Changelog
Follow new updates and improvements to Cremit.
May 8th, 2025
New
Improved
Cremit expands its data protection capabilities to another major cloud collaboration platform and enhances visibility into detected Non-Human Identities (NHIs). We are excited to introduce sensitive information scanning for Google Drive and a new scanner/viewer feature that provides more detailed information about detected NHIs.
โจ New Features
Google Drive Integration: Securely connect your Google Drive environment to scan for sensitive information (API keys, PII, financial data, etc.) within documents, spreadsheets, presentations, and other file types stored in personal and shared drives.
NHI Detection Details Viewer/Scanner: When a Non-Human Identity is detected, you can now access a more detailed view. This enhanced "scanner" interface provides deeper insights into the attributes and metadata of the specific NHI found, such as its type, potential permissions (if inferable), and last usage hints from context, allowing for more informed risk assessment.
๐ ๏ธ Improvements
Unified Risk Dashboard Enhancements: Added new widgets and filtering options to incorporate findings from Google Drive and to better display the enriched NHI details. This provides a more holistic view of risks across all integrated platforms.
Optimized Scanning for Cloud Storage: Improved scanning speed and resource utilization for cloud-based drives like Google Drive and S3, especially for large volumes of data.
๐ฃ What's Next? In July, we plan to release an update focused on providing comprehensive NHI inventory visibility, giving you a clearer picture of all non-human identities across your scanned assets. We will also be introducing AWS EBS (Elastic Block Store) volume scanning for sensitive information. Stay tuned!
March 6th, 2025
New
Fixed
Cremit is rolling out a dedicated web-based incident management system for a more structured approach to handling detected sensitive information. This update also includes important bug fixes based on user feedback to enhance stability and accuracy.
โจ New Features
Web-based Incident Management: A new module within the Cremit platform to track, assign, and manage the lifecycle of detected sensitive information incidents. Features include status tracking (Open, In Progress, Resolved, False Positive), assignee management, and an audit trail for each incident.
๐ ๏ธ Improvements & Bug Fixes
Webhook Enhancements for Splunk Integration: Optimized webhook payload structure and added specific formatting options to streamline data ingestion into Splunk and other SIEM tools.
Bug Fix: Reduced False Positives in Telegram Notifications: Addressed issues causing occasional false alarms or redundant notifications in the Telegram alert system, improving signal-to-noise ratio.
Bug Fix: Enhanced Accuracy for Secret API Key Detection: Refined detection patterns and contextual analysis for various API key formats, significantly reducing false positives for Secret API Key detections across all scanned sources.
๐ฃ What's Next? We are preparing integration with Google Drive and significant enhancements to our Confluence integration for even broader coverage of your organizational data.
January 9th, 2025
New
Improved
Continuing into the new year, Cremit focuses on enhancing users' security operations efficiency! We've added real-time Telegram notifications to ensure awareness of critical detections anytime, anywhere, and are officially releasing the platform audit log feature.
โจ New Features
Telegram Notification Integration: Receive real-time alerts for critical sensitive information detections via designated Telegram channels or personal/group bots, facilitating immediate situational awareness even in mobile environments.
Official Platform Audit Log Feature: Provides a comprehensive audit log feature that records and allows searching of all key user activities (logins, setting changes, scan job management, user management, etc.) and critical system events within the Cremit platform, strengthening security audits and compliance responses.
๐ ๏ธ Improvements
Expanded Leaked API Key Validation: Safely and automatically verifies the active status of API keys for more major service providers (AWS, GCP, Azure, and key SaaS platforms) to help assess actual threat levels and prioritize responses.
Enhanced Unified Dashboard Customization: Users can now more freely configure the types and arrangement of widgets displayed on their dashboard.
๐ฃ What's Next? We are introducing a web-based incident management system for more structured handling of detected secrets, and enhancements to our webhook functionality for better SIEM integration, particularly with Splunk.
November 7th, 2024
New
Improved
Cremit enhances usability and security management for enterprise customers. We now support SAML/SSO login via major Identity Providers (IdPs) and have improved the UI to intuitively view and manage sensitive information detected by AWS S3 bucket scans within the new unified dashboard.
โจ New Features
SAML/SSO Login Support: Supports Single Sign-On (SSO) via major SAML 2.0 compatible Identity Providers (IdPs) like Okta, Azure AD, and Google Workspace, centralizing user account management and strengthening access security.
Data Store (S3) Scan Results UI Integration: Provides a UI within the new unified dashboard to intuitively view and manage sensitive information detected by the AWS S3 bucket scanning feature (backend added in the previous update).
๐ ๏ธ Improvements
Improved Machine Learning Detection Model Accuracy: Enhanced the ML model's detection accuracy and false positive reduction performance based on user feedback collected during the beta period and additional data training.
Platform Audit Log Feature (Basic): Added basic audit log functionality to record key user activities within the Cremit platform (login success/failure, critical setting changes, etc.) for traceability.
๐ฃ What's Next? We are preparing Telegram integration for quick alert notifications and responses in mobile environments, and the official version of the platform audit log feature.
September 12th, 2024
New
Cremit enhances its platform security management level and detection accuracy. We are introducing RBAC for customized access control based on user roles and launching a beta version of our machine learning-based intelligent sensitive information detection.
โจ New Features
Introduction of Role-Based Access Control (RBAC): Define user roles such as Admin, Security Engineer, and Developer, and restrict data access rights and feature usage based on these roles to effectively support corporate security policies.
Machine Learning-based Sensitive Information Detection (Beta): Goes beyond simple string matching to understand context within code or documents (variable names, surrounding code, comments, etc.), identifying items highly likely to be actual sensitive information and reducing false positives. (Initially applied to specific types of sensitive information).
๐ ๏ธ Improvements
AWS S3 Bucket Scanning (Sensitive Data Focused) Added (Backend First): Added backend capability to scan objects (files) within user-specified S3 buckets for stored sensitive data like API keys and passwords (UI integration to follow).
Foundation for New Dashboard Widgets: Prepared the groundwork for adding widgets related to RBAC settings and ML detection status.
๐ฃ What's Next? We are preparing SAML/SSO login support, an essential feature for enterprise environments, and UI integration for data store (S3) scan results.
July 11th, 2024
New
Cremit takes responsibility for security from the early stages of development! We've launched a CLI tool integrable with CI/CD pipelines and unveiled a completely new unified dashboard for an intuitive overview of all detection statuses.
โจ New Features
Cremit CLI (Initial Version): Integrates into major CI/CD pipelines like GitHub Actions, Jenkins, and GitLab CI to automatically scan for sensitive information during code commits or builds and report results. Also usable in local development environments.
New Unified Dashboard: Provides a user-friendly interface that unifies sensitive information status from all detection sources, including code repositories, Confluence, Notion, and CI/CD scan results. Enables intuitive analysis with various filters and visualization charts.
๐ ๏ธ Improvements
CLI Scan Result Format Options: Supports JSON and basic SARIF formats to facilitate automated processing.
Improved Platform UI/UX Consistency: The overall user interface has been refined to align with the new dashboard design, offering a more consistent and intuitive experience.
๐ฃ What's Next? We are preparing Role-Based Access Control (RBAC) for platform access management and an intelligent sensitive information detection feature (Beta) leveraging Machine Learning (ML) technology.
May 9th, 2024
New
Cremit's interoperability and detection scope have been further enhanced. You can now integrate alerts with various external systems via custom webhooks, and scan for sensitive information within your Notion workspaces.
โจ New Features
Webhook Notification Support: Sends detection event information in real-time as POST requests to user-specified URLs, enabling direct integration with various external systems like SIEM, custom dashboards, and automation workflows.
Notion Workspace Scanning: Detects sensitive information such as API keys and internal system details embedded within pages and databases of your integrated Notion workspaces.
๐ ๏ธ Improvements
Strengthened Jira Integration: Improved accuracy for detecting sensitive information in Jira issue descriptions, comments, and attachments, and integrated its alerts with Slack/webhook channels for better management efficiency.
Expanded Document Scan Coverage: Enhanced detection support for embedded objects and various attachments (including some PDF, Office documents) when scanning Confluence and Notion.
๐ฃ What's Next? We will be introducing the first version of our CLI tool for direct integration into development pipelines and a new unified dashboard for an at-a-glance view of all detection results.
March 7th, 2024
New
Cremit enhances real-time notifications and knowledge management system security. You can now receive detection alerts instantly via Slack and detect sensitive information hidden within Confluence pages.
โจ New Features
Slack Notification Channel Integration: Instantly sends alerts for detected sensitive information to your designated Slack channels, helping your team become aware and respond more quickly.
Confluence Page Scanning: Detects hidden API keys, passwords, personal information, etc., within page content and attachments of integrated Confluence spaces, enhancing internal document security.
๐ ๏ธ Improvements
More Detailed Alert Messages: Slack and email alerts now clearly display the context (file path, page ID, etc.) and severity of detected information to shorten initial analysis time.
Enhanced Contextual Information for Detected Identities: The dashboard now provides Confluence page IDs and document titles for easier source identification.
๐ฃ What's Next? We are preparing Webhook notification support for flexible integration with external systems and integration with another popular document collaboration tool, Notion.
January 4th, 2024
New
Cremit is back with even more powerful features! This update focuses on expanding support for Bitbucket users and increasing the efficiency of managing detected non-human identities.
โจ New Features
Bitbucket Cloud & Server Support:
Following GitHub and GitLab, we now offer deep scanning and detection for non-human identities (API keys, secrets, etc.) in Bitbucket Cloud and Bitbucket Server environments.
Detailed Filtering for Detection Results:
Supports filtering of detected NHIs by severity (Critical, High, Medium, Low), identity type (API Key, Password, Certificate, etc.), specific repository, or file path, allowing quick access and response to critical information.
๐ ๏ธ Improvements
Enhanced Alert System:
Alert policies can now be refined to trigger notifications only for issues exceeding a specific severity level.
Contextual information about detected identities has been added to alert content to shorten initial analysis time.
New Dashboard Widgets:
Added widgets that visually display key metrics such as newly detected identities and repository-specific risk levels.
๐ฃ What's Next? We are preparing features to prevent sensitive information leakage within collaboration tools and a cloud storage scanning function. Stay tuned!
November 2nd, 2023
New
Improved
Hello from Cremit! We're excited to announce our first major update, dedicated to safeguarding your organization's security. This update focuses on effectively detecting and managing non-human identities (like API keys, certificates, service account credentials) hidden within your code repositories.
โจ New Features
Deep Scan Integration for GitHub & GitLab:
Accurately detects exposed API keys, secrets, certificates, and other NHIs by scanning the entire history of your public and private repositories.
Identifies potential threats in various locations, including commit messages, code comments, and configuration files.
Initial Dashboard Launch:
Provides a basic dashboard offering an at-a-glance overview of detected NHIs, including their type, location, severity, and associated repository.
Basic Alert Configuration:
Instantly notifies administrators via email upon the detection of new non-human identities.
๐ ๏ธ Improvements
Optimized Git Scanning Engine: Improved performance for scanning large repositories and extensive commit histories, reducing detection time.
Refined Detection Patterns: Enhanced accuracy in detecting sensitive information that could pose actual threats, while reducing false positives.
๐ฃ What's Next? We plan to support more code repositories and enhance contextual information for detected identities. Build a secure development environment with Cremit!