improved scanning for SharePoint Online and OneDrive integrations. Self-hosted customers using these integrations should ensure all required pods are active and properly scaled. See the scaling documentation and non-VCS sources configuration for details.
• Audit logs now display scope information for PAT and SAT creation events. Learn more.
• Workspace managers can restrict Personal Access Token scopes for members. Learn more.
• Customizable session duration for dashboard sessions. Learn more.
• Slack and Webhook alerts now include feedback content (remarks) for incidents. Learn more.
• Enhanced Slack incident notification messages with improved formatting and additional context. Learn more.
• Jira templates now support filename and line number fields. Learn more.
• "System" theme mode option that follows OS light/dark preference. Learn more.
• Public API endpoint for retrieving GitGuardian egress IP addresses. Learn more.
• Custom perimeter support for Microsoft Teams, Confluence Cloud, Confluence Data Center, Jira Cloud, and Jira Data Center. Learn more.
• Self-Hosted:
  • Allow to have fixed tags for the Custom CA image, to support environments enforcing fixed tags
  • Added ALB ingress support for autoscaling and improved templating of custom autoscaling metrics in Helm charts.
  • Added missing queues to KEDA ScaledObjects configuration for improved autoscaling coverage.

Fixes​

• Jira Cloud installations unexpectedly soft-deleted. Learn more.
• API schema validation error for response path 'id'. Learn more.
• Timeout issues when bulk-updating incident custom tags. Learn more.
• Authorization issue allowing Team Leaders to delete "All Incidents" team notification settings. Learn more.
• Self-Hosted:
  • Fixed Redis password handling issue when using existing secrets in ArgoCD environments.

Hotfixes​

2026.3.1​

  Release Date: March 24, 2026

Fixes​

• GitHub Enterprise integration: Fixed issue where repositories appeared as "Unmonitored" after upgrading to 2026.3 despite being correctly selected in Integration settings.
• JFrog Package Registries: Fixed payload mismatch error during JFrog Artifactory package registry scans.
• API documentation link: Fixed incorrect API documentation link in the self-hosted help menu.
• Audit logs: Fixed actor filter in audit logs where selected users were lost after using and clearing the search field.

2026.3.2​

  Release Date: March 26, 2026

Fixes​

• Database migration on upgrade: Fixed a pre-deploy migration failure blocking upgrades to 2026.3 on instances originally installed before version 2025.7.

2026.3.3​

  Release Date: April 2, 2026

Fixes​

• In-app analytics optimization: Fixed excessive data footprint from inAppAnalytics, reducing storage and memory usage.

Version	Release Date
2025.9.0	September 17, 2025
2025.9.1	October 1, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Component	Minimum Version	Recommended Version
KOTS	1.117.3	Latest
Kubernetes	1.28	1.32
PostgreSQL	15	16
Redis	6	7
ggscout	0.19.0	Latest

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

Feature highlights​

• Bring Your Own Sources — extend secret detection to any data source (CI logs, legacy systems, SFTP). Learn more
• Quick Access — unified search interface for faster navigation (Ctrl+K/Cmd+K). Learn more
• AI Filters — use natural language to filter incidents, perimeter, and audit logs. Learn more
• Microsoft SharePoint and OneDrive scanning — detect secrets in your knowledge base. Learn more

Secrets Detection Engine​

• v2.145 — 1 improved detector (GitLab Token broader regex for longer tokens).
• v2.146 — 4 new detectors (Africa's Talking, Clipdrop, StackHawk, Murf), 1 improved (Stripe checker timeout prevention).

Enhancements​

• Confluence Cloud outbound-only OAuth2, GitHub PR public share links, CSP headers. Learn more.
• User comment permissions. Learn more.
• Self-Hosted:
  • Improved ML Secret Engine Docker image permissions for custom user/group IDs.
  • Enhanced Docker image permissions for custom security contexts.
  • Improved failed index migration handling for safe re-execution.
  • Added node affinity scheduling for one worker per node constraint.

Fixes​

• Remediation tracking for non-default branches, perimeter filter errors, Honeytoken notifications, webhook URL validation, JFrog integration validation, Confluence DC URLs. Learn more.
• Token management link removal. Learn more.
• Self-Hosted:
  • Fixed Loki image not being pulled from private Docker registry during airgap Helm installations.
  • Resolved KOTS rendering issue on existing cluster with KOTS installation. Note: KOTS installation will be deprecated soon. We encourage customers to migrate to Helm installation.

---

Hotfixes​

2025.9.1​

  Release Date: October 1, 2025

Fixes​

• SharePoint integration: Fixed issue where SharePoint Online tenants appeared as monitored but failed to display nested sites and resources properly.
• Jira Data Center integration: Update Jira DC webhook creation to use version-specific endpoints based on the instance version.