2026 April

7 min

find more secrets expand discovery across more areas of the environment and add detection for additional secret types, ensuring no secrets slip through the cracks what's new confluence data center pat detector new detector for confluence data center (on prem) personal access tokens verifies tokens by querying the confluence rest api and extracts user, display name, and instance url for triage availability enterprise and open source jira data center pat detector new detector for jira data center (on prem) personal access tokens, distinct from jira cloud api tokens verifies by hitting the jira rest api and reports user identity, email, and instance url availability enterprise and open source bitbucket data center pat detector new detector for bitbucket data center (on prem) personal access tokens verifies tokens against the bitbucket rest api and extracts user, display name, and instance url availability enterprise and open source pinecone api key detector new detector for pinecone vector database api keys verifies keys against the pinecone api and extracts project context for triage availability enterprise and open source cloudinary detector new detector for cloudinary api credentials verifies keys against the cloudinary api and extracts account details for investigation availability enterprise and open source customizable success/rotation ranges for custom detectors custom detectors now support configurable successranges and rotatedranges http status codes, allowing organizations to define which response codes indicate a valid or rotated credential for their internal services availability enterprise and open source confluence scanning resumption fix customers will get more consistent results when scanning is resumed availability enterprise edition confluence and jira rate limiting added rate limit handling that properly distinguishes between atlassian cloud (429 with retry after ) and data center (custom headers) this eliminates scan failures caused by rate limit responses being treated as errors availability enterprise edition azure expired secret fix and revocation signal fixed expired azure secrets being silently dropped from results also added explicit handling for the aadsts50173 error code as a revocation signal for azure refresh tokens, providing clearer triage guidance for responders availability enterprise and open source filesystem location uniqueness when the same secret appears in multiple file locations, each distinct location is now tracked and displayed separately previously, duplicate file paths were collapsed, hiding the true blast radius availability enterprise edition azure repos skip disabled repositories azure repos scanning now skips repositories that have been disabled in azure devops, avoiding unnecessary api calls and scan timeouts on inaccessible repos availability enterprise edition sharepoint progress indicator sharepoint scanning now reports progress based on the total row count, giving operators visibility into how far along a large sharepoint scan has progressed availability enterprise edition bitbucket workspace metadata population bitbucket scan results now include the workspace name in metadata, improving finding context and enabling workspace level filtering and grouping in the dashboard availability enterprise edition gitlab username field removed removed the unused username field from web configured gitlab integrations, simplifying the integration setup form and eliminating a source of confusion availability enterprise edition mesibo detector verification fix fixed incorrect verification logic in the mesibo detector that could cause false positive or false negative verification results availability enterprise and open source github analyzer nil pointer fixes fixed nil pointer panics in github analyzer gist and repo binding functions, and added error context propagation this eliminates crashes when analyzing certain github credential types availability enterprise and open source bitbucket line number fix fixed incorrect line numbers reported for bitbucket secrets findings now point to the correct source line, improving response time when remediating availability enterprise and open source custom endpoint hardening hashicorp vault auth and artifactory added custom endpoint configuration support for the hashicorp vault auth detector and test coverage for custom endpoint behavior in artifactory detectors organizations using self hosted instances can now verify secrets against their own endpoints availability open source squareup detector deprecated the squareup detector has been deprecated in favor of the existing square detector existing findings are unaffected but new scans will use the consolidated detector availability enterprise and open source improve response features here help teams act faster and more effectively when secrets are found, streamlining investigation, triage, and collaboration what's new summary dashboard the new summary dashboard is the redesigned homepage of trufflehog enterprise it provides an immediate read on the state of secrets detection and remediation in your environment how many live secrets exist right now, where they're coming from, how quickly your team is rotating them, and how the trend is moving over time availability enterprise edition gcp analyze enhancements gcp analyze adds two new enrichment layers to gcp key findings iam insights and recommendations bring in least privilege guidance from gcp's recommender api, and guided secret rotation surfaces the specific context needed to safely rotate a credential availability enterprise edition saved filters sort override saved filters can now override the default similarity score sort order, allowing analysts to sort searched results by other criteria while still using saved filter presets availability enterprise edition improve continuously running scan progress messages scan progress messages are now shown for continuously running scans availability enterprise edition ease administration features here simplify ongoing management of the trufflehog platform, including security hardening, performance improvements, and ui enhancements what's new sbom generation in release pipeline added software bill of materials (sbom) generation to the enterprise release pipeline, supporting compliance and supply chain security requirements availability enterprise edition user audit log identity preservation modified user identity in audit logs is now preserved correctly, ensuring that admin audit trails accurately reflect which user performed each action availability enterprise edition jira notifier error messages improved jira notifier error messages to surface the specific connection configuration issue, making it faster for admins to diagnose notification delivery failures availability enterprise edition notifier name required the notifier name field is now not null on webhook sinks the legacy placeholdernotifiername has been retired, ensuring all notifiers have meaningful names for audit and debugging availability enterprise edition security editor rbac on analyze gateway write routes write routes on the analyze gateway now require editor level permissions, closing an authorization gap where read only users could modify analysis settings availability enterprise edition vulnerable dependency patches patched vulnerable go and python dependencies across thog, integrations, sis, and driftwood server, including pgx/v5 (security), otel/sdk (security), golang jwt/v5 , and multiple frontend/e2e dependencies availability enterprise edition infrastructure & reliability secret ingestion circuit breaker (m3 shedding gate) the volume based circuit breaker for secret ingestion now includes a shedding gate in foundsecret (m3), gated by the circuitbreakerenabled feature flag this enables automatic load shedding when ingestion volume exceeds safe thresholds availability enterprise edition large github event handling oversized github webhook events are now dropped instead of causing processing failures, preventing a single large event from blocking the ingestion pipeline availability enterprise edition helm trufflehog 0 4 0 with update strategy and chart release automation the helm chart now includes an updatestrategy configuration and automated chart release workflows, simplifying upgrades for kubernetes based deployments availability enterprise edition