Version	Release Date
2026.4.0	April 22, 2026

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

⚠️ Important: This is a required release and cannot be skipped.

Feature highlights​

• Advanced Analytics enabled by default for Helm installation — actionable dashboards for detection, remediation, and prevention of secret leaks are now activated by default on all instances. Learn more.

  Requires ~12 GB extra memory and increases database usage by 15-20% (min. 5-6 GB). Data refreshes once a day. KOTS installation must enable the new analytics in KOTS admin console.

• Email verification MFA — email-based verification codes are now required at login and before sensitive workspace actions for users authenticating with email and password. Learn more.
• Secret scanning for AI coding tools — ggshield now scans prompts, tool calls, and agent actions in real time to prevent secrets from leaking through Cursor, Claude Code, and GitHub Copilot. Learn more.
• Team perimeter for non-VCS sources — scope incident visibility by team across container registries, messaging, docs, tickets, package registries and custom sources. Learn more.
• In-cluster support bundle generation — Helm administrators can now generate, download, and upload support bundles directly from the Admin area > Support Bundle page, without kubectl access or the Krew plugin. Learn more.

  Init container memory scales with bundle size (~45 Mi/MB); large bundles may need higher limits to avoid OOMKilled. See Sizing the init container.

Secrets Detection Engine​

• v2.159 — 16 new detectors and checkers (Polar Organization Access Token, Microsoft Azure Storage Account Key, Azure Language API Key, Azure IoT Hub Connection String, DeepL Free/Pro API Keys, Azure Document Intelligence Key, Azure Speech Services Key, Azure Computer Vision Key, Azure Text Translation Key, Oracle Credentials, Google Cloud Express API Key, GitGuardian Public/Internal Monitoring Keys, SAP AI Core Credentials, Odoo External API Key), 3 new detectors (K3s Token, Zoho API Key, ServiceNow Generic Password), 4 new analyzers, 5 detector upgrades, 9 checker upgrades, 2 analyzer upgrades.
• v2.160 — 2 new detectors and checkers (Paymob API Key, Paymob Secret Key), 2 new detectors (ConvertTo-SecureString Password, Paymob HMAC Secret), 5 new checkers (Kubernetes Docker Secret, Generic/OpenSSH/RSA/Elliptic Curve Private Keys with GitLab/GitHub registration checks), 4 new analyzers (Sentry, Figma, Datadog, Google Cloud Keys), 2 detector upgrades, 1 checker upgrade.

Enhancements​

• Bring Your Own Sources location.url field, v2 format for Personal and Service Account Tokens. Learn more.
• Critical saved view as default, privacy mode in public API, historical scan trigger/cancel endpoints, severity rule ID and detector category on incidents, /v1/severity-rules endpoint. Learn more.
• Workspace-level privacy mode enforcement, audit log event types exposed via public API. Learn more.
• Self-Hosted:
  • New namespace-scoped NetworkPolicy support for the GIM namespace, configurable via networkPolicy.* Helm values with a dryrun → enforce rollout. See Network policies.
  • Manual encryption secret creation is now required for all new Helm installations (Helm, Argo CD, Flux). Existing installations are unaffected. See Mandatory secret.
  • Removed the API quota page for self-hosted instances, as quotas do not apply. The API endpoint helper banner is now displayed on the Personal Access Tokens and Service Accounts pages.
  • Added support for bundling JSON schemas into the deployment package, removing the need to fetch them at runtime in air-gapped environments.
  • Added support for replicated.readOnlyMode, which prevents the Replicated subchart from creating or patching Secrets, enabling deployments in environments with strict admission policies.

Fixes​

• Audit log actor display, missing audit logs for Custom Sources via API, bulk filter select-all, NHI Governance timeouts on large Entra ID datasets. Learn more.
• ggshield incident URL for shared-hash secrets, analytics "All time" date range, Jira Data Center authentication drops, Honeytoken GitLab deployment encoding. Learn more.
• GitLab instance health check compatibility with GitLab.com and upcoming GitLab 19 self-hosted versions. Learn more.

Version	Release Date
2026.3.0	March 16, 2026
2026.3.1	March 23, 2026
2026.3.2	March 26, 2026
2026.3.3	April 2, 2026

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

Using Argo CD? A pre-created encryption secret is required before deploying — see the Argo CD installation guide.

Feature highlights​

• JFrog Artifactory Package Registries — scan Maven, npm, PyPI, NuGet, Go, and 7 more package ecosystems for secrets hiding in your software supply chain, with historical and incremental scanning support. Currently in beta. Learn more.
• Red Hat Quay Integration — detect secrets in container images across quay.io and self-hosted Quay deployments, with full image layer analysis and OAuth2 authentication. Currently in beta. Learn more.
• Okta Integration Network — GitGuardian is now an Okta-verified app with one-click SAML SSO, SCIM provisioning, and Group Push for streamlined identity management. Learn more.

Secrets Detection Engine​

• v2.157 — 26 new detectors (WooCommerce, Iyzico, Mercado Pago, Bitbucket HTTP Access Token, PostgreSQL, MariaDB, Azure Event Hub, Azure Container Registry, Coralogix, Azure Web PubSub, Azure Batch, Azure APIM Gateway, Azure IoT Provisioning, Azure AI Search, GitLab CI/CD Job Token, PostHog, and more), 13 improved, 4 analyzer upgrades, 4 new revokers (SendGrid, Slack User Token, Slackbot, Heroku), scanning throughput nearly doubled.
• v2.158 — 4 new detectors (MiniMax, Retell, Azure Storage Account Key, Curl Username Password), 2 improved (Azure Container Registry, MongoDB), scanning speed improved by 12%.

Enhancements​

• Improved scanning for SharePoint Online and OneDrive integrations. Self-hosted customers using these integrations should ensure all required pods are active and properly scaled. See the scaling documentation and non-VCS sources configuration for details.
• Audit logs now display scope information for PAT and SAT creation events. Learn more.
• Workspace managers can restrict Personal Access Token scopes for members. Learn more.
• Customizable session duration for dashboard sessions. Learn more.
• Slack and Webhook alerts now include feedback content (remarks) for incidents. Learn more.
• Enhanced Slack incident notification messages with improved formatting and additional context. Learn more.
• Jira templates now support filename and line number fields. Learn more.
• "System" theme mode option that follows OS light/dark preference. Learn more.
• Public API endpoint for retrieving GitGuardian egress IP addresses. Learn more.
• Custom perimeter support for Microsoft Teams, Confluence Cloud, Confluence Data Center, Jira Cloud, and Jira Data Center. Learn more.
• Self-Hosted:
  • Allow to have fixed tags for the Custom CA image, to support environments enforcing fixed tags
  • Added ALB ingress support for autoscaling and improved templating of custom autoscaling metrics in Helm charts.
  • Added missing queues to KEDA ScaledObjects configuration for improved autoscaling coverage.

Fixes​

• Jira Cloud installations unexpectedly soft-deleted. Learn more.
• API schema validation error for response path 'id'. Learn more.
• Timeout issues when bulk-updating incident custom tags. Learn more.
• Authorization issue allowing Team Leaders to delete "All Incidents" team notification settings. Learn more.
• Self-Hosted:
  • Fixed Redis password handling issue when using existing secrets in ArgoCD environments.

Hotfixes​

2026.3.1​

  Release Date: March 24, 2026

Fixes​

• GitHub Enterprise integration: Fixed issue where repositories appeared as "Unmonitored" after upgrading to 2026.3 despite being correctly selected in Integration settings.
• JFrog Package Registries: Fixed payload mismatch error during JFrog Artifactory package registry scans.
• API documentation link: Fixed incorrect API documentation link in the self-hosted help menu.
• Audit logs: Fixed actor filter in audit logs where selected users were lost after using and clearing the search field.

2026.3.2​

  Release Date: March 26, 2026

Fixes​

• Database migration on upgrade: Fixed a pre-deploy migration failure blocking upgrades to 2026.3 on instances originally installed before version 2025.7.

2026.3.3​

  Release Date: April 2, 2026

Fixes​

• In-app analytics optimization: Fixed excessive data footprint from inAppAnalytics, reducing storage and memory usage.

Version	Release Date
2026.2.0	February 23, 2026

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

Using Argo CD? A pre-created encryption secret is now required before deploying — see the Argo CD installation guide.

Feature highlights​

• Dark Mode — we've refreshed the GitGuardian interface and introduced Dark Mode so you can work comfortably in any environment, with cleaner layouts, improved contrast, and polished navigation. Head to Account → Interface → Theme to pick your preference. Learn more.

Secrets Detection Engine​

• v2.156 — 7 new detectors (Modelscope, Proxmox, ZegoCloud, Deepgram, Microsoft Power Apps Webhook, Mem0, Obsidian), 4 improved (Azure SAS URL, Okta OAuth, Azure Entra Access Token, Azure OpenAI), 1 analyzer upgrade (Azure SAS URL expiration check), 1 deprecated (Azure Logic App Sig Key).

Enhancements​

• Incidents API enhanced with external ticket information (Jira/ServiceNow), analytics period selector with flexible date range options, improved SSO certificate editing experience. Learn more.
• ggshield correctly ignores secrets with closed related incidents. Learn more.
• Self-Hosted:
  • Helm charts now include a strict JSON schema generated from values.yaml. Any property not defined in values.yaml will be rejected at install or upgrade time. If you encounter validation errors, you can temporarily use the --skip-schema-validation Helm flag while we address any missing properties.
  • The background_validity_check queue has moved from worker-long to worker-worker. If you have scaled your workers for validity checks, you may need to adjust your worker-worker replicas accordingly. See the application topology page for the full queue mapping.
  • New optional worker-check-runs worker to offload check_run processing from worker-worker. Disabled by default. Enable it by setting celeryWorkers.check-runs.replicas in your Helm values.
  • Remove terms and conditions acceptance requirement for self-hosted instance.
  • License grace period extended from 10 hours to 120 hours when ReplicatedSDK is unreachable.

Fixes​

• Validity checks automatic retry mechanism, CSV export JSON format. Learn more.
• Validity checks periodic re-check for invalid secrets, analytics tooltip dates, Developer in the Loop duplicate submissions, SCIM email notification defaults. Learn more.
• Self-Hosted: Fixed Redis password handling when using existing secrets in ArgoCD environments.