Version	Release Date
2025.11.0	November 19, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

Secrets Detection Engine​

• v2.150 — 1 new detector (Coveo API Key), 1 improved (Resend), 1 new checker, 1 analyzer upgrade, 1 engine enhancement.

Enhancements​

• Large occurrence patches display. See SaaS release: Oct 28.
• Incident list source links, API change_type field. See SaaS release: Nov 7.
• Dev-in-the-Loop incident ID display and dashboard navigation. See SaaS release: Nov 17.
• Self-Hosted:
  • Added official support for PostgreSQL 18 and Redis 8.
  • Added terms and conditions acceptance requirement during business workspace sign-up and trial activation for improved legal compliance.
  • Replicated now inherits global image pull secrets, simplifying Helm configuration by removing the need for separate imagePullSecrets in the replicated section. Learn more.

Fixes​

• Perimeter scan button visibility, SSO IDP configuration, sources tooltips and health checks, incidents commit info and code fixing section. See SaaS release: Oct 25.
• GitLab PAT updates 403 error, SharePoint health-check error 9999. See SaaS release: Oct 28.
• Microsoft Teams notifier client secret update, incident feedback registration. See SaaS release: Nov 7.
• Container Registry automatic monitoring, Jira Data Center webhook version. See SaaS release: Nov 17.
• Fixed an issue where filepath exclusions failed to apply when selecting individual repositories, while working correctly with select all repositories.
• Self-Hosted:
  • Dashboard access now blocked when ReplicatedSDK is not running to enforce proper license validation.
  • Fixed PostgreSQL and Redis preflights failing when CA certificate was provided without client certificate and key.

Version	Release Date
2025.10.0	October 27, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

⚠️ Important: This is a required release and cannot be skipped.

Feature highlights​

• Secret Revocation — revoke supported secrets directly from incidents. Learn more
• Context preview for non‑VCS incidents — see surrounding content for leaks in SharePoint, OneDrive, Slack, Confluence. Learn more
• Microsoft Teams attachment scanning — detect secrets in files shared in Teams. Learn more
• ggshield: vault name and path — show secret manager details for vaulted secrets. Learn more
• Unified graph with public leak intelligence — correlate internal and public exposures in one view. Learn more

Secrets Detection Engine​

• v2.147 — 2 new detectors, 4 improved, 4 new checkers.
• v2.148 — 21 new detectors, 3 improved, multiple new checkers.
• v2.149 — 4 new detectors, 1 improved, 4 new checkers, 2 analyzer upgrades.

Enhancements​

• Pattern exclusion performance. See SaaS release: Sep 23.
• Base64 token decoding, new ignore reasons. See SaaS release: Sep 26.
• Generic Secret Enricher v2, Jira auto-assignment. See SaaS release: Oct 9.
• Incident developer identity. See SaaS release: Oct 17.
• GitLab integration performance, Public API perimeter editing. See SaaS release: Oct 25.
• Playbooks: Updated the Playbooks settings page with a refreshed, modern interface design.
• Self-Hosted:
  • All GitGuardian images are now multi-arch. Helm deployments now support ARM64 clusters in addition to AMD64. KOTS and Embedded Cluster installations remain AMD64-only. See system requirements.
  • Added support for read-only root filesystem constraint to meet security compliance requirements and enhance container runtime protection.

Fixes​

• Google Artifact Registry auth. See SaaS release: Sep 23.
• Weekly summary email dates, Jira DC admin detection, historical scan duplicates. See SaaS release: Oct 9.
• Incident search filters, secret view links. See SaaS release: Oct 17.
• Occurrence commit info, perimeter scan button visibility. See SaaS release: Oct 25.
• Self-Hosted:
  • Updated KOTS embedded cluster installation requirements to match documented system requirements.
  • Added missing toleration configuration for secretEngine deployment.
  • Fixed license verification when using a proxy by adding the NO_PROXY to replicated.extraEnv default values.

Version	Release Date
2025.9.0	September 17, 2025
2025.9.1	October 1, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

Feature highlights​

• Bring Your Own Sources — extend secret detection to any data source (CI logs, legacy systems, SFTP). Learn more
• Quick Access — unified search interface for faster navigation (Ctrl+K/Cmd+K). Learn more
• AI Filters — use natural language to filter incidents, perimeter, and audit logs. Learn more
• Microsoft SharePoint and OneDrive scanning — detect secrets in your knowledge base. Learn more

Secrets Detection Engine​

• v2.145 — 1 improved detector (GitLab Token broader regex for longer tokens).
• v2.146 — 4 new detectors (Africa's Talking, Clipdrop, StackHawk, Murf), 1 improved (Stripe checker timeout prevention).

Enhancements​

• Confluence Cloud outbound-only OAuth2, GitHub PR public share links, CSP headers. See SaaS release: Sep 17.
• User comment permissions. See SaaS release: Aug 20.
• Self-Hosted:
  • Improved ML Secret Engine Docker image permissions for custom user/group IDs.
  • Enhanced Docker image permissions for custom security contexts.
  • Improved failed index migration handling for safe re-execution.
  • Added node affinity scheduling for one worker per node constraint.

Fixes​

• Remediation tracking for non-default branches, perimeter filter errors, Honeytoken notifications, webhook URL validation, JFrog integration validation, Confluence DC URLs. See SaaS release: Sep 17.
• Token management link removal. See SaaS release: Aug 20.
• Self-Hosted:
  • Fixed Loki image not being pulled from private Docker registry during airgap Helm installations.
  • Resolved KOTS rendering issue on existing cluster with KOTS installation. Note: KOTS installation will be deprecated soon. We encourage customers to migrate to Helm installation.

Hotfixes​

2025.9.1​

  Release Date: October 1, 2025

Fixes​

• SharePoint integration: Fixed issue where SharePoint Online tenants appeared as monitored but failed to display nested sites and resources properly.
• Jira Data Center integration: Update Jira DC webhook creation to use version-specific endpoints based on the instance version.

Version	Release Date
2025.8.0	August 18, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

Feature highlights​

• AWS ECR Container Registry — detect hardcoded secrets in Amazon Elastic Container Registry. Learn more

Secrets Detection Engine​

• v2.144 — 3 new detectors (Weights & Biases, Bitbucket App Password, Mercado Pago), 4 improved, 1 new checker.

Enhancements​

• Custom webhook granular event selection. See SaaS release: Jul 25.
• VCS auto-monitoring toggle, Bitbucket Cloud API token auth. See SaaS release: Aug 13.
• Self-Hosted:
  • Valkey support (Redis 7.2 fork) for Redis-compatible deployments.

Fixes​

• Incident assignee visibility, Slack duplicate occurrences, JFrog registry scan errors. See SaaS release: Aug 1.
• Email notification preferences, Confluence DC private spaces. See SaaS release: Aug 13.
• Token management link removal. See SaaS release: Aug 20.

Version	Release Date
2025.7.0	July 25, 2025
2025.7.1	August 8, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

⚠️ Important: This is a required release and cannot be skipped.

Feature highlights​

• Jira and Confluence Data Center historical scanning — scan past content for secrets. Learn more
• Auto-ignore invalid incidents playbook — automatically clear confirmed invalid secrets. Learn more

Secrets Detection Engine​

• v2.141 — 12 new detectors (Kubernetes User Certificate with Port, NVIDIA, Alchemy v2, OpenRouter, Duffel, Apify, Jina, Deno Account, Segment Workspace v2, Resend, VKontakte, Fireworks AI), 6 improved, 10 new checkers.
• v2.142 — 2 new detectors (AI71, AMP), 9 improved (Kubernetes Docker, MySQL, Sourcegraph, GitHub, HashiCorp Vault, Confluent, GitHub Fine-Grained PAT, Slack, DigitalOcean Spaces), 2 new checkers.
• v2.143 — 7 new detectors (GitLab Incoming Mail, Coze PAT, Tavus, Heroku Platform, SSH with port, Tableau Cloud PAT, Notion v2), 7 improved, 6 new checkers. All JWT detectors now only catch signed JWTs.

Enhancements​

• Custom tags API key/value filtering, auto-resolve revoked secrets playbook, custom remediation links. See SaaS release: Jun 19.
• Jira DC leaker emails. See SaaS release: Jun 30.
• Custom tags API documentation. See SaaS release: Jul 21.
• GitLab multi-hook support. See SaaS release: Jul 23.

Fixes​

• Custom tags bulk assignment, Azure DevOps token handling. See SaaS release: Jun 19.
• GitHub installation checks. See SaaS release: Jun 30.
• Teams email notifications. See SaaS release: Jul 7.
• SCIM case-insensitive emails. See SaaS release: Jul 21.
• Deletion line scanning. See SaaS release: Jul 28.

Hotfixes​

2025.7.1​

  Release Date: August 8, 2025

Fixes​

• Self-Hosted:
  • Embedded Cluster with Embedded Redis configuration to use bitnamilegacy/redis registry following Bitnami's registry changes.
  • ML Secret Engine updated to version 20250806 fixing critical CVE-2025-54381.
  • NHI Scout bumped to version 0.18.2.

Version	Release Date
2025.6.0	June 20, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

Feature highlights​

• Secure API access to secret values — retrieve secret values via API endpoint for automation workflows. Learn more
• Microsoft Teams secret detection — scan Teams messages for hardcoded secrets with real-time and historical scanning. Learn more
• Jira and Confluence Cloud historical scanning — detect secrets leaked in the past across Jira and Confluence Cloud. Learn more
• Container Registries secret detection — detect hardcoded secrets in Azure, Google, JFrog, and DockerHub registries. Learn more
• Self-Hosted: Export GitGuardian logs to Splunk, Loki, Elasticsearch, Kafka, and Datadog for centralized monitoring. Learn more

Secrets Detection Engine​

• v2.139 — 1 new detector (GitLab Feature Flags Client Token), 6 improved (AMQP, Confluent, Generic High Entropy, Artifactory, Azure Storage), 1 engine enhancement.
• v2.140 — 12 new detectors (Laravel, GitLab tokens, Kubernetes JWT, Brave Search, Dify, Firecrawl, Ubidots, Vapi, Llama Cloud), 4 improved, 7 new checkers, 2 engine enhancements.

Enhancements​

• Teams API endpoint optimization. See SaaS release: Jun 19.
• Self-Hosted:
  • Improved ML Secret Engine Docker image permissions to support running with custom user and group IDs for better Kubernetes security contexts.
  • Improved Docker image permissions to support running with custom user and group IDs for better Kubernetes security contexts.
  • Improved handling of failed index creation migrations to allow safe re-execution of database updates.
  • Added capability to specify constraint of only one worker per node in Kubernetes deployments to optimize resource allocation. Learn more about scaling.

Fixes​

• Email alerts to inactive members, custom tags pagination, GitLab parent group permissions, secret analyzer validity checking. See SaaS release: Jun 19.
• Self-Hosted:
  • Corrected an issue preventing Self-Hosted customers from adding or editing custom severity rule sets.
  • Fixed an issue with ACL limitations on GCP and Azure cloud platforms where Redis deployments disable the ACL command, causing pre-deployment checks for the FLUSHDB command to fail. The system now gracefully handles scenarios where ACL commands are unavailable.

Version	Release Date
2025.4.0	April 25, 2025
2025.4.1	April 30, 2025
2025.4.2	August 8, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version.

⚠️ Important: This is a required release and cannot be skipped.

Feature highlights​

• NHI Governance — manage and secure Non-Human Identities with comprehensive observability and lifecycle management. Learn more
• Secrets Analyzer — enrich detected secrets with scope, permission, and ownership details for faster risk assessment. Learn more
• Custom tags — categorize and filter incidents with customized labels for improved remediation workflows. Learn more
• Log collector for Self-Hosted — seamless log collection system with Loki, MinIO, and Fluent Bit for faster troubleshooting. Learn more

Secrets Detection Engine​

• v2.134 — 1 new detector (Azure Logic App), 2 improved (LINE Messaging, OpenAI), 1 analyzer enhancement.
• v2.135 — 4 new detectors (Artifactory Reference Token, Artifactory Master Key, Artifactory Basic Auth), 4 improved (Snowflake, IBM Cloud, PlanetScale, Artifactory).

Enhancements​

• Jira DC incident filter, custom tags from search, custom webhook payload. See SaaS release: Apr 14.
• Jira configuration layout, navigation improvements, invitations API. See SaaS release: Apr 23.
• Self-Hosted:
  • Improved error messages for email configuration setup.
  • Enhanced debug capabilities with network diagnostic tools (netcat, openssl) in debug image. Learn more.
  • Extended readiness probe timeout on public-api for enhanced stability.
  • Added OpenShift restricted-v2 SCC support via global.compatibility.openshift.adaptSecurityContext. Learn more.
  • Added default support-bundle Role and optional ClusterRole creation.
  • PostgreSQL pgvector extension now required by default for upcoming ML features. Learn more.
  • Improved response times for issue occurrence queries through optimized request routing.
  • Standardized health check endpoint routing under main API hostname.

Fixes​

• Jira Cloud project key synchronization. See SaaS release: Mar 19.
• GitLab multiple group hook emails, read-only token webhook detection, system hook 403 errors, unnecessary webhook scans, incidents list refresh. See SaaS release: Apr 14.
• GitLab system hook 403 errors. See SaaS release: Apr 23.
• Self-Hosted:
  • Updated license expiration notification message for clearer guidance.
  • Added Content Security Policy (CSP) headers to HTTP responses for enhanced browser security.

Hotfixes​

2025.4.1​

  Release Date: April 30, 2025

Fixes​

• Self-Hosted:
  • Support Bundle Role creation disabled by default to accommodate customers with high security requirements (Helm).

2025.4.2​

  Release Date: August 8, 2025

Fixes​

• Self-Hosted:
  • Embedded Cluster with Embedded Redis configuration to use bitnamilegacy/redis registry following Bitnami's registry changes.

  Release Date: March 20, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version.

Feature highlights​

• Generic Secret Enricher — ML model that analyzes context to identify secret providers and categories with new filters. Learn more
• Secrets Managers integration — sync incidents with AWS, HashiCorp Vault, Azure, Google, Delinea, and Akeyless via ggscout. Learn more

Secrets Detection Engine​

• v2.132 — 5 new detectors (SMB Credentials, Azure Blob Storage, DeepSeek, Netlify v2, 1Password Service Account), 4 improved (Azure Storage Account, Generic Password, Groq, Netlify), 3 new checkers, 2 engine enhancements.
• v2.133 — 5 new detectors (OpenAI Project v2, OpenAI Admin, Netlify v2, 1Password Service Account, DeepSeek), 8 improved (OpenAI Service Account, Rails, GitHub, Groq, Artifactory, Generic Password, Dropbox, FCM).

Enhancements​

• Jira ticket templates with Incident ID variable, instant ticket creation. See SaaS release: Feb 27.
• Self-Hosted:
  • ggscout improvements: Vault preflight checks, hardened Helm chart, Replicated Proxy support, embedded cluster deployment, support bundle logs. Learn more.
  • Customizable Public API pagination maximum page size. Learn more.
  • Machine learning activated by default for embedded cluster installations. Learn more.
  • Automatic license synchronization for non-air-gap environments.
  • Added nodeSelector support in Helm jobs for enhanced node scheduling flexibility.

Fixes​

• Jira Cloud invalid state after uninstall, Microsoft Teams wrong team display. See SaaS release: Mar 10.
• Self-Hosted:
  • Added custom security contexts support for machine learning pods. Learn more.
  • Fixed Redis TLS connection errors in preflights.

  Release Date: February 20, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

Feature highlights​

• Search incidents by secret value — monitor secret leaks across thousands of repositories and sources. Learn more
• Bitbucket Cloud scanning — detect exposed credentials in Bitbucket Cloud repositories in real-time. Learn more
• Custom Tags Early Access — organize incidents with custom tags via API (UI support coming soon). Learn more
• Enhanced email incident alerting controls — manage email notification settings via API and customize account-level defaults. Learn more
• Autoscaling — HPA support for web applications with automatic scaling based on demand. Learn more

Secrets Detection Engine​

• v2.130 — 2 new detectors (Artifactory Token With Host, HubSpot Private App), 6 improved GitHub tokens (Enterprise, OAuth, PAT, Server-to-Server, User-to-Server).
• v2.131 — 2 new detectors (Azure Storage Connection String, HashiCorp Vault AppRole).

Enhancements​

• Scan only addition lines in commits, Jira custom fields support. See SaaS release: Feb 11.
• Jira Data Center user picker custom fields. See SaaS release: Jan 28.

Fixes​

• GitLab revocation on plan downgrades, Confluence Cloud spaceKey events, restricted user incident view, teammates table action menus, email notifications team routing. See SaaS release: Feb 11.
• GitLab large instance support, Azure Repos organization sync, PagerDuty real-time alerts. See SaaS release: Jan 28.
• User deletion with saved views, Azure Repos organization sync. See SaaS release: Jan 13.
• Self-Hosted:
  • Fixed Redis Sentinel connection with special characters in password (Helm).
  • Restored left navigation menu in KOTS admin console for embedded cluster installations (KOTS).

Version	Release Date
2025.1.0	January 20, 2025
2025.1.1	January 23, 20255

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

⚠️ Important: This is a required release and cannot be skipped.

Feature highlights​

• Microsoft Teams security alerts — real-time GitGuardian alerts in Microsoft Teams with instant notifications. Learn more
• Jira Data Center auto-tracking — auto-create Jira issues, sync custom fields, and auto-resolve incidents. Learn more
• False Positive Remover v1 — internal ML model that halves false positives for Self-Hosted deployments. Learn more
• Slack secret scanning — scan full history of public and private Slack channels to detect leaked secrets. Learn more
• Remediation tracking — enhanced workflow with precise location details and real-time tracking of remediation progress. Learn more. ⚠️ You can adjust the scan rate limit for the file tracking engine via the scan_after_push_force_rate_limit preference on the Preferences page. Historical scans are recommended to ensure incidents requiring fixes are available in the dashboard.
• SCIM user deprovisioning — automatic user deprovisioning when users are removed from your IdP. Learn more

Secrets Detection Engine​

• v2.128 — 4 new detectors (Jenkins API, chpasswd, Nessus Agent, Statsig Server), 1 improved (FTP).
• v2.129 — 1 new detector (GitLab OAuth), 4 improved (Base64 High Entropy, GitGuardian Test Token, MSSQL, Zendesk).

Enhancements​

• Redesigned navigation menu, automatic repository monitoring control. See SaaS release: Dec 12.
• Jira Data Center user picker custom fields. See SaaS release: Jan 28.
• Self-Hosted:
  • GitHub integration: Improved real-time event handling for >100 commits and enhanced large patch processing.
  • Configurable commit length scanning via repo_scan_max_commit_length preference. Learn more.
  • ReplicatedSDK image now pulled from Replicated registry. Learn more.
  • Improved error messages for partially initialized databases.
  • Introduced Periodic Tasks page to adjust schedules and fine-tune execution.
  • Merged secrets_checks queue with background validity checks queue for optimized performance.

Fixes​

• Check runs messages, validity check tooltip, Jira issue tracking line feeds. See SaaS release: Dec 23.
• GitLab large instance support. See SaaS release: Jan 28.
• User deletion with saved views. See SaaS release: Jan 13.
• Self-Hosted:
  • Corrected sorting and filters on Worker Tasks page in the Admin area for improved usability.

Hotfixes​

2025.1.1​

  Release Date: January 23, 2025

Fixes​

• Self-Hosted:
  • Fixed GitGuardian dashboard 404 error in embedded cluster installations (excluding legacy Kurl clusters).
  • Fixed embedded cluster deployment with custom CA.
  • Fixed 404 error on /metrics endpoint for applicative metrics (Helm).
  • Fixed Replicated RBAC resources created despite rbac.enabled: false in Helm values.