Version	Release Date
2026.3.0	March 16, 2026
2026.3.1	March 23, 2026
2026.3.2	March 26, 2026
2026.3.3	April 2, 2026

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Component	Minimum Version	Recommended Version
KOTS	1.117.3	Latest
Kubernetes	1.30	1.35
PostgreSQL	15	17
Redis	6	7
ggscout	0.19.0	Latest

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

Using Argo CD? A pre-created encryption secret is required before deploying — see the Argo CD installation guide.

Feature highlights​

• JFrog Artifactory Package Registries — scan Maven, npm, PyPI, NuGet, Go, and 7 more package ecosystems for secrets hiding in your software supply chain, with historical and incremental scanning support. Currently in beta. Learn more.
• Red Hat Quay Integration — detect secrets in container images across quay.io and self-hosted Quay deployments, with full image layer analysis and OAuth2 authentication. Currently in beta. Learn more.
• Okta Integration Network — GitGuardian is now an Okta-verified app with one-click SAML SSO, SCIM provisioning, and Group Push for streamlined identity management. Learn more.

Secrets Detection Engine​

• v2.157 — 26 new detectors (WooCommerce, Iyzico, Mercado Pago, Bitbucket HTTP Access Token, PostgreSQL, MariaDB, Azure Event Hub, Azure Container Registry, Coralogix, Azure Web PubSub, Azure Batch, Azure APIM Gateway, Azure IoT Provisioning, Azure AI Search, GitLab CI/CD Job Token, PostHog, and more), 13 improved, 4 analyzer upgrades, 4 new revokers (SendGrid, Slack User Token, Slackbot, Heroku), scanning throughput nearly doubled.
• v2.158 — 4 new detectors (MiniMax, Retell, Azure Storage Account Key, Curl Username Password), 2 improved (Azure Container Registry, MongoDB), scanning speed improved by 12%.

Enhancements​

• Improved scanning for SharePoint Online and OneDrive integrations. Self-hosted customers using these integrations should ensure all required pods are active and properly scaled. See the scaling documentation and non-VCS sources configuration for details.
• Audit logs now display scope information for PAT and SAT creation events. Learn more.
• Workspace managers can restrict Personal Access Token scopes for members. Learn more.
• Customizable session duration for dashboard sessions. Learn more.
• Slack and Webhook alerts now include feedback content (remarks) for incidents. Learn more.
• Enhanced Slack incident notification messages with improved formatting and additional context. Learn more.
• Jira templates now support filename and line number fields. Learn more.
• "System" theme mode option that follows OS light/dark preference. Learn more.
• Public API endpoint for retrieving GitGuardian egress IP addresses. Learn more.
• Custom perimeter support for Microsoft Teams, Confluence Cloud, Confluence Data Center, Jira Cloud, and Jira Data Center. Learn more.
• Self-Hosted:
  • Allow to have fixed tags for the Custom CA image, to support environments enforcing fixed tags
  • Added ALB ingress support for autoscaling and improved templating of custom autoscaling metrics in Helm charts.
  • Added missing queues to KEDA ScaledObjects configuration for improved autoscaling coverage.

Fixes​

• Jira Cloud installations unexpectedly soft-deleted. Learn more.
• API schema validation error for response path 'id'. Learn more.
• Timeout issues when bulk-updating incident custom tags. Learn more.
• Authorization issue allowing Team Leaders to delete "All Incidents" team notification settings. Learn more.
• Self-Hosted:
  • Fixed Redis password handling issue when using existing secrets in ArgoCD environments.

Hotfixes​

2026.3.1​

  Release Date: March 24, 2026

Fixes​

• GitHub Enterprise integration: Fixed issue where repositories appeared as "Unmonitored" after upgrading to 2026.3 despite being correctly selected in Integration settings.
• JFrog Package Registries: Fixed payload mismatch error during JFrog Artifactory package registry scans.
• API documentation link: Fixed incorrect API documentation link in the self-hosted help menu.
• Audit logs: Fixed actor filter in audit logs where selected users were lost after using and clearing the search field.

2026.3.2​

  Release Date: March 26, 2026

Fixes​

• Database migration on upgrade: Fixed a pre-deploy migration failure blocking upgrades to 2026.3 on instances originally installed before version 2025.7.

2026.3.3​

  Release Date: April 2, 2026

Fixes​

• In-app analytics optimization: Fixed excessive data footprint from inAppAnalytics, reducing storage and memory usage.

Version	Release Date
2026.1.0	January 28, 2026

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Component	Minimum Version	Recommended Version
KOTS	1.117.3	Latest
Kubernetes	1.28	1.34
PostgreSQL	15	17
Redis	6	7
ggscout	0.19.0	Latest

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

⚠️ Important: This is a required release and cannot be skipped.

Feature highlights​

• Secret Enricher — generic incidents now display enriched secret names powered by our ML model, transforming vague findings into precise, actionable insights. Learn more.
• More NHI Integrations — discover and secure non-human identities across Datadog, Snowflake, Okta, and Auth0. Learn more.
• Unified Identity Governance for Entra & AWS IAM — unified visibility and risk-based prioritization for Microsoft Entra ID and AWS IAM with secret-less OIDC authentication. Learn more.
• GCP Marketplace — GitGuardian is now available on Google Cloud Marketplace, enabling deployment on GKE with consolidated billing through your GCP account. Learn more.

Secrets Detection Engine​

• v2.153 — 6 new detectors (HighLevel, Elastic, Google Cloud Keys, Socket Dev, Upstash Redis, Vapid Key), 8 improved (Cloudflare, MySQL, GitLab Token, Fireworks AI, JSON Web Token, SSH, Duo, Azure Event Grid), 1 new checker (Oracle), 883 new secret providers.
• v2.154 — 3 new detectors (Cloudflare R2, Azure SAS URL, MySQL), 1 new checker (Tailscale SCIM), 10 improved (SendGrid, Dwolla, PubNub, Google OAuth2, Azure Cosmos DB, Generic High Entropy, HashiCorp Vault, Discord Webhook, Alchemy, Fireworks AI), 378 new secret providers.
• v2.155 — 18 new detectors (Oracle, Azure Entra App Secret, Azure Entra Access Token, GitLab SCIM, GitLab Agent Kubernetes, ASI:One, Azure IoT Device, Xendit, Supabase, Neoload, MongoDB, Azure Cache for Redis, GitLab Feed, Clerk Webhook, Better Auth, Elastic Search, Redis, Azure Relay), 8 improved (Doppler, Databricks, TeamCity, Scraper API, Slack Webhook, MongoDB, Okta, Tailscale), 3 analyzer upgrades.

Enhancements​

• Incident API enhanced to include enriched secret names, CSV/JSON exports now include both original detector name and enriched secret name. Learn more.
• Some detectors are now flagged as non-business and disabled by default for business accounts to reduce noise. Use the new "Recommended for business" filter in detector settings to identify and re-enable them if needed. Learn more.
• Improved token refresh reliability for Slack and Atlassian Cloud integrations with automatic retry on transient failures. Learn more.
• GitHub Check Runs message updated for merge queues. Learn more.

Fixes​

• Docker Hub Integration configuration error. Learn more.
• GitHub Check runs blocking pull requests when disabled. Learn more.
• Playbooks auto-ignore reactivation issue, Historical Scans queueing for bulk operations. Learn more.
• Google Cloud Keys validation, detector validity check filter, GitLab health check link, Health Check email notifications, JFrog Container Registry compatibility. Learn more.

Version	Release Date
2025.12.0	December 15, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Component	Minimum Version	Recommended Version
KOTS	1.117.3	Latest
Kubernetes	1.28	1.33
PostgreSQL	15	17
Redis	6	7
ggscout	0.19.0	Latest

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

Feature highlights​

• Advanced Analytics for Internal Monitoring — track the detection, remediation and prevention of secret leaks with actionable dashboards. Learn more.

  ⚠️ This feature is in beta. It is disabled by default and requires additional resources (12 GB memory). Enabling Analytics also increases database usage by 15-20% (minimum 5-6 GB). Analytics are computed once a day, so data may take up to 24 hours to appear after activation. To enable: set inAppAnalytics.enabled: true in Helm values, or enable "In-App Analytics" in the KOTS Admin Console.

• SCIM team provisioning — automate team creation and sync from Okta and Microsoft Entra ID. Learn more
• Enhanced Slack notifications — complete incident lifecycle coverage for internal monitoring and honeytoken alerting. Learn more.
• CyberArk Secrets Manager Self Hosted integration — discover and enumerate non-human identities stored in your self-hosted CyberArk (Conjur) vault. Learn more.

Secrets Detection Engine​

• v2.151 — 13 new detectors (Hume AI, Azure AI Face, Neon, E2B, MailerSend, Scraper API, AIProxy, Cloudsmith, AWS Bedrock, Harness, Grafbase, AssemblyAI), 8 improved (Generic Password, Pinecone, Keycloak, Discord, Kubernetes JWT, Tableau, Sendinblue), 3 analyzer upgrades.
• v2.152 — 1 new detector (Google Cloud Access Token), 3 improved (Hashicorp Vault Token, PagerDuty, Google Cloud Access Token), 2 analyzer upgrades.

Enhancements​

• New "Valid" saved view for incidents, API filtering by triggered date, GitLab validation and health checks, Docker Hub organization namespaces, Custom Monitored Perimeter for Container Registries, SharePoint, OneDrive, ServiceNow, and Slack, GitLab empty namespaces hidden by default. Learn more.
• Self-Hosted:
  • Added multiple hostname support via extra_hostnames parameter, enabling access through additional domain names. Learn more.
  • Added global podDisruptionBudget.enabled parameter to disable automatic PDB creation for restricted Kubernetes environments that prohibit PodDisruptionBudget resources. Learn more.
  • Added official support for Helm v4.
  • Added IPv6 support via network.ipFamily parameter for Service resources. Learn more.

Fixes​

• Jira Data Center historical scans for large projects, incident details "First detected" date display, Slack notifications user association, Health Check error differentiation. Learn more.
• Bulk action filters, Jira ticketing issues, Perimeter scan behavior, GitLab namespace display and search, Container Registry URLs and caching. Learn more.
• Self-Hosted: Resolved NHI Governance access for manager roles.

Version	Release Date
2025.4.0	April 25, 2025
2025.4.1	April 30, 2025
2025.4.2	August 8, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Component	Minimum Version	Recommended Version
KOTS	1.117.3	Latest
Kubernetes	1.25	1.31
PostgreSQL	15	16
Redis	6	7
helm	3.13	Latest
ggscout	0.16.4	0.16.4 is the only supported version

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version.

⚠️ Important: This is a required release and cannot be skipped.

Feature highlights​

• NHI Governance — manage and secure Non-Human Identities with comprehensive observability and lifecycle management. Learn more
• Secrets Analyzer — enrich detected secrets with scope, permission, and ownership details for faster risk assessment. Learn more
• Custom tags — categorize and filter incidents with customized labels for improved remediation workflows. Learn more
• Log collector for Self-Hosted — seamless log collection system with Loki, MinIO, and Fluent Bit for faster troubleshooting. Learn more

---

Secrets Detection Engine​

• v2.134 — 1 new detector (Azure Logic App), 2 improved (LINE Messaging, OpenAI), 1 analyzer enhancement.
• v2.135 — 4 new detectors (Artifactory Reference Token, Artifactory Master Key, Artifactory Basic Auth), 4 improved (Snowflake, IBM Cloud, PlanetScale, Artifactory).

Enhancements​

• Jira DC incident filter, custom tags from search, custom webhook payload. Learn more.
• Jira configuration layout, navigation improvements, invitations API. Learn more.
• Self-Hosted:
  • Improved error messages for email configuration setup.
  • Enhanced debug capabilities with network diagnostic tools (netcat, openssl) in debug image. Learn more.
  • Extended readiness probe timeout on public-api for enhanced stability.
  • Added OpenShift restricted-v2 SCC support via global.compatibility.openshift.adaptSecurityContext. Learn more.
  • Added default support-bundle Role and optional ClusterRole creation.
  • PostgreSQL pgvector extension now required by default for upcoming ML features. Learn more.
  • Improved response times for issue occurrence queries through optimized request routing.
  • Standardized health check endpoint routing under main API hostname.

Fixes​

• Jira Cloud project key synchronization. Learn more.
• GitLab multiple group hook emails, read-only token webhook detection, system hook 403 errors, unnecessary webhook scans, incidents list refresh. Learn more.
• GitLab system hook 403 errors. Learn more.
• Self-Hosted:
  • Updated license expiration notification message for clearer guidance.
  • Added Content Security Policy (CSP) headers to HTTP responses for enhanced browser security.

Hotfixes​

2025.4.1​

  Release Date: April 30, 2025

Fixes​

• Self-Hosted:
  • Support Bundle Role creation disabled by default to accommodate customers with high security requirements (Helm).

2025.4.2​

  Release Date: August 8, 2025

Fixes​

• Self-Hosted:
  • Embedded Cluster with Embedded Redis configuration to use bitnamilegacy/redis registry following Bitnami's registry changes.