Version	Release Date
2025.7.0	July 25, 2025
2025.7.1	August 8, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

⚠️ Important: This is a required release and cannot be skipped.

Feature highlights​

• Jira and Confluence Data Center historical scanning — scan past content for secrets. Learn more
• Auto-ignore invalid incidents playbook — automatically clear confirmed invalid secrets. Learn more

Secrets Detection Engine​

• v2.141 — 12 new detectors (Kubernetes User Certificate with Port, NVIDIA, Alchemy v2, OpenRouter, Duffel, Apify, Jina, Deno Account, Segment Workspace v2, Resend, VKontakte, Fireworks AI), 6 improved, 10 new checkers.
• v2.142 — 2 new detectors (AI71, AMP), 9 improved (Kubernetes Docker, MySQL, Sourcegraph, GitHub, HashiCorp Vault, Confluent, GitHub Fine-Grained PAT, Slack, DigitalOcean Spaces), 2 new checkers.
• v2.143 — 7 new detectors (GitLab Incoming Mail, Coze PAT, Tavus, Heroku Platform, SSH with port, Tableau Cloud PAT, Notion v2), 7 improved, 6 new checkers. All JWT detectors now only catch signed JWTs.

Enhancements​

• Custom tags API key/value filtering, auto-resolve revoked secrets playbook, custom remediation links. See SaaS release: Jun 19.
• Jira DC leaker emails. See SaaS release: Jun 30.
• Custom tags API documentation. See SaaS release: Jul 21.
• GitLab multi-hook support. See SaaS release: Jul 23.

Fixes​

• Custom tags bulk assignment, Azure DevOps token handling. See SaaS release: Jun 19.
• GitHub installation checks. See SaaS release: Jun 30.
• Teams email notifications. See SaaS release: Jul 7.
• SCIM case-insensitive emails. See SaaS release: Jul 21.
• Deletion line scanning. See SaaS release: Jul 28.

Hotfixes​

2025.7.1​

  Release Date: August 8, 2025

Fixes​

• Self-Hosted:
  • Embedded Cluster with Embedded Redis configuration to use bitnamilegacy/redis registry following Bitnami's registry changes.
  • ML Secret Engine updated to version 20250806 fixing critical CVE-2025-54381.
  • NHI Scout bumped to version 0.18.2.

Version	Release Date
2025.6.0	June 20, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

Feature highlights​

• Secure API access to secret values — retrieve secret values via API endpoint for automation workflows. Learn more
• Microsoft Teams secret detection — scan Teams messages for hardcoded secrets with real-time and historical scanning. Learn more
• Jira and Confluence Cloud historical scanning — detect secrets leaked in the past across Jira and Confluence Cloud. Learn more
• Container Registries secret detection — detect hardcoded secrets in Azure, Google, JFrog, and DockerHub registries. Learn more
• Self-Hosted: Export GitGuardian logs to Splunk, Loki, Elasticsearch, Kafka, and Datadog for centralized monitoring. Learn more

Secrets Detection Engine​

• v2.139 — 1 new detector (GitLab Feature Flags Client Token), 6 improved (AMQP, Confluent, Generic High Entropy, Artifactory, Azure Storage), 1 engine enhancement.
• v2.140 — 12 new detectors (Laravel, GitLab tokens, Kubernetes JWT, Brave Search, Dify, Firecrawl, Ubidots, Vapi, Llama Cloud), 4 improved, 7 new checkers, 2 engine enhancements.

Enhancements​

• Teams API endpoint optimization. See SaaS release: Jun 19.
• Self-Hosted:
  • Improved ML Secret Engine Docker image permissions to support running with custom user and group IDs for better Kubernetes security contexts.
  • Improved Docker image permissions to support running with custom user and group IDs for better Kubernetes security contexts.
  • Improved handling of failed index creation migrations to allow safe re-execution of database updates.
  • Added capability to specify constraint of only one worker per node in Kubernetes deployments to optimize resource allocation. Learn more about scaling.

Fixes​

• Email alerts to inactive members, custom tags pagination, GitLab parent group permissions, secret analyzer validity checking. See SaaS release: Jun 19.
• Self-Hosted:
  • Corrected an issue preventing Self-Hosted customers from adding or editing custom severity rule sets.
  • Fixed an issue with ACL limitations on GCP and Azure cloud platforms where Redis deployments disable the ACL command, causing pre-deployment checks for the FLUSHDB command to fail. The system now gracefully handles scenarios where ACL commands are unavailable.

Version	Release Date
2025.5.0	May 22, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version.

FIPS: This release uses Chainguard images without FIPS-approved cryptographic modules. If you would like to use Chainguard images with FIPS, please contact our support team.

Feature highlights​

• ServiceNow secret scanning — detect secrets and honeytokens in ServiceNow for automated incident tracking. Learn more
• Customizable incidents view — create custom views with specific properties for better context exploration and prioritization. Learn more
• SCIM user provisioning — automate user onboarding and offboarding with Okta and Microsoft Entra ID integration. Learn more
• NHI Policies improvements — enhanced policy breach visibility with filtering, analytics, and Secret Reuse policy support.

Secrets Detection Engine​

• v2.136 + v2.137 — 5 new detectors (Perplexity AI, Azure SignalR, Azure Event Grid, Anthropic Admin, GitGuardian Magic Link), 7 improved (LDAP, JWT, Cloudinary, Auth0, Claude, Riot Games, LINE Notify), 2 new checkers.
• v2.138 — 6 new detectors (Azure Entra ID, Azure Communication Services, Azure DevOps PAT, Laravel, Azure App Configuration, X AI), 5 improved (Azure Storage, ODBC, Jira, SMB, Octopus).

Enhancements​

• Weekly digest and historical scan email subject lines, Jira DC ticket creation permissions. See SaaS release: May 21.
• Self-Hosted:
  • Ensured that the Redis FLUSHDB command is available for use before installing or upgrading GitGuardian. Learn more.
  • Added support for configuring proxy username and password using Kubernetes secrets. Learn more.
  • GitGuardian Chainguard images are now used by default and include a shell for troubleshooting and maintenance.
  • Implemented a Content Security Policy in response headers to better control which resources can be loaded, strengthening overall security.

Fixes​

• GitLab read-only token errors, dashboard toast messages, empty GitHub repo scans, deleted sources API display. See SaaS release: May 21.
• Self-Hosted:
  • Resolved an issue where deployment failed when using Kustomize.
  • Increased the readiness probe timeout for public-api to enhance stability and prevent failures.

  Release Date: February 20, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

Feature highlights​

• Search incidents by secret value — monitor secret leaks across thousands of repositories and sources. Learn more
• Bitbucket Cloud scanning — detect exposed credentials in Bitbucket Cloud repositories in real-time. Learn more
• Custom Tags Early Access — organize incidents with custom tags via API (UI support coming soon). Learn more
• Enhanced email incident alerting controls — manage email notification settings via API and customize account-level defaults. Learn more
• Autoscaling — HPA support for web applications with automatic scaling based on demand. Learn more

Secrets Detection Engine​

• v2.130 — 2 new detectors (Artifactory Token With Host, HubSpot Private App), 6 improved GitHub tokens (Enterprise, OAuth, PAT, Server-to-Server, User-to-Server).
• v2.131 — 2 new detectors (Azure Storage Connection String, HashiCorp Vault AppRole).

Enhancements​

• Scan only addition lines in commits, Jira custom fields support. See SaaS release: Feb 11.
• Jira Data Center user picker custom fields. See SaaS release: Jan 28.

Fixes​

• GitLab revocation on plan downgrades, Confluence Cloud spaceKey events, restricted user incident view, teammates table action menus, email notifications team routing. See SaaS release: Feb 11.
• GitLab large instance support, Azure Repos organization sync, PagerDuty real-time alerts. See SaaS release: Jan 28.
• User deletion with saved views, Azure Repos organization sync. See SaaS release: Jan 13.
• Self-Hosted:
  • Fixed Redis Sentinel connection with special characters in password (Helm).
  • Restored left navigation menu in KOTS admin console for embedded cluster installations (KOTS).

Version	Release Date
2025.1.0	January 20, 2025
2025.1.1	January 23, 20255

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

⚠️ Important: This is a required release and cannot be skipped.

Feature highlights​

• Microsoft Teams security alerts — real-time GitGuardian alerts in Microsoft Teams with instant notifications. Learn more
• Jira Data Center auto-tracking — auto-create Jira issues, sync custom fields, and auto-resolve incidents. Learn more
• False Positive Remover v1 — internal ML model that halves false positives for Self-Hosted deployments. Learn more
• Slack secret scanning — scan full history of public and private Slack channels to detect leaked secrets. Learn more
• Remediation tracking — enhanced workflow with precise location details and real-time tracking of remediation progress. Learn more. ⚠️ You can adjust the scan rate limit for the file tracking engine via the scan_after_push_force_rate_limit preference on the Preferences page. Historical scans are recommended to ensure incidents requiring fixes are available in the dashboard.
• SCIM user deprovisioning — automatic user deprovisioning when users are removed from your IdP. Learn more

Secrets Detection Engine​

• v2.128 — 4 new detectors (Jenkins API, chpasswd, Nessus Agent, Statsig Server), 1 improved (FTP).
• v2.129 — 1 new detector (GitLab OAuth), 4 improved (Base64 High Entropy, GitGuardian Test Token, MSSQL, Zendesk).

Enhancements​

• Redesigned navigation menu, automatic repository monitoring control. See SaaS release: Dec 12.
• Jira Data Center user picker custom fields. See SaaS release: Jan 28.
• Self-Hosted:
  • GitHub integration: Improved real-time event handling for >100 commits and enhanced large patch processing.
  • Configurable commit length scanning via repo_scan_max_commit_length preference. Learn more.
  • ReplicatedSDK image now pulled from Replicated registry. Learn more.
  • Improved error messages for partially initialized databases.
  • Introduced Periodic Tasks page to adjust schedules and fine-tune execution.
  • Merged secrets_checks queue with background validity checks queue for optimized performance.

Fixes​

• Check runs messages, validity check tooltip, Jira issue tracking line feeds. See SaaS release: Dec 23.
• GitLab large instance support. See SaaS release: Jan 28.
• User deletion with saved views. See SaaS release: Jan 13.
• Self-Hosted:
  • Corrected sorting and filters on Worker Tasks page in the Admin area for improved usability.

Hotfixes​

2025.1.1​

  Release Date: January 23, 2025

Fixes​

• Self-Hosted:
  • Fixed GitGuardian dashboard 404 error in embedded cluster installations (excluding legacy Kurl clusters).
  • Fixed embedded cluster deployment with custom CA.
  • Fixed 404 error on /metrics endpoint for applicative metrics (Helm).
  • Fixed Replicated RBAC resources created despite rbac.enabled: false in Helm values.