Ongoing
Currently being developed
MFA with One-Time Password via email
Add an extra layer of protection for accounts that sign in with email and password. After login and before sensitive changes, you enter a one-time code sent to your inbox.
AI coding assistant integration (Cursor, Claude hooks)
Integrate GitGuardian secret detection into Cursor and Claude coding hooks, preventing secrets from being introduced during AI-assisted development.
Health checks through public API
Have the ability to retreive health checks for all sources and destination via the Public API.
Display full insights from the Analyzer or JWT & Base64 detectors
Whatever the Analyzer or encoded detector can feed us back with we display it
New "AI" workspace setting
The “AI” settings page will provide workspace admins with self-service controls to authorize or deny the use of AI in their workspaces.
Automated playbook: Auto-close low-risk incidents (risk score < 25)
Implement an automated playbook that closes incidents with a risk score under 25, targeting events stemming from test files, documentation, examples, and other clearly low-priority contexts.
False Positive remover for Non-VCS sources
Deliver a model (ML or LLM) for non-VCS sources (e.g., Confluence, Jira, Slack, Teams) with clear performance metrics and an improvement plan for reducing noise in non-VCS incidents.
GitHub Gists & events public source
Add GitHub Gists and public Events as public monitoring sources, extending secret detection coverage across the broader GitHub ecosystem beyond repositories.
Unhealthy status & transient error management
We need to better handle behaviors of our application when our Sources integrations face errors with our users' instances.
Natural language to filters
Let users describe what they're looking for in plain language and automatically translate it into dashboard filters, reducing friction for incident triage.
Analytics overview for Public Monitoring and NHI
Add analytics about public monitoring and NHI to the analytics overview page.
GitGuardian Agent v1
Explore in-app AI agents to assist SecOps with long-running, complex tasks 24/7, reducing manual workload for teams with limited security resources.
npm.js public source
Add npm.js as a public monitoring source to detect secrets leaked in package source code, configuration files, and build artifacts published to the npm registry.
AWS S3 integration
Scan S3 buckets
Team perimeter for non-VCS sources
Enable fine-grained team perimeter management for non-VCS sources (e.g., Confluence, Jira, Slack, Teams) within GitGuardian Dashboard. This will allow organizations to restrict and delegate access to incidents and integrations from these sources.
Microsoft Teams alerting (threaded) for public monitoring
Support all events supported by the new Custom Webhook notifier for Public Monitoring threaded
Generate Support Bundle in GitGuardian dashboard
Empower self-hosted users to create support bundles directly from the dashboard, eliminating the need for the Krew plugin manager. This simplifies troubleshooting by allowing quick and direct access to diagnostic data and streamlining the support.
Gerrit secret scanning
Support Gerrit VCS as a native integration
Attachments scanning on Atlassian integrations
Jira Cloud, Confluence Cloud, Jira DC, Confluence DC
Network Policies and Gateway API routing for Self-Hosted
Address lacks of default NetworkPolicies for traffic enforcement and use of legacy CAC-dependent NGINX routing, which prevents standardization and blocks web app autoscaling.
Next
Planned for upcoming development
Custom source (BYOS) integration improvements
Improve BYOS flexibility with async mode support, custom metadata (e.g. author email), and nested-source management per integration.
Allow Generic Detectors for non-VCS
Extend non-VCS sources (e.g., Confluence, Jira, Slack, Teams) scanning with support for generic and ML-based detectors, broadening secret detection coverage beyond structured VCS integrations.
Scalable custom perimeters (pagination, search, bulk actions)
Allow custom perimeter to scale with hundreds of thousands of sources, featuring pagination, advanced treeview, search, and bulk actions.
ggshield authentication at scale
Enable mass ggshield deployment without per-developer authentication, supporting 100+ machines with background scans and a centralized inventory view.
Block GitHub check runs based on incidents criteria
Configure which incidents actually block pull requests using flexible filters. Set rules based on severity, ML risk score, validity, and secret type to fail checks only for high-risk secrets while allowing lower-risk detections to pass, preventing false p
Wiz ASPM integration
Integrate GitGuardian with Wiz ASPM to surface secrets and NHI risks within customers' Wiz security context, enriching their application security posture management.
Filter alerts and tickets creation by incident criteria
Define custom rules to control which incidents trigger alerts and tickets. Filter by severity, ML risk score, validity, and secret type to ensure teams only receive notifications for critical security issues, minimizing noise and accelerating triage.
Secret graspers in historical scans
Enable historical scans to run against customer-defined secret graspers, retroactively surfacing secrets leaked before the grasper was created and closing historical coverage blind spots.
Remote GitGuardian MCP server for SaaS
Host GitGuardian's MCP server so developers can connect without manual setup, driving adoption of security tooling in AI coding workflows and marketplaces.
Time-aware historical scans
Make historical scans time-aware, scanning each developer only during their active perimeter period to eliminate irrelevant incidents from before they joined or after they left.
Perimeter Page 2.0: coverage & observability hub
Transform the Monitored Perimeter page into a Coverage & Observability Hub with improved visibility, actionability, and on-demand scan management for daily security operations.
Under Consideration
Being evaluated based on feedback
Drive ggshield adoption via GitHub check runs
Boost developer adoption of ggshield (GitGuardian's CLI/pre-commit tool) by blocking PR merges for developers who haven't used their PAT with ggshield in 30+ days. Automated reminders help close shift-left coverage gaps and reduce secrets reaching GitHub
Member mention in incident notes ("@john")
GitGuardian users struggle with collaboration, so we’re adding a mention (ping) system in incident notes to improve visibility and response while ensuring proper permissions and notifications.
Customer-managed SSL private keys for GG Bridge
The goal is for customers to maintain complete security control by generating and owning their private keys for GGBridge mTLS connections, ensuring sensitive credentials never leave their infrastructure.
Service Now ticketing for public monitoring
Support all events supported by the new Custom Webhook notifier for Public Monitoring
Jira Cloud/JiraDC ticketing for public monitoring
Support all events supported by the new Custom Webhook notifier for Public Monitoring
Remote GitGuardian MCP server for Self-Hosted
Run MCP server within Self-Hosted infrastructure
Developer page
Restore GPUB parity by introducing a developer page, letting users navigate from an incident to a developer's profile, perimeter dates, and GitHub link.
Automatic user and team sync with GitHub
Add the option in the dashboard to synchronize users, teams, and team perimeters with GitHub.
AI/ML Risk score for Self-Hosted
Support ML risk score for self-hosted customers
GitHub Check runs on GitGuardian dashboard
Add a dedicated GitHub "Check Runs" page in the GitGuardian dashboard to provide visibility into all check runs initiated by the platform: their status, timing, associated commits, incidents, and recovery options. This addresses persistent customer pain a
Repo banlist
Let customers suppress incidents from specific repositories (test repos, forks, documentation) in Public Monitoring, reducing noise and improving triage efficiency.
Health checks for alerting and ticketing
This Project aim to add a health check on all EBN notifier to automatically deactivate faulty configurations, avoid endless retries and tell our users which notifier is problematic and how to fix it.
AWS Security Hub integration
This integration would enable Security Hub’s enterprise customers to directly ingest and manage GitGuardian incidents within their AWS security operations.
Dedicated GitHub apps for Check runs to mitigate rate limits
To address GitHub Check Runs rate limit bottlenecks faced by large organizations, GitGuardian will introduce dedicated GitHub Apps specifically for Check Runs.
Threaded notification and direct-to-developer DM in Slack
This project aims to support threaded notification and DM for Internal Monitoring events and Public Monitoring events on Slack EBN notifier. (Honey tokens events will already be supported)
Discord alerting for public monitoring
This Project aim to migrate Discord notifier from REST to EBN and support all events supported by the new Custom Webhook notifier for Public Monitoring
Splunk alerting for public monitoring
This Project aim to migrate Splunk notifier from REST to EBN and support all events supported by the new Custom Webhook notifier for Public Monitoring
Pager Duty alerting for public monitoring
This Project aim to migrate Pager Duty notifier from REST to EBN and support all events supported by the new Custom Webhook notifier for Public Monitoring
Enriched analytics for Public Monitoring
Bring Public Monitoring analytics to parity with Internal Monitoring, giving customers trend visibility, coverage metrics, incident distributions, and perimeter activity data.
Released
Recently shipped
Version update alerts for Self-Hosted customers in GitGuardian dashboard
Self-hosted customers need proactive notifications within the GitGuardian dashboard when new versions are available, reducing the manual effort required to stay current with security updates and new features.
Slack app secret scanning: marketplace-ready integration
Improvements in Slack Application to make it accepted on Marketplace
Red Hat Quay Integration
Add Red Hat Quay as a supported container registry source, enabling secret detection in images and artifacts stored in customers' Quay instances.
JFrog Artifactory package registry secret scanning
This project aims to add an integration to cover JFrog Artifactory in addition to JFrog Container Registry that we already cover.
Ownership of NHI
Add ownership to NHIs by auto-categorizing owners from integration data and enabling users to manually assign, update, or remove ownership in the dashboard.
Dark mode and refreshed light theme
Update the design system to support dark mode and refresh the light mode color palette, ensuring consistent theming across all ui components and key pages.
GitGuardian on Google Cloud Marketplace
List GitGuardian Internal Monitoring (Self-Hosted) on the Google Cloud Marketplace to streamline procurement and expand enterprise reach.
Prioritize internal incidents with ML
GIM SaaS / Self-Hosted
In-App Analytics - Overview
Add an overview page to our analytics dashboard so customers can get a quick summary of their data.
In-App Analytics for Self-Hosted
Bring in-app analytics to Self-Hosted customers, providing visibility into security posture, incident trends, and coverage without requiring cloud connectivity.
NHI Inventory by identities
Build an NHI inventory organized by identity (service accounts, bots, API keys) giving security teams a centralized view of all non-human actors in their environment.
For older releases, see SaaS Release Notes or Self-Hosted Release Notes.
