Skip to main content

Versions

2024.6.0

Release dateJune 17, 2024
Minimum KOTS version1.107.7
Minimum Kubernetes version1.25
Minimum PostgreSQL version13
Minimum Redis version6

Features

Bug fixes

  • Jira Cloud Alerting: fix an issue where Jira automatic configurations remained invisible to 'member' role users within the 'All Incidents' team, ensuring uniform visibility across teams.
  • API:
    • fix a problem causing conflicting information between the UI and the API regarding team permissions.
    • fix an incorrect self-hosted instance URL in the API documentation.
  • Historical scan: attribute automatic historical scans of new repositories to "GitGuardian Bot" in audit logs.
  • Cluster management:
    • add missing readiness/liveness probes in gitguardian-app pods in the legacy architecture.
    • fixed issue preventing bundle generation in Openshift environments.

2024.5.1

Release dateMay 29, 2024
Minimum KOTS version1.107.7
Minimum Kubernetes version1.25
Minimum PostgreSQL version13
Minimum Redis version6

Bug fixes

  • Custom webhook: fix a bug sending notifications for deactivated secret detectors.
  • Helm: fix an issue with the upgrade-path-check job failing on OpenShift cluster due to RBAC resource creation order.

2024.5.0

Release dateMay 22, 2024
Minimum KOTS version1.107.7
Minimum Kubernetes version1.25
Minimum PostgreSQL version13
Minimum Redis version6
Migration to the new architecture

We strongly recommend that all our customers currently using the legacy architecture transition to our new architecture, which offers numerous advantages! For a detailed overview of the new architecture and guidance on determining whether you're using the New or Legacy GitGuardian architecture, please visit the New GitGuardian Architecture page.

Features

  • Secrets detection engine: upgrade to version 2.111 with the addition of 7 new detectors (Dropbox Key, Midtrans API Key, Sanity Token, Zuplo API Key, Grafana Cloud API Key, Groq API Key, Nx Cloud Token) and the improvement of 4 detectors (Artifactory Token, GoCardless API Key, Plivo Auth Tokens, Generic High Entropy Secret)
  • Secrets detection engine: Generic CLI Secret and Generic Database Assignment detectors are now supported and active by default for data sources other than VCS.
  • Honeytoken: context creation strategies for honeytoken deployment jobs now allow to choose only dynamic contexts.
  • Privacy mode: this (mode) allows to obfuscate secrets and other sensitive information on the GitGuardian UI.
  • Jira Cloud integration: introduction of a new version of our Jira Cloud integration for issue tracking. It now offers
    • automatic creation of a Jira issue as soon as a new incident is triggered,
    • management of Jira custom fields,
    • and an auto-resolve feature that marks the incident as resolved in your dashboard when the issue is closed in Jira Cloud. More information available in the documentation.
  • Filters: the history of AI queries can now be deleted.
  • API: the workspace_id is now included in the payload of API tokens.
  • Check runs: a comment is posted on the pull request when a secret is uncovered.
  • Historical scan: improve historical scan status overview on the perimeter page side bar.
  • Helm:
    Upgrading to 2024.5

    This release includes breaking changes. Upgrade to 2024.5.0 using the upgrade notes. You can also find more details in the Helm value file page.

    • we officially support Argo CD, please refer to the Argo CD specifics page to learn more.
    • add istio.gateway.enabled parameter to be able to disable Istio Gateway handling when Istio is enabled.
    • give the ability to specify dedicated labels and podLabels for migrations resources.
    • give the ability to customize the RefreshInterval parameter for externalSecrets.
    • it is now possible to set the initial admin password in an existing secret.
    • update to the latest version of the Replicated SDK 1.0.0-beta.20 used for license management and custom telemetry.
  • Cluster management:
    • GitGuardian currently supports PostgreSQL 13 to 16 (previously, versions 15 and 16 were experimental).
    • Check CA validity during preflight for both KOTS and Helm installation. If you previously installed GitGuardian on an existing cluster and planning to upgrade to 2024.5.0, you must modify the rule for the core api group in your configuration by adding:
      - apiGroups: [""]
      resources: ["events"]
      verbs: ["list"]
      Refer to the Kubernetes Application RBAC page.

Bug fixes

  • GitLab integration:
    • fix an issue where the installation status was incorrectly displaying as 'no longer monitored' in the tooltip, despite being actively monitored.
    • when re-enabling a disabled webhook in GitLab, the error on the GitGuardian dashboard is now cleared automatically within 20 minutes.
  • Filters: the "per-page" selection for each table is now persisted.
  • API: correct a bug that allowed members to view sources they should not have been able to access when using the /sources endpoint.
  • Check runs: fix a bug that is causing related incident IDs to be missing in the check run summary.
  • Cluster management:
    • rename celeryWorkers.realtime_ods to celeryWorkers.realtime-ods.
    • ensure consistent naming for pre-post release jobs throughout the application lifecycle, preventing pod accumulation.
    • introduce Time-to-Live (TTL) functionality to remove pre-post jobs after 30 days.
  • Helm: fix an issue when Helm installation using a custom CA fails when pod security policy is enforced.

Security fixes

  • CVE: update packages to resolve CVE-2024-36039 with critical severity.

2024.4.2

Release dateMay 10, 2024
Minimum KOTS version1.107.7
Minimum Kubernetes version1.25
Minimum PostgreSQL version13
Minimum Redis version6

Bug fixes

  • Check runs: display accurate error message when a check run fails due to rate limiting.

2024.4.1 - Required

Release dateApril 25, 2024
Minimum KOTS version1.107.7
Minimum Kubernetes version1.25
Minimum PostgreSQL version13
Minimum Redis version6

Bug fixes

  • Bitbucket integration:
    • fix an issue where uninstalling a Bitbucket project inadvertently occurred when a token was removed, despite other valid tokens being present.
    • enhance logging mechanisms surrounding Bitbucket token operations for better troubleshooting.
  • Azure repos integration: fix a problem with updating a repository when the token is either invalid or missing.
  • Cluster management:
    • fix an issue where the no-proxy list wasn't correctly applied for KOTS installation.
    • add missing debug image to the KOTS airgap bundle.
  • Migration new architecture: fix an issue occurring when the KOTS admin password contains special characters.
  • Prometheus exporter:
    • fix error 500 from the /metrics path of the exporter when using AWS Elasticache Redis.
    • fix RBAC error occurring when activating GitGuardian Prometheus exporter in the new architecture with KOTS. If you previously installed GitGuardian on an existing cluster you must modify the rule for monitoring.coreos.com in your configuration. Refer to the Kubernetes Application RBAC page.
      - apiGroups: ["monitoring.coreos.com"]
      resources: ["servicemonitors"]
      verbs: ["get", "list", "watch", "create", "update", "delete"]

Security fixes

  • CVE: update packages to resolve CVE-2024-3817 with critical severity.

2024.4.0

Release dateApril 17, 2024
Minimum KOTS version1.107.7
Minimum Kubernetes version1.25
Minimum PostgreSQL version13
Minimum Redis version6

Features

  • Secrets detection engine: upgrade to version 2.109 with the addition of 5 new detectors (Snowflake API credentials, Replicate User Access Token, Workato API Key, Azure Open AI API key, Kubernetes Docker Secret) and the improvement of 7 detectors (Rails Master Key, Generic password, Generic High Entropy secret, GitLab Token, Google API Key, Okta Keys, Slack Bot Token)
  • Honeytoken deployment jobs: automate the deployment of honeytokens in your code repositories from GitLab, GitHub and GitHub Enterprise! This is a business-only feature. Read more about Deployment jobs in our documentation.
  • Jira Cloud integration: Jira Cloud integration is now supported for real-time secret detection and honeytoken detection.
  • Incidents: it is now possible to filter on Occurrences count.
  • Incidents details: introduction of a secret identity card on each secret incident detail page.
  • Check runs: skip actions are now aligned with the ignored reasons (false positive, test credential, low risk). Tags (Tagged as [false positive|test credential|low risk] in check runs) are added to the corresponding secret incident when this action is taken.
  • API: the breakdown of secret incidents by severity is displayed in the payload of the sources.
  • Helm:
    • to ensure your existing cluster meets the Gitguardian's requirements, you can run our new preflight script.
    • add version check before Helm upgrade to ensure no required versions are skipped. If using a private registry for deployment, make sure to download the new image helm-tooling.
  • Helm Chart:
    • add custom labels to differentiate multiple GitGuardian deployments within the same Kubernetes cluster. Refer to commonLabels in Helm Chart Values. Example:
      commonLabels:
      env: staging
    • add an option to use Generic Ephemeral Inline Volumes for all worker pods. For further details, refer to the Scalling page.
  • Scaling: a new pod called worker-realtime-ods was added in the new architecture. If Slack or Jira Cloud scanning isn't needed, set its replicas to 0 to save resources via your Helm value file or the KOTS Admin Console.
  • Health Check: remove VCS health checks from the Admin Area, now available under Settings > Workspace > Integrations.

Bug fixes

  • Jira integration: fix an issue that was hindering the assignment on JIRA tickets upon creation.
  • Audit log: correct the logs related to the creation and removal of teammates through the API.
  • Cluster management:
    • add missing links to KOTS Admin Console for embedded cluster in the Admin Area.
    • fix an issue with the KOTS preflights in the legacy architecture for embedded installation when an ElastiCache Redis instance is configured with TLS enabled.
    • set default number of replicas for scanner_ods pod to 0 for legacy architecture running on openshift.

Security fixes

  • CVE: update packages to resolve CVE-2024-1135 and GHSA-2m57-hf25-phgg with high severity.

2024.3.2

Release dateApril 5, 2024
Minimum KOTS version1.107.7
Minimum Kubernetes version1.25
Minimum PostgreSQL version13
Minimum Redis version6

Bug fixes

  • GitHub integration: fix an issue where managers and owners were unable to add new GitHub sources to the dashboard.
  • Check runs:
    • improve error collection on check runs.
    • fix an issue where GitHubNotFound errors prevented the completion of check runs.

Security fixes

  • CVE: update packages to resolve CVE-2024-28219 with high severity.

2024.3.1

Release dateMarch 28, 2024
Minimum KOTS version1.107.7
Minimum Kubernetes version1.25
Minimum PostgreSQL version13
Minimum Redis version6

Bug fixes

  • Incidents: resolve a bug triggered by secret incidents detected by custom detectors, causing the incidents list to fail to load.
  • GitLab integration:
    • fix GitLab installation check task issue affecting system hook installations.
    • fix an issue with sending emails to users who are no longer token owners within the GitLab installation.

2024.3.0

Release dateMarch 19, 2024
Minimum KOTS version1.107.7
Minimum Kubernetes version1.25
Minimum PostgreSQL version13
Minimum Redis version6

Features

  • Secrets detection engine: upgrade to version 2.106 with the improvement of 3 detectors (Generic Password, Generic High Entropy Secret, Base64 Generic High Entropy Secret).
  • Slack integration: Slack integration is now supported for real-time secret detection and honeytoken detection on Self-Hosted.
  • Secret SLAs: add the "First detected" date in incidents details and the associated filter in the Secret incident dashboard.
  • Incidents:
  • Check runs: add check_runs_overrides_labels_ghe option in the preferences to enable overriding the check run settings with repository labels on GitHub Enterprise.
  • Health Check: introduce tracking for last execution and last success times, refine error messaging, and adopt non-HTTP status codes.
  • Images: GitGuardian images are now signed with Cosign, exclusive to the new architecture.
  • Kubernetes Version Support: GitGuardian now supports Kubernetes versions 1.28 and 1.29 (experimental). More information in the System requirements page.
  • Cluster management:
  • Helm Chart: update to the latest version of the Replicated SDK 1.0.0-beta.16 used for license management and custom telemetry.

Bug fixes

  • Incident details: fix an issue on the git patch restricted visibility feature that was preventing members from seeing the patch they were involved in based on email matching.
  • GitHub integration: performance improvement when a lot of repositories are added at the same time.
  • GitLab integration:
    • fix an issue where the GitLab instance URL was incorrectly displayed instead of the GitLab token name.
    • remove the "Check Again" button from the health check for users on the Free plan.
  • Bitbucket integration: improve handling of token revocation to prevent issues when a repository changes ownership.
  • Cluster management:
    • preflight checks now confirm support for Redis version 7.
    • remove the link to the KOTS Admin Console from the Admin Area for existing cluster installations (both Helm and KOTS). For further details, refer to the Access to the Admin Area page.
    • set default number of replicas for scanner_ods pod to 0 for new architecture.
    • fix an issue with the periodic task related to the database encryption key rotation.
  • Helm Chart: add missing podAnnotations in webapp object definition.

Security fixes

  • CVE: update packages to resolve CVE-2023-27043 with medium severity.

2024.2.1

Release dateMarch 4, 2024
Minimum KOTS version1.107.4
Minimum Kubernetes version1.25
Minimum PostgreSQL version13
Minimum Redis version6

Bug fixes

  • Incident: fix an issue with validity check failure hitting a timeout in some specific cases
  • Cluster management: fix an issue with KOTS preflights failing with PostgreSQL or Redis with TLS enabled
  • SMTP configuration: make the option to support SMTP servers using a self-signed certificate permanent. More details in the Configure the email system page.

Security fixes

  • CVE: update packages to resolve GHSA-6vqw-3v5j-54x4, GHSA-r53h-jv2g-vpx6 with high severity; and GHSA-v53g-5gjp-272r with medium severity.

2024.2.0

Release dateFebruary 20, 2024
Minimum KOTS version1.107.4
Minimum Kubernetes version1.25
Minimum PostgreSQL version13
Minimum Redis version6

Features & improvements

  • Secrets detection engine: upgrade to version 2.105 with the addition of 7 new detectors (Square Token, Bunny.net API Key, Hugging Face user access token, CircleCI Project Token, Claude API Key, Grafana Service Account Token With Host, Klaviyo API Key) and the improvement of 8 detectors (Beamer API Key, NuGet API Key, Paypal OAuth2 Keys, Twitter Tokens, CircleCI Personal Token, Django Secret Key, Generic High Entropy Secret, Heroku Platform Key).
  • SSO: the option 'Force SSO' applies to owners as well when enabled. More details in the Force SSO section of the documentation.
  • Incidents: exporting CSV secret incidents now allows changing the separator used, comma (default) or tab. More details in the Export data section of the documentation.
  • Incident details: update of the default remediation workflow.
  • Check runs:
    • the preview of the "How to remediate" instructions in markdown is enhanced when you customize them.
    • the incident status is displayed in the GitHub check run details.
    • improve causes of errors transparency and timeouts in the check run summary.
    • is_actionable_checkrun_enabled preference in the Admin area is deprecated. Action buttons on checkruns are now enable by default.
  • Custom detectors: improve error messages for invalid regex when requesting a custom detector.
  • GitHub integration: add commit_collector_max_workers option in the preferences to use more workers to collect commits.
  • GitLab integration: we now detect and notify by email and raise a health check error when a GitLab group hook was disabled by GitLab, causing the monitoring not to work anymore.
  • Azure repos integration: improvement of the billing metrics. You now must check the Graph:Read scope in your Personal Access Token. More information in our VCS integrations documentation.
  • Cluster management:
  • Helm Chart:
    • replace deprecated v1alpha1 API version of External Secret Manager with the latest version v0.9.11.
    • update to the latest version of the Replicated SDK 1.0.0-beta.14 used for license management and custom telemetry.
  • Applicative Metrics: rename appExporter to webAppExporter and celeryExporter to statefulAppExporter in the Helm-based Prometheus activation. For more details in the Applicative metrics page.
  • SMTP configuration: provide an option to support SMTP servers using a self-signed certificate. More details in the Configure the email system page.

Bug fixes

  • Force SSO activation: fix an issue where authentication page “Force SSO Toggle” enabled “By default to all incident team” toggle as well.
  • GitLab integration: fix an issue where revoked tokens weren't detected as such if not actively used by a configured GitLab group.
  • GitHub integration: disable repositories are now marked as such when searching GitHub integrations.
  • Bitbucket integration:
    • correct failure message and re-check button when the Bitbucket integration stops working.
    • syncing installs with a new token now correctly retains projects linked to the old token, preventing unintended deletion of all projects.
    • adds a default timeout to all requests made by the Bitbucket client.
  • Cluster management:
    • fix a "failed to verify certificate" error when a proxy is configured in the KOTS config during a migration.
    • adjusted embedded cluster settings: system time zone to UTC, maximum database connections to 500, and idle timeout to 1 hour.
    • fix an issue with liveness probes failing.
  • Historical scan: fix an issue with missing audit logs for historical scans.

Security fixes

  • CVE: update packages to resolve critical vulnerabilities GHSA-4v98-7qmw-rqr8, GHSA-wr6v-9f75-vh2g; high severity vulnerabilities GHSA-9763-4f94-gfch, GHSA-m3r6-h7wv-7xxv, GHSA-xr7r-f8xq-vfvv; and medium severity vulnerabilities GHSA-hpxr-w9w7-g4gv, GHSA-9p26-698r-w4hx, CVE-2023-52071.

2024.1.3 - Required

Release dateFebruary 6, 2024
Minimum KOTS version1.107.4
Minimum Kubernetes version1.25
Minimum PostgreSQL version13
Minimum Redis version6

Bug fixes

  • Cluster management:
    • remove the rqlite DB data dump from support bundles generated by KOTS.
    • fix migration by using specific models, avoiding variable external dependencies.
    • enable ability to perform the database encryption key rotation in the Admin area.

2024.1.2

Release dateJanuary 25, 2024
Minimum KOTS version1.104
Minimum Kubernetes version1.25
Minimum PostgreSQL version13
Minimum Redis version6

Bug fixes

  • Bitbucket integration: fix an issue which revoke the access token when the project only has read permission.

2024.1.1

Release dateJanuary 17, 2024
Minimum KOTS version1.104
Minimum Kubernetes version1.25
Minimum PostgreSQL version13
Minimum Redis version6
Upgrade Requirements

Ensure the btree_gin PostgreSQL extension is installed for optimized text search performances. Manual installation by the user or sufficient privileges for the database user utilized by GitGuardian are required. Failure to install manually or insufficient privileges may result in an error during the upgrade, hinting at the necessity of CREATE privilege on the current database for extension installation. More details in the System requirements page.

Features & improvements

  • Secrets detection engine: upgrade to version 2.102 with the addition of 8 new detectors (Base64 AWS IAM Keys, Base64 AWS SES Keys, Readme API Key, Tailscale API key, Tailscale oauth key, Tailscale pre-auth key, Tailscale SCIM key, Tailscale webhook key) and the improvement of 1 detector (Vercel API Access Token).
  • Source criticality: a new parameter at the source level to help users prioritize their Secret, SCA, and IaC incidents. Refer to the documentation for more details.
  • Check runs: the preview of the "How to remediate" instructions in markdown is enhanced when you customize them.
  • Custom detectors: improve error messaging for invalid regex when requesting a custom detector.
  • Chainguard: Chainguard-based GitGuardian images are now used by default, enhancing security by reducing CVE exposure. Available only on the new GitGuardian architecture. Additionally, both KOTS admin version 1.104.4 and Replicated SDK version 1.0.0-beta.12 are built using a distroless base image from Chainguard.
  • SMTP configuration: the system now supports unauthenticated SMTP server, allowing for more flexible email service integration.
  • KOTS preflights: update preflights to support TLS for Redis and PostgreSQL.
  • Helm Chart:
    • Private registries: introduce support for the replicated SDK image and offer an option to include a custom nginx image for private CA insertion. For detailed information, refer to the Install on Airgap page.
    • RBAC: add Kubernetes Roles and RoleBindings required for the app in the Helm Chart (optional but enabled by default). Refer to rbac in Helm Chart Values.
  • Cluster management: update Kubernetes version to 1.27 for embedded cluster. For further details, refer to the Upgrade page.

Bug fixes

  • Airgap: add missing Replicated SDK image in airgap bundle.
  • SSO: fix a server error (500) issue with login via SSO on KOTS install in the new architecture.
  • Helm: fix a Nil Pointer error that occurs during a helm upgrade of GitGuardian when specifying the djangoSecretKey in the local-values.yaml.
  • Custom webhook: fix webhook event serialization error when no hmsl_hash is present in the secret.

2023.12.1

Release dateDecember 19, 2023
KOTS version validatedv1.104
Minimum Kubernetes version1.24
Minimum PostgreSQL version13
Minimum Redis version6

Bug fixes

  • Bitbucket integration: add auth_error_grace_period option in preferences for setting a grace period before token revocation.
  • Cluster management: fix an issue with the database migration when schema name is not "public".
  • API: fix random HTTP/502 errors while navigating in the application.

2023.12.0

Release dateDecember 13, 2023
KOTS version validatedv1.104
Minimum Kubernetes version1.24
Minimum PostgreSQL version13
Minimum Redis version6
Upgrade Requirements

For customers upgrading to the new version:

  1. Before upgrading GitGuardian, you must upgrade to KOTS version 1.104 or later for optimal performance and compatibility.
  2. If you previously installed GitGuardian on an existing cluster using KOTS and either lack cluster-admin rights in your Kubernetes cluster or wish to limit permissions for the KOTS Admin Console, you must modify the rule for apps in your configuration by adding replicasets resource. Refer to the Kubernetes Application RBAC documentation page.
- apiGroups: ["apps"]
resources: ["daemonsets", "deployments", "deployments/scale", "replicasets", "statefulsets"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]

Features & improvements

  • Azure Repos integration: the monitoring of your Azure Repos repositories is now done in real-time. Refer to the documentation for more details.
  • Filters: a new way of filtering pages, more streamlined and intuitive.
  • Jira Cloud integration: Jira issues can now be created without assigning them to anyone.
  • IP allow-listing for Honeytoken: it's now possible to add IP ranges to an allow-list, ensuring events from these IPs won’t trigger the honeytokens. Learn more about IP rules.
  • GitHub integration: improvement of check runs to support the GitHub Merge Queue feature.
  • Onboarding: implementation of an onboarding todo list to guide users in their first steps on the application
  • Help Center: enrich the Help Center with additional resources.
  • Kubernetes Version Support: GitGuardian now supports Kubernetes versions 1.27 and 1.28 (experimental). More information in the System requirements page.
  • Helm and KOTS installation: introduce a new pod Replicated SDK for license management and telemetry collection. More information in the Replicated documentation.
  • Helm Chart:
    • Private registries: support specifying existing Docker secrets and custom registries, enabling image pulls from private registries. Refer to the documentation for more details.
    • Kubernetes resource: add missing Kubernetes resources properties for Pre/Post deploy jobs and nginx init containers.
    • Pod security context: implements enhanced pod security context configurations in line with Kubernetes v1.25's Pod Security Admission feature, now customizable via Helm values for improved security compliance. Refer to containerSecurityContext in Helm Chart Values.
  • Custom Telemetry: gather product usage metrics, such as VCS and incidents numbers, API call statistics. We prioritize your privacy and assure you that no personal data is collected through this process. It can be easily deactivated by adjusting the custom_telemetry_active setting found in the preferences section in the Admin area.

Bug fixes

  • GitHub integration: handling of GitHub app ownership transfer: it is now possible to change ownership without deleting the self-hosted application.
  • Incidents: filtered results in CSV export: CSV export keeps the filters applied.
  • API: fix /secret_detectors endpoint to filter out detectors that have been administratively disabled by GitGuardian.
  • User Preferences: fix an issue where the "email not configured" banner incorrectly persists in private browsing mode due to a failure in loading user preferences.
  • Historical scan: ensure UTF-8 character encoding compatibility for filenames in repositories.

2023.11.0

Release dateNovember 16, 2023
KOTS version validatedv1.102
Minimum Kubernetes version1.24
PostgreSQL supported version13
Redis supported version6

Features & improvements

  • Secrets detection engine: upgrade to version 2.99.1 with the addition of 6 new detectors:
  • Incident details: git patches of occurrences can now have restricted visibility to only the teams and developers involved with the occurrence, thanks to a workspace setting. If the git patch of an occurrence is too large, a link to the Version Control System is displayed instead.
  • Teams: users can now filter the incidents and the perimeter pages based on their teams. Managers have the flexibility to filter any team, while Members can only filter their own teams.
  • API: New endpoint to retrieve secret incidents of a team.
  • ggshield: ggshield auth login flow now asks you to confirm scopes.
  • Historical scan: addition of some details in the status tooltip, including scan duration and number of commits and branches scanned. For failed scans, the tooltip now also displays the reason for the failure.
  • Alerting integrations: alerting integrations are now available at team level. More information in our teams documentation.
  • Kubernetes Version Support: GitGuardian now supports Kubernetes versions 1.25, 1.26, and offers experimental support for version 1.27 for Existing Cluster installations. More information in the System requirements page.
  • Honeytoken: Honeytoken module is now available for Self-Hosted customers. This feature is available upon request.
  • Chainguard: introducing an experimental.chainguard flag in Helm chart values for enabling Chainguard-based GitGuardian images, enhancing security by reducing CVE exposure. Default is false, available only in Helm-based install on the new GitGuardian architecture.
  • Cluster Management:
    • support of GitGuardian installation via KOTS using the new GitGuardian architecture.
    • update Kubernetes version to 1.25 for embedded cluster. For further details, refer to the Upgrade page.

Bug fixes

  • Azure repos integration: installation status persists on all pages until the installation is complete. Removing a token no longer causes a crash in other installation.
  • Bitbucket integration: prevents connection errors from revoking a Bitbucket token, letting instances go through maintenance without needing to re-enter their token afterwards.
  • Teams: fix a bug that caused incidents belonging to an unmonitored repository to still be visible to the team.
  • Historical scan: support for special UTF-8 characters, like Kanji, in filenames during historical scans. Improve handling of commits without dates.

2023.10.1

Release dateNovember 2, 2023
KOTS version validatedv1.102
Minimum Kubernetes version1.24
PostgreSQL supported version13
Redis supported version6

Bug fixes

  • Security: update Contour (ingress controller for Kubernetes) to provide protection against CVE-2023-44487
  • Cluster management: resolve an issue where migration jobs would fail and the app wouldn't start when Redis Sentinel was used.

2023.10.0 - Required

Release dateOctober 23, 2023
KOTS version validatedv1.102
Minimum Kubernetes version1.24
PostgreSQL supported version13
Redis supported version6

Features & improvements

  • Secrets detection engine: upgrade to version 2.97.
  • OpenShift: we officially support OpenShift, please refer to the OpenShift specifics page to learn more.

Bug fixes

  • Check runs: fix neutral check runs being created on workspaces with check runs disabled.
  • Custom detectors: update the message when a custom detector request cannot be edited due to its current status.
  • Incident details: fix a bug causing the absence of an expiration date on public share links generated by the Auto-healing playbook.
  • Health check: prevent UI from crashing on unknown Health check error code.
  • API: fix timeout issues on the /occurrences/secrets endpoint when using a date filter.
  • SSO: fix conflict happening when signing up via SSO while having a pending invitation.
  • Notifications: fix Linkedin link in email footer.
  • Bitbucket integration: remove automatic revocation of the token when the connection is down.
  • Historical scans: process incidents and occurrences in batches of 500 for efficient memory use.

2023.9.2

Release dateOctober 5, 2023
KOTS version validatedv1.102
Minimum Kubernetes version1.24
PostgreSQL supported version13
Redis supported version6

Bug fixes

  • Cluster management: fix an issue that hindered the generation of support bundles on Helm-based instances.
  • Cluster management: fix an issue that prevented the deployment of applications on an OpenShift cluster when utilizing Redis Sentinel.

2023.9.1

Release dateSeptember 25, 2023
KOTS version validatedv1.102
Minimum Kubernetes version1.24
PostgreSQL supported version13
Redis supported version6

Bug fixes

  • Jira integration: fix a configuration issue preventing the usage of Jira integration on a self-hosted environment.

2023.9.0

Release dateSeptember 21, 2023
KOTS version validatedv1.102
Minimum Kubernetes version1.24
PostgreSQL supported version13
Redis supported version6

Features & improvements

Bug fixes

  • Incidents: fixed the sorting of incidents by severity when some severities are automatically set.
  • Incidents: fixed wrong occurrence count on incident page.
  • Incidents: the tooltip displaying the sources is now displayed correctly.
  • Custom webhook: fixed duplicate notifications being sent when setting incident severity using a bulk action.
  • API: fixed invalid link in personal access token expiration email notification.
  • Custom detectors: update the message when a custom detector request cannot be edited due to its current status.
  • Incident details: fixed a bug causing the absence of an expiration date on public share links generated by the Auto-healing playbook.
  • Health check: prevent UI from crashing on unknown Health check error code.
  • API: fix timeout issues on the /occurrences/secrets endpoint when using a date filter.
  • SSO: fix conflict happening when signing up via SSO while having a pending invitation.

2023.8.0

Release dateAugust 22, 2023
KOTS version validatedv1.94
Minimum Kubernetes version1.23
PostgreSQL supported version13
Redis supported version6

Features & improvements

Bug fixes

  • API: fix an error preventing the creation of an invitation when the role was not specified.
  • Personal access tokens: personal access tokens can now be searched by name, and ordering by name now works correctly.

Deprecation

  • Custom webhook v1: the feature has been replaced by the event-based custom webhooks. More information in the documentation here.

2023.7.1 - Required

Release dateJuly 17, 2023
KOTS version validatedv1.94
Minimum Kubernetes version1.23
PostgreSQL supported version13
Redis supported version6

Bug fixes

  • Custom webhook: fix notifications for when a bulk action is performed. Previously, only one notification would be sent for the first incident affected by the bulk action. However, now notifications are sent for each incident that is modified by the bulk action.

2023.7.0

Release dateJuly 17, 2023
KOTS version validatedv1.94
Minimum Kubernetes version1.23
PostgreSQL supported version13
Redis supported version6

Features & improvements

  • Automated severity scoring: managers and workspace owners can now activate the automated severity scoring feature for Self-Hosted environments in order to automatically score incidents with a severity.
  • Custom severity rules: the severity ruleset used by the automated severity scoring is now customizable to maximize the coverage of automatically scored incidents.
  • Incident details: feedback about the incident can now be submitted in a standardized way through a form that is available on the incident's page.
    Refer to this page for more information on how to use this form effectively and involve your developer population during the remediation process.
  • Incidents: addition of new filter to select the incidents that are publicly shared.
  • Teams: team owners with the Member role can now invite brand new users to the workspace when adding teammates to their team. This feature can be deactivated.
    For more details, please refer to this page.
  • Grant access: users with Full access incident permissions can now invite brand new users to the workspace when granting access to an incident.
    For more details, please refer to this page.
  • Secrets detection engine: upgrade to version 2.93 with the addition of four new detectors:
  • API: managers can now enforce a maximum lifetime for personal access tokens generated on their workspace.

Bug fixes

  • Emails: button URLs are now hardcoded to prevent a bad user experience when the button is not visible due to HTML-escaping by email providers.
  • PagerDuty Integration: title update in PagerDuty incidents to eliminate confusion regarding the number of occurrences.
  • Cluster management: fix an issue on proxy configuration that was not correctly propagated for some integrations, causing network requests time out.

2023.6.0

Release dateJune 12, 2023
KOTS version validatedv1.94
Minimum Kubernetes version1.23
PostgreSQL supported version13
Redis supported version6

Features & improvements

Bug fixes

  • Authentication: fix broken email confirmation link when registering with email and password.

2023.05.1

Release dateMay 29, 2023
KOTS version validatedv1.94
Minimum Kubernetes version1.23
PostgreSQL supported version13
Redis supported version6

Bug fixes

  • Cluster management: fix an issue on Redis Sentinel that failed to start, blocking GitGuardian's launch.

2023.05.0

Release dateMay 15, 2023
KOTS version validatedv1.94
Minimum Kubernetes version1.23
PostgreSQL supported version13
Redis supported version6

Features & improvements

Bug fixes

  • Custom severity rule: fix wrong timeline when setting a manual severity to an incident having only an automatic severity.
  • Grant access: copy-pasting now works correctly.
  • Incidents: performance for loading secret incidents has been improved for workspaces with a large number of incidents.
  • Loader: fix loader size in incident and Perimeter pages.
  • API: comment field is now required on incident note creation endpoint.

2023.04.0

Release dateApril 17, 2023
KOTS version validatedv1.94
Minimum Kubernetes version1.23
PostgreSQL supported version13
Redis supported version6

Features & improvements

  • Custom remediation workflow: remediation workflow is now 100% customizable thanks to the deletion of the last static step.
  • Secrets detection engine: upgrade to version 2.87 with the addition of a new detector (Keycloak API Keys).
  • API: new endpoints are added for API tokens management (personal access tokens and service accounts).
  • API: new fields resolver_id and ignorer_id are available in the secret incident payload.

Bug fixes

  • Members: fix invitation link for new members.
  • Jira integration: Jira ticket creation CTAs are hidden for workspaces without a single Jira site installed.
  • Jira integration: fix permission issues by disabling the configure button for users without a Manager role and allowing users with the Restricted role and Can edit permissions to create a Jira ticket.
  • Detectors list: when the validity checks are disabled, the detectors are sorted by status.
  • Notifications: fix empty emails being sent after an occurrence was found during real time scan.
  • Personal access tokens: Restricted users now only see the scan scope in the personal access token form.
  • Cluster management: fix password issue that was blocking application initialization during GitGuardian installation.

2023.03.1 - Required

Release dateMarch 27, 2023
KOTS version validatedv1.94
Minimum Kubernetes version1.23
PostgreSQL supported version13
Redis supported version6

Bug fixes

  • Cluster management: suppression of preflight checks that were failing for new installation with embedded air-gapped configuration with PostgreSQL 13.

2023.03.0

Release dateMarch 13, 2023
KOTS version validatedv1.94
Minimum Kubernetes version1.23
PostgreSQL supported version13
Redis supported version6

Features & improvements

  • Azure Repos: addition of a loader and notifications when an organization is being installed.
  • API: add filters to multiple endpoints.
  • Cluster management: Embedded clusters now use PostgreSQL 13. Refer to this procedure to migrate from on older version of PostgreSQL.
  • Cluster management: self-hosted GitGuardian environments are now supporting Redis version 6 and Kubernetes version 1.23.

Bug fixes

  • ggshield: ggshield auth login flow now expires after 5 minutes.
  • Incidents: performances when filtering incidents on a detector are improved.
  • VCS integrations: fix broken links to documentation.
  • GitHub: fix the integration of a GitHub installation with a large number of repositories
  • GitHub: fix check-runs running forever by enforcing a timeout.

2023.02.1 - Required

Release dateFebruary 24, 2023
KOTS version validatedv1.90
Minimum Kubernetes version1.21
PostgreSQL supported version13
Redis supported version5

Bug fixes

  • Cluster management: self-hosted GitGuardian can now be deployed on OpenShift with default security settings.
  • Cluster management: self-hosted GitGuardian is now compatible with Redis Sentinel.
  • Historical scans: corrections on scans that can be automatically launched.
  • Custom Certificates for Cluster Management: correction of regression on custom Certificates Authorities.

2023.02.0

Release dateFebruary 13, 2023
KOTS version validatedv1.90
Minimum Kubernetes version1.21
PostgreSQL supported version13
Redis supported version5

Features & improvements

  • Azure Repos: the native integration is now available. You can scan your Azure Repos repositories for secret detection and policy breaks.
  • API: specify missing scopes in error message when the API token being used doesn't include the appropriate scopes.
  • Custom remediation workflow: remediation workflow can now be customized in the settings.

Bug fixes

  • Health Check: on self-hosted environments, pods are no longer crashing because of integrations' health checks.

2023.01.1

Release dateJanuary 25, 2023
KOTS version validatedv1.90
Minimum Kubernetes version1.21
PostgreSQL supported version13
Redis supported version5

Bug fixes

  • Cluster management: Self-hosted GitGuardian containers are now running with non-root security context.

2023.01.0

Release dateJanuary 16, 2023
KOTS version validatedv1.90
Minimum Kubernetes version1.21
PostgreSQL supported version13
Redis supported version5

Features & improvements

  • Teams: addition of a description field for your teams.
  • Teams: the "all-incidents" team is now visible in the Members table.
  • Perimeter: improve the display of the historical scan's last status information.
  • Playbooks: new Auto-resolution playbook to automatically close incidents that have once been valid and that become invalid.
  • Secret incident: prevent valid secrets from being "marked as revoked".
  • Cluster management: Self-hosted GitGuardian environments are now supporting PostgreSQL version 13. Support for PG version 12 is deprecated as of this release.

Bug fixes

  • SSO: Fix the "sign in" redirection for SSO connection.

2022.12.1

Release dateDecember 20, 2022
KOTS version validatedv1.90
Minimum Kubernetes version1.19
PostgreSQL supported version12
Redis supported version5

Bug fixes

  • Incident detail: fix misplaced secret in the commit patch when detected by a historical scan and in real-time. Please contact the Support team if you have occurrences impacted in your environment.

2022.12.0

Release dateDecember 12, 2022
KOTS version validatedv1.90
Minimum Kubernetes version1.19
PostgreSQL supported version12
Redis supported version5

Features & improvements

  • Historical scan: increase the maximum size of the historical scan from 1 GB to 12 GB.
  • Historical scan: new email template for historical scan report.
  • API: expose external_id representing the VCS id of a source in API source payload.

Bug fixes

  • GitLab integration: handle timeout errors when setting up a new instance.
  • Playbooks: fix incorrect default permission can view applied with auto-access playbook instead of correct can edit.
  • Filepath exclusions: ignore hidden occurrences in the auto-access playbook and notifications.
  • Custom webhooks: fix incorrect event names.
  • Historical scan: reduce errors during scans of large repositories and optimize memory usage on large patch sizes.
  • Members: fix the sorting when navigating through pages.

2022.11.3 - Required

Release dateNovember 30, 2022
KOTS version validatedv1.90
Minimum Kubernetes version1.19
PostgreSQL supported version12
Redis supported version5

Features & improvements

  • Cluster Management: integrate memory limits for Kubernetes pods. You can configure them on the Admin Console's configuration page.

Bug fixes

  • RBAC: prevent users from receiving email notifications for already existing incidents.

2022.11.2

  • Released on November 21, 2022.
  • Validated for KOTS v1.90.
  • Minimum Kubernetes version: 1.19.

Features & improvements

  • Teams: introducing team management within a workspace and granular incident permissions (can view, can edit, full access). You can activate the feature on the Admin Area's preference page.
  • Custom webhooks: update the action field with more user-friendly messages.
  • Perimeter page: update the information displayed in the Protection section.
  • Analytics: add all ggshield modes to the Analytics section.
  • Custom Certificates for Cluster Management: integrate custom Certificates Authorities for integrations. This feature was in beta and is now stabilized. More information is available in the dedicated documentation.
  • API: add the API URL to the dashboard, in the section API >> Quota. The URL is also updated in the API documentation of those environments.

Bug fixes

  • Check runs: When deactivating a check run, finish the processing if it was already in progress.
  • Check runs: Check runs are functional for forked repositories.
  • Custom webhooks: Remove matches from webhooks' new occurrence.
  • GitHub: fix display latency observed for big GitHub organizations.

2022.10.1

  • Released on October 26, 2022.
  • Validated for KOTS v1.88.
  • Minimum Kubernetes version: 1.19.

Bug fixes

  • Bitbucket Integration: when you create a branch on a monitored repository, the event now triggers a scan of the branch commits only, and not of the whole repository.

2022.10.0

  • Released on October 10, 2022.
  • Validated for KOTS v1.86.1.
  • Minimum Kubernetes version: 1.19.

Features & improvements

  • Members: Notification is sent to users who are removed from a Workspace.

Bug fixes

  • Check Runs: check runs are functional again for forked repositories.
  • Incidents: provide a more user-friendly error message when a bulk action can't be applied to the selected incidents.

2022.09.1

  • Released on September 21, 2022.
  • Validated for KOTS v1.85.
  • Minimum Kubernetes version: 1.19.

Bug fixes

  • API: fix a broken link on the Settings page.
  • Redis: we fixed a bug where the database memory could get filled.

2022.09.0

  • Released on September 5, 2022.
  • Validated for KOTS v1.82.
  • Minimum Kubernetes version: 1.19.

Features & improvements

  • API: enrich the Members section with retrieve and delete endpoints.
  • API: handle invitations on grant/revoke access endpoints.
  • API: add a filter by role and a search on name and email for the /members endpoint.
  • API: add filters to the audit log list endpoint.
  • Cluster Management: add a parameter to customize pods' CPU limits. More information is available in the dedicated documentation.
  • Incidents: include the unaffected count for bulk actions.

Bug fixes

  • API: respect the validity checks setting ON/OFF.
  • Custom webhooks: fix the webhook event-based signature.
  • GitHub: don't display the "scan integrated repositories" modal if the auto scan is on.
  • GitLab integration: keep unmonitored projects unmonitored.
  • Incident details: searching GitHub pull requests associated with an issue can be performed on a specific #ID and repository name.
  • Incident: secrets with validity status "failed to check" are no longer checked automatically after they have been marked as resolved.
  • Incident: the button to manually check the presence in git history remains when the incident is closed.
  • Incidents: fix the severity badge 'info' icon.

2022.08.0 - Required

  • Released on August 8, 2022.
  • Validated for KOTS v1.78.
  • Minimum Kubernetes version: 1.19.

Features & improvements

  • API: the /occurrencesendpoint can be filtered by author_name and author_info.
  • API: add an endpoint to fetch the audit logs. The API key needs to have the new audit_logs:read scope to query the endpoint.
  • API: tags are exposed in the incidents endpoint.
  • CSV: tags are exposed in the CSV report of secret incidents.
  • Health Check: it checks if the GitHub integration has been suspended.
  • Perimeter: the repository name is now a link to the incidents list filtered on this repository. The link to the VCS is also available as a popup icon.
  • Applicative Metrics: metrics have been added: scanned commit, API quota, API usage and API tokens.

Bug fixes

  • Detectors: activating and deactivating detectors is now forbidden for Members.
  • Perimeter: fix a bug preventing Members from launching historical scans.

Deprecation

  • API: deprecated issue_id in favor of incident_id on incident note management endpoints.

2022.07.0

  • Released on July 11, 2022.
  • Validated for KOTS v1.75.
  • Minimum Kubernetes version: 1.19.

Features & improvements

  • ggshield: setting up ggshield is made easy with the new ggshield auth login command. More information is available in the dedicated documentation.
  • Grant access: notify Restricted users by email when they are granted access to an incident.
  • Members: notify users by email when their role is updated.
  • CSV: add status, ignore_reason and status_revoked columns to the CSV export of secret incidents.
  • CSV: add occurrence_id column to CSV export of occurrences.
  • CSV: return the dates in iso format.
  • Members: invitations can be resent through the dashboard.
  • API: add endpoints to manage invitations. The API key needs to have the new members: write scope to query those endpoints.
  • API: add an endpoint to set the severity of a secret incident.

Bug fixes

  • GitLab: adding a GitLab project that had been deleted now correctly set it as monitored.
  • Analytics: pre-receive mode is displayed correctly in the shift-left panel.
  • Service account: fix a permission error allowing all roles to modify service accounts.
  • GitHub: fix the re-run action of old check runs to show an explicit error.

2022.06.1

  • Released on July 1, 2022.
  • Validated for KOTS v1.73.
  • Minimum Kubernetes version: 1.19.

Bug Fixes

  • Bitbucket Integration: add a parameter in the Preferences section of the Admin Area to disable Admin Check during Bitbucket Installation creation.

2022.06.0

  • Released on June 20, 2022.
  • Validated for KOTS v1.71.
  • Minimum Kubernetes version: 1.19.

Features & improvements

  • Applicative Metrics: applicative metrics are added to help you monitor your self-hosted instance. More information is available in the dedicated documentation
  • API: move the Personal access tokens to the API section.
  • Check runs: improve success message in GitHub UI.
  • GitHub: expose the base/head branch of GitHub pull requests.
  • Incident: mark the third remediation step "rewrite git history" as optional.
  • Health checks: Health checks are displayed in the VCS integration settings

Bug fixes

  • GitHub: explicitly neutralize old check runs that are re-run.
  • Incident: fix grant access modal broken when too many Restricted users.

Deprecation

  • ggshield: since v1.12 of ggshield, ggshield scan and ggshield ignore commands are deprecated, use ggshield secret scan and ggshield secret ignore instead.

2022.05.1 - Required

  • Released on June 6, 2022.
  • Validated for KOTS v1.70.
  • Minimum Kubernetes version: 1.19.

Bug fixes

  • Bitbucket Integration: when configuring a whole instance token, GitGuardian is not returning a timeout.

2022.05.0

  • Released on May 16, 2022.
  • Validated for KOTS v1.70.
  • Minimum Kubernetes version: 1.19.

Bug fixes

  • Grant Access: Members in Business workspaces can give access to restricted users but can’t invite new users by typing email addresses.
  • Incident details: timestamp of the last presence check is updated synchronously upon manual check.
  • CSV Export: disable timeouts.
  • Incidents: improve performance on the incidents table.
  • Detector: improve performance of table of detectors for workspaces with many incidents.
  • Email: the warning banner is not displayed anymore when the email-sending system is configured.
  • Health Check: the error code for an expired GitLab token has been corrected.
  • PostgreSQL: configuring an external port different from the default one (5432) correctly works.

2022.04.2

  • Released on May 09, 2022.
  • Validated for KOTS v1.70.

Bug Fixes

  • Upgrade: Error on Ingress component deployment.
  • Postgre TLS: Fixes error on deployment while Postgres TLS "Allowed" mode is activated.
caution

This release is not compatible with Kubernetes versions 1.18 and below. Please update your Kubernetes Cluster to at least version 1.19.


2022.04.1

  • Released on April 22, 2022.
  • Validated for KOTS v1.59.1.

Features & improvements

  • Health checks: We add VCS troubleshooting tools in the Admin Area. You can check the status of your integrations and gather error information on this page. More information is available in the dedicated documentation
  • Personal access tokens and service accounts: We now distinguish two types of API keys: Personal Access Tokens and Service accounts. More information is available in the dedicated documentation
  • GitHub check runs now handle the regression mode. If an already resolved secret incident is detected by a check run AND the regression mode is OFF, the check run won’t raise the secret.
  • GitHub A comment can be posted directly to Github pull request timeline when a check run detects a secret. This can be deactivated in Settings by a Manager.
  • API: We add an API endpoint to list members having access to an incident. More information is available in the dedicated documentation.
  • PostgreSQL: Secrets are now encrypted in the database.

Bug Fixes

  • Incident: Restricted users are no longer able to generate incident-sharing links.
caution

This release integrates secret encryption in the database. Please be careful while updating and do not hesitate to backup completely your database before upgrading.


1.35

  • Released on March 25, 2022.
  • Validated for KOTS v1.59.1.

Features & improvements

  • TLS Support for PostgreSQL: Transport Layer Security (TLS) is an encryption protocol intended to keep data secure when being transferred over a network. When installing GitGuardian Self-Hosted, users can now activate the option for PostgreSQL.
  • API: Members are now exposed in API and new fields were added to the source payload.
  • Incident detail: From an incident detail page, you can grant access to a selection of Restricted users.

1.34

  • Released on February 11, 2022.
  • Validated for KOTS v1.59.1.

Features & improvements

  • TLS Support for Redis: Transport Layer Security (TLS) is an encryption protocol intended to keep data secure when being transferred over a network. When installing GitGuardian Self-Hosted, users can now activate the option for Redis. You can find more information about the configuration on our official documentation

1.33

  • Released on January 13, 2022.
  • Validated for KOTS v1.59.1.

Features & improvements

  • API: Added secret validity information.

1.32

  • Released on December 14, 2021.
  • Validated for KOTS v1.58.1.

Features & improvements

  • API: new scope incident::share and grant access to incidents, documented here.
  • Regression: added a workspace setting giving the option to control the behavior of GG when a new occurrence of an already-resolved incident is detected.
  • Custom webhooks: added validity and severity to the payload.
  • API: added validity to scan results.

1.31

  • Released on November 15, 2021.
  • Validated for KOTS v1.56.0.

Features & improvements

  • Synchronization between ggshield and the dashboard: secrets ignored on the dashboard will also be ignored by ggshield. Detectors deactivated in the dashboard will be deactivated for ggshield too.

How can I help you ?