Skip to main content

2 posts tagged with "jira-data-center"

View All Tags

2025.7 - Required

Versioncalendar icon Release Date
2025.7.0July 25, 2025

System Requirements Update

Ensure your infrastructure meets the latest requirements for optimal performance and security:

ComponentMinimum VersionRecommended Version
KOTS1.117.3Latest
Kubernetes1.28 ⚠️1.32
PostgreSQL1516
Redis67
ggscout0.16.6Latest

Helm & Upgrade Considerations

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

⚠️ Important: This is a required release and cannot be skipped.

Upgrading to 2025.7

Machine Learning engine is now enabled by default. Ensure your infrastructure meets the ML requirements.

If you're concerned about resource usage, you can lower the priority of ML pods to ensure other critical services are scheduled first.

Historical Scanning now available for Jira and Confluence Data Center

Jira Confluence DC HScan Thumbnail

We’re excited to announce a significant enhancement to our secret detection capabilities for both Jira and Confluence Data Center: historical scanning is now available!

What's new?

Previously, our integrations would surface hardcoded secrets in real-time, alerting you to newly introduced risks as soon as they appeared. With this update, we’re extending our detection to include secrets that were leaked in the past—not just those introduced going forward.

Why does this matter?

Once a secret is leaked, it should always be considered compromised, regardless of when the leak occurred. By surfacing historical secrets, you can now:

  • Identify and remediate old, forgotten leaks that may still pose a security risk.
  • Reach a comprehensive security posture by ensuring that no secrets—past or present—slip through the cracks.
  • Take proactive action to rotate or revoke secrets that may have been exposed long ago.

Check out our documentation to enable historical scanning now:

Automatically Ignore Invalid Incidents with New Playbook

Incident Playbook Thumbnail

We’re excited to announce a powerful enhancement to your incident management experience, designed to help you focus on what matters: we are introducing a new playbook: Automatically Ignore Invalid Incidents.

What's new?

This new playbook will automatically ignore incidents where the detected secret has been confirmed invalid and revoked, even for those that have never been valid. With this new capability, your team can immediately focus on genuine, actionable threats without being distracted by unnecessary noise from already-resolved issues.

Why This Matters?

By automatically clearing these known invalid incidents, you'll save valuable time, reduce alert fatigue, and maintain a clear focus on critical security issues that require your attention.

Important Note

This playbook is designed for incidents from standard detectors and will not impact those related to detectors with a custom host.

You Stay in Control

The playbook will be enabled by default, but you can opt out at any time if it doesn’t fit your needs. All incidents will remain accessible in your workspace for review.

Documentation


Secrets Detection Engine (v2.143)

New Detectors

New Checkers These checkers are implemented to verify the detected secrets, adding another layer of security and ensuring their validity and correct application:

  • Coze Personal Access Token
  • Tavus API Key
  • Heroku Platform Key
  • Tableau Cloud PAT
  • Notion Integration Token v2
  • Salesforce OAuth2
  • AI71 API Key
  • AMP API Token
  • Kubernetes User Certificate with Port
  • Alchemy API Key v2
  • OpenRouter API Key
  • Duffel API Key
  • Apify Token
  • Jina API Key
  • Deno Account Token
  • Resend API Key
  • VKontakte Access Token
  • Fireworks AI API Key

Detector Improvements

  • Google OAuth2 Keys – Improved precision for Google OAuth2 detector and enhanced regex for better detection accuracy.
  • Zendesk Token – ZendeskTokenAnalyzer has been rewritten in Rust for improved performance.
  • Sendinblue Key – SendinblueSecretAnalyzer has been rewritten in Rust.
  • Generic High Entropy Secret – No longer considers IDs in ServiceNow migration files as secrets and removed AWS ECR images that were misclassified as secrets.
  • Algolia Keys – AlgoliaKeysSecretAnalyzer has been rewritten in Rust.
  • Fastly Personal Token – FastlySecretAnalyzer has been rewritten in Rust.
  • [Hugging Face User Access] – Migrated analyzer to Rust for improved performance.
  • Kubernetes Docker Secret – Enhanced detection for kubernetes.io/dockercfg secrets with more precise regex for JWTs.
  • MySQL Assignment – Restricted the maximum number of secrets per document to prevent combinatorial explosion.
  • Sourcegraph Token – Updated regex for sourcegraph_access_token_v3 as per customer request.
  • GitHub Access Token – GitHub classic analyzer has been rewritten in Rust for improved performance.
  • HashiCorp Vault Token – Improved precision for HashiCorp Vault token detection.
  • Confluent Keys – Updated checker for Confluent API keys.
  • GitHub Fine-Grained PAT – Analyzer now handles archived repositories.
  • Slack Tokens – SlackBot analyzer has been rewritten in Rust for improved performance and applies to Slackbot, Slack App, and Slack User tokens.
  • DigitalOcean Spaces Token – Fixed checker for tokens that do not have permission to list buckets.
  • Checkout Secret Key – Updated endpoint to avoid deprecated usage.
  • Checkout Sandbox Secret Key – Enhanced pattern and updated endpoint for improved accuracy.
  • Bunny.net API Key – Fixed checker for better validation.
  • Dify API Key – Updated checker endpoint for enhanced detection.

Engine Enhancements

  • All JWT detectors will now only catch signed JWTs, enhancing security.

Enhancements

  • Jira Data Center Integration: Enhanced Jira Data Center incident creation to include leaker email addresses for historical comments occurrences.
  • Custom Tags API: Enhanced the custom tags filter in the public API to support filtering by key/value pairs in addition to IDs, improving search flexibility for better incident management. Learn more.
  • Playbook: "Auto-resolve secrets incidents when valid secrets are revoked" playbook is officially activated for all accounts. Learn about Playbooks
  • Custom remediation: Added dynamic links to custom remediation pages, providing users with seamless access to relevant documentation and revocation support.
  • Public API: Custom Tags (custom_tags) query parameters have been documented as part of the API documentation.
  • GitLab integration: Configuration of multiple GitLab integrations using both system hooks and group hooks simultaneously is now supported.

Fixes

  • Custom Tags: Fixed an issue where assigning tags to selected filtered issues was incorrectly applying tags to all issues instead of only the selected ones.
  • Azure DevOps Integration: Improved token handling to prevent unnecessary revocation of Azure DevOps installations due to intermittent 401 errors.
  • Email Notifications: Improved email delivery logic for Microsoft Teams integrations to prevent excessive notification sending during periodic scans.
  • GitHub Integration: Fixed an issue where dangling GitHub installations were being unnecessarily checked when no installations were present.
  • User Management: Ensure SCIM user provisioning matches emails case-insensitively to prevent duplicate or mismatched user entries.
  • Incidents Management: Resolved a regression where secrets detected on deletion lines could reopen incidents. Deletion lines are no longer scanned for secrets, as per the expected "Scan only addition line" behavior.

2025.1 - Required

Versioncalendar icon Release Date
2025.1.0January 20, 2025
2025.1.1January 23, 20255

System Requirements Update

Ensure your infrastructure meets the latest requirements for optimal performance and security:

ComponentMinimum VersionRecommended Version
KOTS1.117.3Latest
Kubernetes1.251.30
PostgreSQL1516
Redis67
helm3.13Latest

Helm & Upgrade Considerations

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

⚠️ Important: This is a required release and cannot be skipped.

Upgrading to 2025.1

Database Deprecation Notice: PostgreSQL 13 & 14 are no longer supported. Learn why upgrading to PostgreSQL 16 is recommended in our engineering blog.

Upgrade Considerations: This release includes a background migration that may take up to 1 hour post-upgrade. It improves query execution speed and search performance. If upgrading from an older version, multiple upgrades may trigger a retry message—wait 1 hour before retrying.

Microsoft Teams Security Alerts

MS team alerting Never miss a critical security event with real-time GitGuardian alerts in Microsoft Teams.

  • Instant notifications when security incidents occur.
  • Direct links to investigate issues inside GitGuardian.
    Learn more

Jira Auto-Tracking for Security Incidents

jira dc alerting Streamline incident response with Jira Data Center integration.

  • Auto-create Jira issues when new incidents are detected.
  • Sync custom fields for better tracking.
  • Auto-resolve incidents when Jira issues are closed.
    Learn more

False Positive Remover v1

false positive remover Our first internal machine learning model halves false positives, ensuring data security and privacy without third-party dependencies. This in-house capability is now available for Self-Hosted. More information is available in the documentation.

Slack Secret Scanning

slack secret scanning Slack integration is now supported for scanning the full history of your public and private Slack channels to detect leaked secrets.

Remediation tracking

remediation tracking Enhanced the secrets remediation workflow with precise location details for code fixes and real-time tracking of remediation progress. Learn more here.

⚠️ You can adjust the scan rate limit for the file tracking engine via the scan_after_push_force_rate_limit preference on the Preferences page. Historical scans are recommended to ensure incidents requiring fixes are available in the dashboard.

User management with SCIM

SCIM integration now supports automatic user deprovisioning in GitGuardian when users are removed from your Identity Provider (IdP). Provisioning for users and teams will be included in a future update. Setup details are available in our documentation.


Secrets Detection Engine (v2.129)

Bringing enhanced accuracy and broader coverage:

Enhancements

  • Navigation: The menu has been redesigned with a collapsible left sidebar for a cleaner, more organized experience.
  • Jira Data Center integration: Added support for the "User Picker (single user)" custom field in Jira templates. More information is available here.
  • GitHub integration:
    • Improved handling of real-time events to retrieve more than 100 commits when necessary, ensuring complete coverage.
    • Enhanced processing of large patches by making additional API calls to retrieve missing files, up to the policy__maximum_scan_size limit defined in the Preferences page.
  • Commit length configuration: Admins can configure the maximum total length of commits to scan, with larger commits truncated. This can be set via the repo_scan_max_commit_length preference on the Preferences page.

Self-Hosted

  • Helm: The ReplicatedSDK image is now pulled from the Replicated registry instead of Docker Hub. For airgap installations, ensure you update your automation processes for pulling and pushing images to your private registry. For more information, refer to the Airgap Installation page.
  • Installation and upgrade: Improved error messages for partially initialized databases, providing clear instructions to check logs and ensure the PostgreSQL database is empty before retrying.
  • Admin Area: Introduced a Periodic Tasks page to adjust schedules and fine-tune periodic task execution.
  • Queues: Merged the secrets_checks queue with the background validity checks queue to optimize performance.

Fixes

  • Secrets:
    • Check runs: Updated messages to note flagged secrets lack commit references and remain compromised once leaked.
    • Validity check: Fixed an issue where the tooltip incorrectly indicated a token was valid for all endpoints when it was valid for only one.
  • Sources:
    • GitLab: Enable viewing of more than 50,000 GitLab projects in the integration settings.
  • Alerting:
    • Jira issue tracking: Fixed an issue where line feeds (\n) were not properly translated to hardBreak nodes, ensuring correct spacing in Jira tickets.
  • Self-Hosted:
    • Admin area: Corrected sorting and filters on the Worker Tasks page for improved usability.

Hotfixes

2025.1.1

calendar icon   Release Date: January 23, 2025

Fixes

  • Self-Hosted:
    • Embedded cluster installation:
      • Fix an issue where the GitGuardian dashboard returns a 404 error. Note this fix does not apply to legacy embedded clusters using Kurl.
      • Resolved the inability to deploy an embedded cluster with a custom CA.
    • Helm:
      • Fixed a 404 error on the /metrics endpoint for fetching GitGuardian applicative metrics on Webapp pods and Celery workers.
      • Fixed Replicated RBAC resources being created despite rbac.enabled: false in Helm values, causing issues in RBAC-restricted environments.