Skip to main content

4 posts tagged with "jira"

View All Tags

2025.5

Versioncalendar icon Release Date
2025.5.0May 22, 2025

System Requirements Update

Ensure your infrastructure meets the latest requirements for optimal performance and security:

ComponentMinimum VersionRecommended Version
KOTS1.117.3Latest
Kubernetes1.251.32
PostgreSQL1516
ggscout0.16.6Latest

Helm & Upgrade Considerations

To ensure compatibility, please review Helm values updates from the previous version.

⚠️ Ensure you're using a Helm version from 3.13 up to 3.17.

Air gap deployment? We've added new images in this release. Find all image and tag names on the Air Gap Install page.

FIPS: This release uses Chainguard images without FIPS-approved cryptographic modules. If you would like to use Chainguard images with FIPS, please contact our support team.

ServiceNow secret scanning

ServiceNow Integration

ServiceNow is now supported for secrets detection and honeytoken detection, enabling automated tracking of security incidents. Learn more

Customize Your Incidents View for Enhanced Context Exploration

With this new feature, users can create fully customized views of their incidents, displaying specific properties and exploring their security data in an entirely new way.

GSE-columns

This customization capability offers two key advantages:

  1. Leverage the Generic Secret Enricher model (read 2025.3 release page) - You can now explore and prioritize generic incidents more effectively by visualizing the AI-classified secret categories and providers GSE-columns
  2. Harness extensive incident context - Access the rich contextual data we provide for each incident, which is essential for efficient prioritization efforts

Context is critical for effective remediation. CyberSecurity is fundamentally a data business, and by collecting and presenting the richest, most structured context possible, we enable you to filter, sort, and prioritize incidents effectively and make informed decisions.

Read more in the documentation

Automate User Onboarding & Offboarding with SCIM

SCIM thumbnail

SCIM (System for Cross-domain Identity Management) integration now supports both automatic user provisioning and deprovisioning in GitGuardian. When users are added or removed from your Identity Provider (IdP)—such as Okta or Microsoft Entra ID—they are automatically created or deactivated in your GitGuardian workspace.

Now, all your developers can be automatically onboarded to GitGuardian and are ready to handle security incidents as soon as they are added to your IdP. This means you can fully automate the onboarding and offboarding of users, directly from your IdP, ensuring your entire development team is always prepared to respond to incidents.

Why is this important?

  • Streamlined onboarding: New users are automatically provisioned in GitGuardian as soon as they are added to your IdP—no more manual invites or user creation.
  • Automated offboarding: When a user is removed or deactivated in your IdP, their access to GitGuardian is automatically revoked, reducing security risks.
  • Real-time synchronization: User changes in your IdP are reflected in GitGuardian almost instantly, ensuring your workspace always stays up to date.
  • Improved compliance: Automated user lifecycle management helps you meet security and compliance requirements by ensuring only authorized users have access.
  • Reduced manual work: Save time and reduce errors by eliminating manual user management tasks.

Note: Team provisioning via SCIM is not yet available, but is planned for a future update.

How to get started?

  • SCIM is available for workspaces using Okta or Microsoft Entra ID as their IdP.
  • To enable SCIM, go to your workspace Settings > Authentication and follow the setup instructions for your IdP.
  • For detailed configuration steps and best practices, check out our product documentation.

NHI Policies improvements

NHI Policies Thumbnail

Identify quick wins and areas of improvement thanks to improved policy breach visibility and management, including the ability to:

  • Filter breaches by type on the inventory page,
  • View detailed analytics on NHI breaches over time,
  • Benefit from Secret Reuse policy for better secret management and security across environments.

Want to discover more about NHI Governance? Check out our public materials:

Secrets Detection Engine (v2.138)

This release brings major enhancements to the Secrets Detection Engine, with a strong focus on expanding coverage for Artifactory and Azure services. New detectors have been added for a wide range of secrets—including Perplexity AI, Azure Entra ID, Communication Services, App Configuration, and more—helping organizations better protect sensitive credentials across their software supply chain and cloud infrastructure.

Key improvements include:

  • Expanded Azure Coverage: New detectors for Entra ID tokens, Communication Services, App Configuration, DevOps PATs, and SignalR, strengthening security for Azure environments.
  • Broader Secret Detection: Added support for Perplexity AI, Anthropic admin keys, Laravel encryption keys, X AI API keys, and GitGuardian Platform Magic Links.
  • Enhanced Accuracy: Upgrades to existing detectors (LDAP, JWT, Cloudinary, Auth0, Claude, Jira, SMB, ODBC, Octopus, and more) improve precision, recall, and reduce false positives.

For full details on new detectors and improvements, see the list below.

New Detectors

Detector Improvements

  • LDAP CredentialsChecker Upgrade: Improved the LDAP checker to better distinguish between connection errors and invalid credentials. Updated ldap_credentials_assignment_with_dn to remove false positives.
  • JSON Web TokenDetector Upgrade: The detector will now detect all JWTs regardless of their contents.
  • Cloudinary API KeysDetector Upgrade: Extended charset of cloudinary_api_key_config to improve recall.
  • Auth0 KeysDetector Upgrade: Improved recall of the detector to detect more domains.
  • Claude API KeyDetector Upgrade: Refined regex for Claude API keys.
  • Riot Games API KeyChecker Updated: Banlist checker will be deleted.
  • LINE Notify TokenChecker Updated: Banlist checker as the service has been discontinued.
  • Microsoft Azure Storage Connection StringDetector Upgrade: Improved regex precision for more accurate detection.
  • ODBC Connection StringDetector Upgrade: Enhanced regex precision to better identify ODBC connection strings.
  • Jira TokenDetector Upgrade: Corrected host regex to accurately match ports.
  • SMB CredentialsDetector Upgrade: Now allows percent sign as a separator between username and password in host matches.
  • Octopus API KeyChecker Upgrade: Updated to use the correct API endpoint, resolving issues with secret validity checks.

Enhancements

  • Emails: Included the number of incidents to both weekly digest and historical scan emails subject line
  • Jira Data Center Issue Tracking Integration: Creating Jira tickets now only requires regular user permissions. Administrator privileges on the Jira Data Center site are only needed when setting up the two-way synchronization (Auto-resolve feature).
  • Self-Hosted:
    • Ensured that the Redis FLUSHDB command is available for use before installing or upgrading GitGuardian. Learn more.
    • Added support for configuring proxy username and password using Kubernetes secrets. Learn more.
    • GitGuardian Chainguard images are now used by default and include a shell for troubleshooting and maintenance.
  • Security: Implemented a Content Security Policy in response headers to better control which resources can be loaded, strengthening overall security.

Fixes

  • GitLab Integrations: Resolved a problem where system hook checks returned a 403 forbidden error when using a read-only token.
  • Dashboard: Resolved an issue where a toast message displayed "unknown error" in certain situations.
  • Historical Scan: Resolved an issue where scans of empty GitHub repositories were incorrectly marked as failed.
  • API: Resolved an issue where deleted sources were incorrectly displayed as monitored.
  • Self-Hosted:
    • Resolved an issue where deployment failed when using Kustomize.
    • Increased the readiness probe timeout for public-api to enhance stability and prevent failures.

2025.4 - Required

Versioncalendar icon Release Date
2025.4.0April 25, 2025
2025.4.1April 30, 2025

System Requirements Update

Ensure your infrastructure meets the latest requirements for optimal performance and security:

ComponentMinimum VersionRecommended Version
KOTS1.117.3Latest
Kubernetes1.251.31
PostgreSQL1516
Redis6
helm3.13Latest
ggscout0.16.40.16.4 is the only supported version

⚠️ Please install the PostgreSQL pgvector extension to enable vector similarity search. This is essential for upcoming features leveraging our internal machine learning engine. Follow the installation instructions to ensure compatibility.

Helm & Upgrade Considerations

⚠️ Important: This is a required release and cannot be skipped.

To ensure compatibility, please review Helm values updates from the previous version.

⚠️ Ensure you're using a Helm version from 3.13 up to 3.17.

Air gap deployment? We've added new images in this release. Find all image and tag names on the Air Gap Install page.

Get full control of your Non-Human Identities

NHI Governance Thumbnail

We're proud to introduce our brand new NHI Governance product! This solution is designed to help you manage and secure your Non-Human Identities (NHIs) and related secrets.

As organizations face exponential growth in machine identities, NHI Governance delivers a comprehensive observability and lifecycle management across all your environments. Integrating with leading secrets managers and other sources from your infrastructure, it centralizes inventory, helps you assess your posture, and enforces security policies. The solution includes:

  • Deep contextual insights, mapping relationships between secrets, their consumers, and resources, drastically reducing incident response times.
  • Advanced analytics helps you identify risks like overprivileged NHIs and track hygiene metrics.
  • Policy enforcement aligns your posture with standards such as the OWASP NHI Top 10.

NHI Governance empowers you to regain control over your NHIs and tied secrets, reduce risk, accelerate compliance tasks, and improve hygiene by addressing orphaned, untracked, or overprivileged credentials.

Ready to start your journey towards safer secrets management? Request access to GitGuardian NHI Governance by contacting your sales representative.

Learn more:

Prioritize faster with Secrets Analyzer

Secret Analyzer Thumbnail

We're excited to announce Secrets Analyzer, a new enhancement to our secrets detection capabilities.

Secrets Analyzer automatically gathers additional context for detected secrets, including their associated scopes, permissions, ownership, and relevant perimeter information where available.

This added intelligence helps security teams:

  • Evaluate the potential impact of a secret incident more accurately.
  • Prioritize remediation efforts based on risk level.
  • Streamline the overall incident response process.

For details on how each analyzer works, including metadata collected and validation calls:

Improve incident remediation with custom tags

Custom tags Thumbnail

Take control of incident management with custom tags. This feature allows you to categorize, filter, and search incidents using customized labels, offering greater flexibility in tracking and prioritizing incidents, and improving remediation workflows.

For developers, you can interact with custom tags via the API. For more information, visit the API documentation.

For more details on how to use custom tags within the GitGuardian platform, check out our detailed guide.

Custom tags example

Email notifications enhancement

You now have two options for receiving incident email notifications: "All incidents" (default) or "Only incidents involving yourself (based on your Git commit email)", learn more about email preferences.

Email notification

Log collector for Self-Hosted

log collector

Our self-hosted deployments now include a seamless log collection system, leveraging Loki, MinIO, and Fluent Bit under the hood. This enhancement ensures that relevant logs are efficiently gathered and stored, supporting faster troubleshooting and support—without requiring any manual setup from users.

This log collection system is now enabled by default for all installation types (Helm or KOTS).
Learn more about the log collector.

Secrets Detection Engine (v2.135)

Improved accuracy and broader coverage in this latest release:

New Detectors

Detector Improvements

Detector changes

  • FCM API Key – Removed FCM API Key checker since its API was removed.

Miscellaneous

  • Add User Agent GitGuardian in HTTPClient class used by analyzers.

Enhancements

  • Incidents: Added a new filter to improve incident categorization based on the presence or absence of Jira Data Center tickets.
  • Custom Tags: Users can now create custom tags directly from search queries in the dashboard.
  • Custom webhook: Add the team name and webhook name to the custom webhook payload for incidents and occurrences. Learn more.
  • Jira Configuration: Introduced a new layout for the Jira Configuration form to enhance user experience and streamline configuration tasks.
  • Navigation Improvements:
    • Added persistent section state to remember your navigation preferences and updated browser tab titles for better identification when managing multiple tabs.
    • Added a "Skip to Main Content" button for better accessibility. When using keyboard navigation, pressing the Tab key reveals the button, which allows users to bypass navigation menus and jump directly to the main content area.
  • Invitation: Added GET /v1/invitations/{invitation_id} endpoint to retrieve invitation details through the Public API.
  • Self-Hosted:
    • Email Configuration: Improved error messages to provide clearer guidance when setting up email configurations.
    • Troubleshooting: Enhanced debug capabilities by adding network diagnostic tools (netcat, openssl) to the debug image. Learn more.
    • Helm:
      • Extended the readiness probe timeout on public-api to enhance stability and prevent premature failures.
      • Resolved an issue where the host was not specified in the health ingress configuration.
      • Added global.compatibility.openshift.adaptSecurityContext configuration to support OpenShift's restricted-v2 Security Context Constraints (SCC). Values include auto (default), force, and disabled for flexible security context adaptation. Learn more.
      • Added default support-bundle Role and optional ClusterRole creation (configurable via replicated.supportBundle.rbac.clusterRole.create).
      • The PostgreSQL pgvector extension is now required by default (postgresql.plugins.pgvector.enabled). Please follow the installation instructions to enable vector similarity search capabilities for upcoming machine learning features.
    • Ingress:
      • Improved response times for issue occurrence queries through optimized request routing. Particularly useful when autoscaling webapp-public_api.
      • Standardized health check endpoint routing by removing the wildcard host configuration from gim-ingress-health and consolidating /api/v1/health under the main API hostname.

Fixes

  • Jira Cloud Issue Tracking Integration: Fixed an issue where Jira project keys were incorrectly changed during synchronization.
  • GitLab Integration:
    • Fixed an issue where multiple emails were sent for failures in multiple group hooks on the same GitLab instance, ensuring only one email is sent per instance.
    • We improved the process for read-only token installations by automatically detecting and updating the webhook ID if the webhook was created manually.
    • Resolved an issue where system hook checks returned a 403 forbidden error when using a read-only token.
    • Fixed unnecessary scans triggered by webhooks related to unmonitored repositories.
  • Incidents: Fixed a bug that could cause unnecessary data refresh on the incidents list when switching browser tabs.
  • Self-Hosted:
    • Licensing: Updated the notification message for license expiration on self-hosted environments to provide clearer guidance.
    • Security: Added Content Security Policy (CSP) headers to HTTP responses to strengthen browser security controls.

Hotfixes

2025.4.1

calendar icon   Release Date: April 30, 2025

Fixes

  • Helm: Disabled Support Bundle Role creation by default to accommodate customers with high security requirements.

2025.3

calendar icon   Release Date: March 20, 2025

System Requirements Update

Ensure your infrastructure meets the latest requirements for optimal performance and security:

ComponentMinimum VersionRecommended Version
KOTS1.117.3Latest
Kubernetes1.251.31
PostgreSQL1516
Redis6
helm3.13Latest
ggscout0.16.00.16.0 is the only supported version

⚠️ Please install the PostgreSQL pgvector extension to enable vector similarity search. This is essential for upcoming features leveraging our internal machine learning engine. Follow the installation instructions to ensure compatibility.

Helm & Upgrade Considerations

To ensure compatibility, please review Helm values updates from the previous version.

⚠️ Ensure you're using a Helm version from 3.13 up to 3.17.

Air gap deployment? We’ve updated the path and names of our images in this release. Follow the upgrade instructions to update your tooling for downloading and uploading GitGuardian images to your private registry. Find all image and tag names on the Air Gap Install page.

Explore and prioritize your Generic Incidents

GSE-filters

We are excited to unveil the "Generic Secret Enricher V1", a machine learning model designed to enhance our capabilities in generic secret detection. This innovative model analyzes the entire context of a document, identifying the company and category associated with a secret, thereby providing meaningful insights to help users understand the origin and type of a discovered secret.

New Features

  • Contextual Analysis: Upon detection of a generic secret, our platform analyzes the full document context to determine the associated provider or category of a secret.

  • Efficient Classification: This feature reduces the need for manual classification, enabling users to quickly comprehend the source and nature of a discovered generic secret.

  • New Filters: We've introduced three new filters - Provider, Category, Family - to help identify critical generic incidents. To use these, filter your incidents by the "Generic" type, then apply a combination of these filters.

Goals

Our long-term goal is to provide you with actionable insights, prioritize their generic incidents, and improve their remediation efforts.

Usage

To use the new filters, simply filter your incidents by the "Generic" type, then apply a combination of the Provider, Category, and Family filters. This will help you identify the most significant or critical generic incidents, such as those classified under "Data Storage" or linked to the provider "Postgresql".

Leverage insights from your Secrets Managers

Secrets Managers Thumbnail

GitGuardian now integrates with AWS Secrets Manager, HashiCorp Vault, Azure Key Vault, Google Secret Manager, Delinea, and Akeyless through ggscout, letting you sync secret incidents with your Secrets Managers—without exposing sensitive data.

What’s in it for you?

  • Prioritize Faster – Instantly see which secrets are already vaulted and focus on real risks.
  • Remediate Quicker – Vault unprotected secrets in a click and speed up fixes.
  • Streamline Workflows – Leverage vaulted secrets insights directly in GitGuardian.
  • Improve Secrets Hygiene – Spot duplicate, weak, or mismanaged secrets with ggscout.
  • Simplify Vault Consolidation – Track migrations, filter secrets, and purge outdated ones effortlessly.

Secrets Managers Tag

Secrets Detection Engine (v2.133)

Bringing enhanced accuracy and broader coverage:

Enhancements

  • Jira Issue Tracking Integration:
    • Added Incident ID as an optional variable in Jira ticket templates for improved customization.
    • Enabled instant ticket creation in Jira without requiring a predefined template.
  • ggscout: Additional improvements to the integration of ggscout with self-hosted. Learn more.
    • Ensured Vault configurations are reachable via the preflight check for Helm and KOTS.
    • Hardened Helm chart (custom CA support, optional GitGuardian hostname).
    • Used Replicated Proxy to pull the ggscout image.
    • Enabled support for embedded cluster deployment (HashiCorp Vault only).
    • Included ggscout logs in the support bundle.
  • Self-Hosted:
    • Public API: Added ability to customize maximum page size for the Public API pagination. More info here.
    • Embedded cluster: Machine learning is now activated by default for embedded cluster installations.
    • License: GitGuardian will now automatically synchronize license information for non-air-gap environments, eliminating the need for manual license syncs after installation or upgrades.
    • Helm: Added support for nodeSelector in Helm jobs to enhance node scheduling flexibility.

Fixes

  • Jira Cloud Issue Tracking Integration: Resolved an issue where integration entered an invalid state after being uninstalled.
  • Microsoft Teams Alerts for Security Incidents: Resolved an issue where the wrong team was displayed during configuration.
  • Self-Hosted:
    • Machine Learning: Added support for using custom security contexts, allowing to configure security settings for the machine learning pods.
    • Preflights: Fixed an issue with Redis TLS that could cause connection errors.

2025.2

calendar icon   Release Date: February 20, 2025

System Requirements Update

Ensure your infrastructure meets the latest requirements for optimal performance and security:

ComponentMinimum VersionRecommended Version
KOTS1.117.3Latest
Kubernetes1.251.30
PostgreSQL1516
Redis67
helm3.13Latest

Helm & Upgrade Considerations

To ensure compatibility, please review Helm values updates from the previous version.

⚠️ Ensure you're using a Helm version from 3.13 up to 3.17.

Air gap deployment? Find all the images and tag names in the air gap install page.

Search Incidents by Secret Value

search secret GitGuardian allows you to monitor secret leaks across thousands of your repositories and over 30 different types of sources. It is reassuring to know that this critical secret, which provides access to your corporate LDAP, has not been detected anywhere.

Bitbucket Cloud Scanning

Bitbucket Cloud Integration Secure your Bitbucket Cloud repositories with secrets detection powered by GitGuardian.

  • Detect exposed credentials and secrets in real-time.
  • Gain visibility into security incidents directly in your dashboard.
    Learn more

Custom Tags Early Access

custom tags
Improve incident organization and tracking with Custom Tags, allowing users to filter, sort, and categorize incidents more effectively. For now, custom tag management (CRUD) and tag assignments to incidents can only be done via the API (API documentation), with UI support coming soon.

To activate this feature, enable custom_tags_enabled in the Preferences page.

Autoscaling

hpa
HPA now supports web applications (e.g., webapp-public_api), allowing automatic scaling based on demand for improved performance and resource efficiency. Learn more on the autoscaling page.

Secrets Detection Engine (v2.131)

Bringing enhanced accuracy and broader coverage:

Enhancements

  • Scan Only Addition Lines in Commits: Now, when using ggshield or our check runs integration, we only scan for added lines in commits. Developers will no longer be blocked while remediating incidents.
  • Jira Issue Tracking Integration: Added support for "Numbers (or float)" and "Group Pickers (single group)" custom fields in Jira templates, allowing more customization in notifications and issue tracking.
  • Enhanced Email Incident Alerting Controls for Members: You can now manage email notification settings more effectively with an option that allows updates through the API, and customize account-level defaults, ensuring a more tailored communication experience for all members. Learn more

Fixes

  • Sources:
    • Azure Repos Integration: Fixed an issue where organization deletions were not properly synced when using ADO installations in Organization-mode.
    • GitLab Integration: Resolved an issue where GitLab installations were incorrectly revoked due to temporary plan downgrades or admin status changes.
  • Users & Teams:
    • Incidents: Resolved an issue where restricted users could not view the Vulnerable Sources block.
    • Users: Resolved an issue where user deletion was prevented due to the presence of saved views associated with the user.
    • Teams Management: Resolved an issue where action menus were not displayed in the teammates table for non-admin users in certain cases.
  • Alerting:
    • Confluence Cloud Integration: Fixed an issue where some Confluence Cloud events without a spaceKey were incorrectly ignored.
    • PagerDuty Alerts for Security Incidents: Fixed an issue where the integration was not sending alerts for real-time incidents.
    • Email Notifications: Fixed an issue where emails for ignored and valid incidents were sent to all teams a user belongs to, instead of only the teams managing the affected repository.
  • Self-Hosted:
    • Helm: Fixed an issue where connecting to Redis Sentinel failed when using a password with special characters.
    • Kots: Restore the left navigation menu in the KOTS admin console for embedded cluster installations.

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status