Version	Release Date
2025.8.0	August 18, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

Detect hardcoded secrets in your AWS ECR Container Registry​

We are excited to introduce Secret detection for Amazon Elastic Container Registry (ECR).

Secrets often end up in container images due to common mistakes during development and image creation, mainly:

• Hardcoding Secrets in Code: Developers may directly embed sensitive credentials, such as API keys or passwords, into application code, which gets packaged into container images.
• Misconfigured Dockerfiles: Commands like ENV or RUN in Dockerfiles can inadvertently expose sensitive data during the build process.

By identifying and addressing hardcoded credentials in your AWS ECR repositories early in the development pipeline, this feature significantly minimizes the risk of security breaches, helping you prevent the unintended exposure of sensitive information before it even reaches production.

Check out our Blog Post to learn more and our Amazon ECR documentation to enable the feature now!

Support Valkey (forked version Redis 7.2)​

We're excited to announce support for Valkey, a Redis-compatible database that is a fork of Redis 7.2. This provides users with an additional option for Redis while maintaining full compatibility with GitGuardian Self-Hosted.

Learn more about Redis configuration

Secrets Detection Engine (v2.144)​

New Detectors

• Weights & Biases API Key – Detects API keys for Weights & Biases services.
• Bitbucket App Password – New detector for Bitbucket app passwords to improve recall.
• Mercado Pago Access Token – Detects access tokens for Mercado Pago payment services.

New Checkers These checkers are implemented to verify the detected secrets, adding another layer of security and ensuring their validity and correct application:

• Mercado Pago Access Token

Detector Improvements

• Azure Subscription Key – Improved precision of Azure subscription key detector.
• X AI API Key – Properly report disabled API keys as invalid.
• Bitbucket Access Token – Restricted the detector to detect only Bitbucket repositories access tokens.
• CodeClimate Key – Deprecated CodeClimate key checker.

Enhancements​

• Custom webhooks: Enhanced webhook configuration with more granular event selection. See the updated documentation.
• VCS Integrations: Provided the capability to disable Automatic Repository Monitoring upon VCS Integration. Toggles controlling this capability was also moved on top of the discovered sources for more visibility
• Bitbucket Cloud Integration: Updated authentication to support API tokens as Atlassian discontinues app passwords, ensuring continued integration functionality.

Fixes​

• Incident permissions: Fixed an issue where assignees with "can view" permissions would be hidden from the incident's UI.
• Slack integration: Fixed an issue where duplicate secret occurrences were created when thread replies were posted to channels in Slack.
• JFrog Container Registry integration:
  • Fixed an error in repository last update date retrieval during recurrent scans.
  • Improved error handling and diagnostics for health check connectivity issues.
• Email Notifications: Fixed an issue where integration health check emails were sent without respecting user email notification preferences.
• Confluence Data Center Integration: Fixed an issue where private spaces were not being retrieved during integration setup.