Version	Release Date
2025.12.0	December 15, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

Feature highlights​

• Advanced Analytics for Internal Monitoring — track the detection, remediation and prevention of secret leaks with actionable dashboards. Learn more.

  This feature is disabled by default and requires additional resources (12 GB memory). Analytics are computed once a day, so data may take up to 24 hours to appear after activation. To enable: set inAppAnalytics.enabled: true in Helm values, or enable "In-App Analytics" in the KOTS Admin Console.

• SCIM team provisioning — automate team creation and sync from Okta and Microsoft Entra ID. Learn more
• Enhanced Slack notifications — complete incident lifecycle coverage for internal monitoring and honeytoken alerting. Learn more.
• CyberArk Secrets Manager Self Hosted integration — discover and enumerate non-human identities stored in your self-hosted CyberArk (Conjur) vault. Learn more.

Secrets Detection Engine​

• v2.151 — 13 new detectors (Hume AI, Azure AI Face, Neon, E2B, MailerSend, Scraper API, AIProxy, Cloudsmith, AWS Bedrock, Harness, Grafbase, AssemblyAI), 8 improved (Generic Password, Pinecone, Keycloak, Discord, Kubernetes JWT, Tableau, Sendinblue), 3 analyzer upgrades.
• v2.152 — 1 new detector (Google Cloud Access Token), 3 improved (Hashicorp Vault Token, PagerDuty, Google Cloud Access Token), 2 analyzer upgrades.

Enhancements​

• New "Valid" saved view for incidents, API filtering by triggered date, GitLab validation and health checks, Docker Hub organization namespaces, Custom Monitored Perimeter improvements, GitLab empty namespaces hidden by default. Learn more.
• Self-Hosted:
  • Added multiple hostname support via extra_hostnames parameter, enabling access through additional domain names. Learn more.
  • Added global podDisruptionBudget.enabled parameter to disable automatic PDB creation for restricted Kubernetes environments that prohibit PodDisruptionBudget resources. Learn more.
  • Added official support for Helm v4.
  • Added IPv6 support via network.ipFamily parameter for Service resources. Learn more.

Fixes​

• Jira Data Center historical scans for large projects, incident details "First detected" date display, Slack notifications user association, Health Check error differentiation. Learn more.
• Bulk action filters, Jira ticketing issues, Perimeter scan behavior, GitLab namespace display and search, Container Registry URLs and caching. Learn more.
• Self-Hosted: Resolved NHI Governance access for manager roles.

Version	Release Date
2025.11.0	November 19, 2025
2025.11.1	November 27, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

Secrets Detection Engine​

• v2.150 — 1 new detector (Coveo API Key), 1 improved (Resend), 1 new checker, 1 analyzer upgrade, 1 engine enhancement.

Enhancements​

• Large occurrence patches display. Learn more.
• Incident list source links, API change_type field. Learn more.
• Dev-in-the-Loop incident ID display and dashboard navigation. Learn more.
• Self-Hosted:
  • Added official support for PostgreSQL 18 and Redis 8.
  • Added terms and conditions acceptance requirement during business workspace sign-up and trial activation for improved legal compliance.
  • Replicated now inherits global image pull secrets, simplifying Helm configuration by removing the need for separate imagePullSecrets in the replicated section. Learn more.

Fixes​

• Perimeter scan button visibility, SSO IDP configuration, sources tooltips and health checks, incidents commit info and code fixing section. Learn more.
• GitLab PAT updates 403 error, SharePoint health-check error 9999. Learn more.
• Microsoft Teams notifier client secret update, incident feedback registration. Learn more.
• Container Registry automatic monitoring, Jira Data Center webhook version. Learn more.
• Fixed an issue where filepath exclusions failed to apply when selecting individual repositories, while working correctly with select all repositories.
• Self-Hosted:
  • Dashboard access now blocked when ReplicatedSDK is not running to enforce proper license validation.
  • Fixed PostgreSQL and Redis preflights failing when CA certificate was provided without client certificate and key.

Hotfixes​

2025.11.1​

  Release Date: November 27, 2025

Fixes​

• GitLab Integration:
  • Fixed an issue where GitLab namespaces and projects were incorrectly displayed as "banned" when the instance was actually temporarily detected as unhealthy.
  • Fixed search functionality not working in the entity tree displayed as List view.
• Google Artifact Registry Integration: Source URL now redirects to the Google Artifact Registry repository as expected.
• Incident Management: Fixed filters not being applied to bulk actions when using "select all".

Version	Release Date
2025.10.0	October 27, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

⚠️ Important: This is a required release and cannot be skipped.

Feature highlights​

• Secret Revocation — revoke supported secrets directly from incidents. Learn more
• Context preview for non‑VCS incidents — see surrounding content for leaks in SharePoint, OneDrive, Slack, Confluence. Learn more
• Microsoft Teams attachment scanning — detect secrets in files shared in Teams. Learn more
• ggshield: vault name and path — show secret manager details for vaulted secrets. Learn more
• Unified graph with public leak intelligence — correlate internal and public exposures in one view. Learn more

Secrets Detection Engine​

• v2.147 — 2 new detectors, 4 improved, 4 new checkers.
• v2.148 — 21 new detectors, 3 improved, multiple new checkers.
• v2.149 — 4 new detectors, 1 improved, 4 new checkers, 2 analyzer upgrades.

Enhancements​

• Pattern exclusion performance. Learn more.
• Base64 token decoding, new ignore reasons. Learn more.
• Generic Secret Enricher v2, False Positive Remover v2.5, Jira auto-assignment. Learn more.
• Incident developer identity. Learn more.
• GitLab integration performance, Public API perimeter editing. Learn more.
• Playbooks: Updated the Playbooks settings page with a refreshed, modern interface design.
• Self-Hosted:
  • All GitGuardian images are now multi-arch. Helm deployments now support ARM64 clusters in addition to AMD64. KOTS and Embedded Cluster installations remain AMD64-only. See system requirements.
  • Added support for read-only root filesystem constraint to meet security compliance requirements and enhance container runtime protection.

Fixes​

• Google Artifact Registry auth. Learn more.
• Weekly summary email dates, Jira DC admin detection, historical scan duplicates. Learn more.
• Incident search filters, secret view links. Learn more.
• Occurrence commit info, perimeter scan button visibility. Learn more.
• Self-Hosted:
  • Updated KOTS embedded cluster installation requirements to match documented system requirements.
  • Added missing toleration configuration for secretEngine deployment.
  • Fixed license verification when using a proxy by adding the NO_PROXY to replicated.extraEnv default values.

Version	Release Date
2025.9.0	September 17, 2025
2025.9.1	October 1, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

Feature highlights​

• Bring Your Own Sources — extend secret detection to any data source (CI logs, legacy systems, SFTP). Learn more
• Quick Access — unified search interface for faster navigation (Ctrl+K/Cmd+K). Learn more
• AI Filters — use natural language to filter incidents, perimeter, and audit logs. Learn more
• Microsoft SharePoint and OneDrive scanning — detect secrets in your knowledge base. Learn more

Secrets Detection Engine​

• v2.145 — 1 improved detector (GitLab Token broader regex for longer tokens).
• v2.146 — 4 new detectors (Africa's Talking, Clipdrop, StackHawk, Murf), 1 improved (Stripe checker timeout prevention).

Enhancements​

• Confluence Cloud outbound-only OAuth2, GitHub PR public share links, CSP headers. Learn more.
• User comment permissions. Learn more.
• Self-Hosted:
  • Improved ML Secret Engine Docker image permissions for custom user/group IDs.
  • Enhanced Docker image permissions for custom security contexts.
  • Improved failed index migration handling for safe re-execution.
  • Added node affinity scheduling for one worker per node constraint.

Fixes​

• Remediation tracking for non-default branches, perimeter filter errors, Honeytoken notifications, webhook URL validation, JFrog integration validation, Confluence DC URLs. Learn more.
• Token management link removal. Learn more.
• Self-Hosted:
  • Fixed Loki image not being pulled from private Docker registry during airgap Helm installations.
  • Resolved KOTS rendering issue on existing cluster with KOTS installation. Note: KOTS installation will be deprecated soon. We encourage customers to migrate to Helm installation.

Hotfixes​

2025.9.1​

  Release Date: October 1, 2025

Fixes​

• SharePoint integration: Fixed issue where SharePoint Online tenants appeared as monitored but failed to display nested sites and resources properly.
• Jira Data Center integration: Update Jira DC webhook creation to use version-specific endpoints based on the instance version.

Version	Release Date
2025.8.0	August 18, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

Feature highlights​

• AWS ECR Container Registry — detect hardcoded secrets in Amazon Elastic Container Registry. Learn more

Secrets Detection Engine​

• v2.144 — 3 new detectors (Weights & Biases, Bitbucket App Password, Mercado Pago), 4 improved, 1 new checker.

Enhancements​

• Custom webhook granular event selection. Learn more.
• VCS auto-monitoring toggle, Bitbucket Cloud API token auth. Learn more.
• Self-Hosted:
  • Valkey support (Redis 7.2 fork) for Redis-compatible deployments.

Fixes​

• Incident assignee visibility, Slack duplicate occurrences, JFrog registry scan errors. Learn more.
• Email notification preferences, Confluence DC private spaces. Learn more.
• Token management link removal. Learn more.

Version	Release Date
2025.7.0	July 25, 2025
2025.7.1	August 8, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

⚠️ Important: This is a required release and cannot be skipped.

Feature highlights​

• Jira and Confluence Data Center historical scanning — scan past content for secrets. Learn more
• Auto-ignore invalid incidents playbook — automatically clear confirmed invalid secrets. Learn more

Secrets Detection Engine​

• v2.141 — 12 new detectors (Kubernetes User Certificate with Port, NVIDIA, Alchemy v2, OpenRouter, Duffel, Apify, Jina, Deno Account, Segment Workspace v2, Resend, VKontakte, Fireworks AI), 6 improved, 10 new checkers.
• v2.142 — 2 new detectors (AI71, AMP), 9 improved (Kubernetes Docker, MySQL, Sourcegraph, GitHub, HashiCorp Vault, Confluent, GitHub Fine-Grained PAT, Slack, DigitalOcean Spaces), 2 new checkers.
• v2.143 — 7 new detectors (GitLab Incoming Mail, Coze PAT, Tavus, Heroku Platform, SSH with port, Tableau Cloud PAT, Notion v2), 7 improved, 6 new checkers. All JWT detectors now only catch signed JWTs.

Enhancements​

• Custom tags API key/value filtering, auto-resolve revoked secrets playbook, custom remediation links. Learn more.
• Jira DC leaker emails. Learn more.
• Custom tags API documentation. Learn more.
• GitLab multi-hook support. Learn more.

Fixes​

• Custom tags bulk assignment, Azure DevOps token handling. Learn more.
• GitHub installation checks. Learn more.
• Teams email notifications. Learn more.
• SCIM case-insensitive emails. Learn more.
• Deletion line scanning. Learn more.

Hotfixes​

2025.7.1​

  Release Date: August 8, 2025

Fixes​

• Self-Hosted:
  • Embedded Cluster with Embedded Redis configuration to use bitnamilegacy/redis registry following Bitnami's registry changes.
  • ML Secret Engine updated to version 20250806 fixing critical CVE-2025-54381.
  • NHI Scout bumped to version 0.18.2.

Version	Release Date
2025.6.0	June 20, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

Feature highlights​

• Secure API access to secret values — retrieve secret values via API endpoint for automation workflows. Learn more
• Microsoft Teams secret detection — scan Teams messages for hardcoded secrets with real-time and historical scanning. Learn more
• Jira and Confluence Cloud historical scanning — detect secrets leaked in the past across Jira and Confluence Cloud. Learn more
• Container Registries secret detection — detect hardcoded secrets in Azure, Google, JFrog, and DockerHub registries. Learn more
• Self-Hosted: Export GitGuardian logs to Splunk, Loki, Elasticsearch, Kafka, and Datadog for centralized monitoring. Learn more

Secrets Detection Engine​

• v2.139 — 1 new detector (GitLab Feature Flags Client Token), 6 improved (AMQP, Confluent, Generic High Entropy, Artifactory, Azure Storage), 1 engine enhancement.
• v2.140 — 12 new detectors (Laravel, GitLab tokens, Kubernetes JWT, Brave Search, Dify, Firecrawl, Ubidots, Vapi, Llama Cloud), 4 improved, 7 new checkers, 2 engine enhancements.

Enhancements​

• Teams API endpoint optimization. Learn more.
• Self-Hosted:
  • Improved ML Secret Engine Docker image permissions to support running with custom user and group IDs for better Kubernetes security contexts.
  • Improved Docker image permissions to support running with custom user and group IDs for better Kubernetes security contexts.
  • Improved handling of failed index creation migrations to allow safe re-execution of database updates.
  • Added capability to specify constraint of only one worker per node in Kubernetes deployments to optimize resource allocation. Learn more about scaling.

Fixes​

• Email alerts to inactive members, custom tags pagination, GitLab parent group permissions, secret analyzer validity checking. Learn more.
• Self-Hosted:
  • Corrected an issue preventing Self-Hosted customers from adding or editing custom severity rule sets.
  • Fixed an issue with ACL limitations on GCP and Azure cloud platforms where Redis deployments disable the ACL command, causing pre-deployment checks for the FLUSHDB command to fail. The system now gracefully handles scenarios where ACL commands are unavailable.

Version	Release Date
2025.4.0	April 25, 2025
2025.4.1	April 30, 2025
2025.4.2	August 8, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version.

⚠️ Important: This is a required release and cannot be skipped.

Feature highlights​

• NHI Governance — manage and secure Non-Human Identities with comprehensive observability and lifecycle management. Learn more
• Secrets Analyzer — enrich detected secrets with scope, permission, and ownership details for faster risk assessment. Learn more
• Custom tags — categorize and filter incidents with customized labels for improved remediation workflows. Learn more
• Log collector for Self-Hosted — seamless log collection system with Loki, MinIO, and Fluent Bit for faster troubleshooting. Learn more

Secrets Detection Engine​

• v2.134 — 1 new detector (Azure Logic App), 2 improved (LINE Messaging, OpenAI), 1 analyzer enhancement.
• v2.135 — 4 new detectors (Artifactory Reference Token, Artifactory Master Key, Artifactory Basic Auth), 4 improved (Snowflake, IBM Cloud, PlanetScale, Artifactory).

Enhancements​

• Jira DC incident filter, custom tags from search, custom webhook payload. Learn more.
• Jira configuration layout, navigation improvements, invitations API. Learn more.
• Self-Hosted:
  • Improved error messages for email configuration setup.
  • Enhanced debug capabilities with network diagnostic tools (netcat, openssl) in debug image. Learn more.
  • Extended readiness probe timeout on public-api for enhanced stability.
  • Added OpenShift restricted-v2 SCC support via global.compatibility.openshift.adaptSecurityContext. Learn more.
  • Added default support-bundle Role and optional ClusterRole creation.
  • PostgreSQL pgvector extension now required by default for upcoming ML features. Learn more.
  • Improved response times for issue occurrence queries through optimized request routing.
  • Standardized health check endpoint routing under main API hostname.

Fixes​

• Jira Cloud project key synchronization. Learn more.
• GitLab multiple group hook emails, read-only token webhook detection, system hook 403 errors, unnecessary webhook scans, incidents list refresh. Learn more.
• GitLab system hook 403 errors. Learn more.
• Self-Hosted:
  • Updated license expiration notification message for clearer guidance.
  • Added Content Security Policy (CSP) headers to HTTP responses for enhanced browser security.

Hotfixes​

2025.4.1​

  Release Date: April 30, 2025

Fixes​

• Self-Hosted:
  • Support Bundle Role creation disabled by default to accommodate customers with high security requirements (Helm).

2025.4.2​

  Release Date: August 8, 2025

Fixes​

• Self-Hosted:
  • Embedded Cluster with Embedded Redis configuration to use bitnamilegacy/redis registry following Bitnami's registry changes.

  Release Date: March 20, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version.

Feature highlights​

• Generic Secret Enricher — ML model that analyzes context to identify secret providers and categories with new filters. Learn more
• Secrets Managers integration — sync incidents with AWS, HashiCorp Vault, Azure, Google, Delinea, and Akeyless via ggscout. Learn more

Secrets Detection Engine​

• v2.132 — 5 new detectors (SMB Credentials, Azure Blob Storage, DeepSeek, Netlify v2, 1Password Service Account), 4 improved (Azure Storage Account, Generic Password, Groq, Netlify), 3 new checkers, 2 engine enhancements.
• v2.133 — 5 new detectors (OpenAI Project v2, OpenAI Admin, Netlify v2, 1Password Service Account, DeepSeek), 8 improved (OpenAI Service Account, Rails, GitHub, Groq, Artifactory, Generic Password, Dropbox, FCM).

Enhancements​

• Jira ticket templates with Incident ID variable, instant ticket creation. Learn more.
• Self-Hosted:
  • ggscout improvements: Vault preflight checks, hardened Helm chart, Replicated Proxy support, embedded cluster deployment, support bundle logs. Learn more.
  • Customizable Public API pagination maximum page size. Learn more.
  • Machine learning activated by default for embedded cluster installations. Learn more.
  • Automatic license synchronization for non-air-gap environments.
  • Added nodeSelector support in Helm jobs for enhanced node scheduling flexibility.

Fixes​

• Jira Cloud invalid state after uninstall, Microsoft Teams wrong team display. Learn more.
• Self-Hosted:
  • Added custom security contexts support for machine learning pods. Learn more.
  • Fixed Redis TLS connection errors in preflights.

  Release Date: February 20, 2025

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

Feature highlights​

• Search incidents by secret value — monitor secret leaks across thousands of repositories and sources. Learn more
• Bitbucket Cloud scanning — detect exposed credentials in Bitbucket Cloud repositories in real-time. Learn more
• Custom Tags Early Access — organize incidents with custom tags via API (UI support coming soon). Learn more
• Enhanced email incident alerting controls — manage email notification settings via API and customize account-level defaults. Learn more
• Autoscaling — HPA support for web applications with automatic scaling based on demand. Learn more

Secrets Detection Engine​

• v2.130 — 2 new detectors (Artifactory Token With Host, HubSpot Private App), 6 improved GitHub tokens (Enterprise, OAuth, PAT, Server-to-Server, User-to-Server).
• v2.131 — 2 new detectors (Azure Storage Connection String, HashiCorp Vault AppRole).

Enhancements​

• Scan only addition lines in commits, Jira custom fields support. Learn more.
• Jira Data Center user picker custom fields. Learn more.

Fixes​

• GitLab revocation on plan downgrades, Confluence Cloud spaceKey events, restricted user incident view, teammates table action menus, email notifications team routing. Learn more.
• GitLab large instance support, Azure Repos organization sync, PagerDuty real-time alerts. Learn more.
• User deletion with saved views, Azure Repos organization sync. Learn more.
• Self-Hosted:
  • Fixed Redis Sentinel connection with special characters in password (Helm).
  • Restored left navigation menu in KOTS admin console for embedded cluster installations (KOTS).

Version	Release Date
2025.1.0	January 20, 2025
2025.1.1	January 23, 20255

System Requirements Update​

Ensure your infrastructure meets the latest requirements for optimal performance and security:

Helm & Upgrade Considerations​

To ensure compatibility, please review Helm values updates from the previous version. Air gap deployment? Find all the images and tag names in the air gap install page.

⚠️ Important: This is a required release and cannot be skipped.

Feature highlights​

• Microsoft Teams security alerts — real-time GitGuardian alerts in Microsoft Teams with instant notifications. Learn more
• Jira Data Center auto-tracking — auto-create Jira issues, sync custom fields, and auto-resolve incidents. Learn more
• False Positive Remover v1 — internal ML model that halves false positives for Self-Hosted deployments. Learn more
• Slack secret scanning — scan full history of public and private Slack channels to detect leaked secrets. Learn more
• Remediation tracking — enhanced workflow with precise location details and real-time tracking of remediation progress. Learn more. ⚠️ You can adjust the scan rate limit for the file tracking engine via the scan_after_push_force_rate_limit preference on the Preferences page. Historical scans are recommended to ensure incidents requiring fixes are available in the dashboard.
• SCIM user deprovisioning — automatic user deprovisioning when users are removed from your IdP. Learn more

Secrets Detection Engine​

• v2.128 — 4 new detectors (Jenkins API, chpasswd, Nessus Agent, Statsig Server), 1 improved (FTP).
• v2.129 — 1 new detector (GitLab OAuth), 4 improved (Base64 High Entropy, GitGuardian Test Token, MSSQL, Zendesk).

Enhancements​

• Redesigned navigation menu, automatic repository monitoring control. Learn more.
• Jira Data Center user picker custom fields. Learn more.
• Self-Hosted:
  • GitHub integration: Improved real-time event handling for >100 commits and enhanced large patch processing.
  • Configurable commit length scanning via repo_scan_max_commit_length preference. Learn more.
  • ReplicatedSDK image now pulled from Replicated registry. Learn more.
  • Improved error messages for partially initialized databases.
  • Introduced Periodic Tasks page to adjust schedules and fine-tune execution.
  • Merged secrets_checks queue with background validity checks queue for optimized performance.

Fixes​

• Check runs messages, validity check tooltip, Jira issue tracking line feeds. Learn more.
• GitLab large instance support. Learn more.
• User deletion with saved views. Learn more.
• Self-Hosted:
  • Corrected sorting and filters on Worker Tasks page in the Admin area for improved usability.

Hotfixes​

2025.1.1​

  Release Date: January 23, 2025

Fixes​

• Self-Hosted:
  • Fixed GitGuardian dashboard 404 error in embedded cluster installations (excluding legacy Kurl clusters).
  • Fixed embedded cluster deployment with custom CA.
  • Fixed 404 error on /metrics endpoint for applicative metrics (Helm).
  • Fixed Replicated RBAC resources created despite rbac.enabled: false in Helm values.