2026 March

find more secrets expand discovery across more areas of the environment and add detection for additional secret types, ensuring no secrets slip through the cracks what's new additional coverage with html decoder sources like atlassian confluence and microsoft teams return scan result content in html, which means secrets can be split across tags, embedded in attributes, or obscured by invisible characters we’re adding an html decoder to convert raw html into text before scanning so we can detect secrets we previously couldn’t this new coverage may increase the number of discovered secrets availability enterprise edition jfrog artifactory reference token detector new detector for jfrog artifactory reference tokens, expanding coverage of artifactory credential types beyond the existing access token detector availability enterprise edition and open source anypoint (mulesoft) oauth2 analyzer new analyzer for anypoint oauth2 credentials providing comprehensive scope analysis covering 50+ api scopes across organizations, environments, applications, apis, identity providers, design center, runtime fabrics, and more reports both verified and unverified scopes with connected app enumeration availability enterprise edition sharepoint source enhancements sharepoint integration source enhancements for pagination, document handling, state tracking, and scan progress reporting availability enterprise edition jira cloud/on prem detection override jira sources now support explicit installation type configuration, allowing administrators to override the autodetection logic when it misidentifies the jira deployment type availability enterprise edition confluence space attribution fix fixed an issue where secrets detected in confluence were being attributed to the wrong spaces also fixed premature pagination termination that could cause incomplete scans availability enterprise edition improved datadog api key detector improved detector for datadog api keys with multi domain verification, endpoint configuration, and app key validation fallback when app key verification fails, the detector falls back to api key only verification and reports the verified endpoint in extra data availability open source datadog detector verification fix the existing datadog token detector now supports verification against all datadog regional endpoints with configurable precedence (user defined → discovered → default), fixing false negatives for customers using non us datadog regions availability open source forager expanded diff scanning deleted files are now scanned in diff processing (previously silently skipped) a single failed commit no longer aborts processing of all remaining commits in a push event verification overlap is enabled for improved multi detector success rates trufflehog updated to v3 93 8 availability enterprise edition improve response features here help teams act faster and more effectively when secrets are found, streamlining investigation, triage, and collaboration what's new email notifications issues now auto expand when accessed from email deep links, improving the click to context experience email notification ux has been improved, and enabling issue alerts for the first time no longer triggers a flood of backlog notifications notifications for gateway created issues that were previously silently dropped have also been fixed availability enterprise edition gcp analyze enhanced table view and role analysis gcp analyze now features a dedicated table view with role data expansion, role type filtering, and a key rotation drawer analysis metadata search enables finding secrets by their analyzed permissions and scope table/graph view state is preserved across navigation, and loading skeletons improve perceived performance availability enterprise edition csv export date rotated field secret exports now include a "date rotated" column, and all export timestamps have been standardized to a human readable format for consistency across csv consumers availability enterprise edition ease administration features here simplify ongoing management of the trufflehog platform, including security hardening, performance improvements, and ui enhancements what's new k8s gateway support kubernetes gateway api is now supported for ingress routing, providing a modern alternative to ingress resources for traffic management availability enterprise edition scanner container memory awareness scanners now detect cgroup memory limits for container constrained environments, falling back to os level memory limits only when cgroup constraints are undefined this prevents oom kills in environments where container memory limits differ from host memory availability enterprise edition ldap verification context awareness ldap verification now respects context cancellation, preventing the scan pipeline from stalling on unresponsive ldap servers availability enterprise edition and open source jdbc detector password fix fixed a regex issue that truncated trailing non alphanumeric characters from jdbc connection string passwords, improving detection accuracy for passwords containing special characters availability enterprise edition and open source filesystem scan resume fix fixed a bug where filesystem scan resume data grew unboundedly across scan restarts, improving memory usage during large filesystem scans availability enterprise edition and open source sharepoint refresh token fix fixed unauthenticated sharepoint oauth refresh token updates that caused recurring scan failures when tokens expired availability enterprise edition http/2 proxy environment fix http/2 connections correctly pick up proxy settings from environment variables availability enterprise edition environment variable expansion fix scanner configuration environment variables are now only expanded when set, preventing empty value substitution that could silently misconfigure scans availability enterprise edition security django 5 2 lts migration migrated to django 5 2 lts and upgraded social auth app django, ensuring long term security support and addressing known vulnerabilities availability enterprise edition dependency security updates remediated vulnerable dependencies including grpc v1 79 3 security update and tar package security fixes additional actionable dependency vulnerabilities patched availability enterprise edition tui command injection fix fixed a command injection vulnerability in the tui where shell metacharacters in input fields (git uri, file path, tokens) could be interpreted as shell commands the tui now executes trufflehog directly without shell interpretation and adds a narrow tilde expansion helper for path resolution availability open source