DevOps Pulse

Azure DevOps blocks Global PAT creation in 5 days (March 15)

requiring immediate migration of any Veeam integrations using global PATs to organization-scoped tokens or Microsoft Entra auth. GitProtect 2.1.0 shipped granular Jira Cloud backup and Azure DevOps Artifacts support, directly expanding into Veeam's DevOps data protection target market with the most comprehensive dedicated offering. CI/CD pipelines face converging threat pressure—IBM X-Force reports supply chain attacks quadrupled since 2020, GitHub's repeated outages exposed AI coding agent workflows as a single point of failure, and DORA/NIS2 enforcement is compressing compliance timelines with personal liability for senior management. The PM team should prioritize Azure DevOps PAT migration before March 15, assess competitive response to GitProtect's Jira and Azure DevOps Artifacts coverage, and accelerate positioning of repo backup as compliance-ready infrastructure for the DORA/NIS2 deadline cycle.

Signals
33
Sections
5/5
Threats
10
Fresh
0
Updated
112d ago

DevOps Platform Updates

scanned 112d ago7

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

Azure DevOps Retires Global Personal Access Tokens

Azure DevOps is retiring Global PATs to eliminate overly broad credentials. Creation and regeneration of global PATs will be blocked on March 15, 2026, with full decommission December 1, 2026. Teams must migrate to organization-scoped PATs or Microsoft Entra-based auth; any Veeam integrations using global PATs for backup automation need immediate remediation.

azure-devopsMicrosoft Learn - Azure DevOps Sprint 270·6 Mar

Atlassian Enforces Points-Based Rate Limits on Jira/Confluence APIs

Effective March 2, 2026, Atlassian began phased enforcement of points-based quota rate limits for Jira and Confluence Cloud REST APIs. The rollout starts with a small percentage of apps and expands over weeks. Veeam integrations consuming Jira or Confluence APIs should validate compliance with the new quota system to avoid throttling.

jiraAtlassian Developer Changelog·2 Mar

Azure DevOps Adds Secret Push Protection Bypass Audit Logging

Sprint 270 adds audit log entries when developers bypass push protection to push detected secrets. Entries capture the repository, secret type, and bypassing user identity. This gives security teams a complete record for incident investigation and policy enforcement across Azure DevOps Advanced Security.

azure-devopsMicrosoft Learn - GitHub Advanced Security for Azure DevOps·6 Mar

Bitbucket Cross-Workspace APIs Sunset with Brownouts March 23

Bitbucket Cloud will fully sunset cross-workspace APIs on March 31, 2026. Controlled brownouts begin March 23 for one week to help teams identify remaining usage. A new API for listing repository permissions per user per workspace has been released as a replacement.

bitbucketAtlassian Developer Changelog·5 Mar

GitHub Copilot Coding Agent for Jira in Public Preview

GitHub launched a Copilot coding agent integration for Jira, allowing teams to assign Jira issues to Copilot which autonomously analyzes context, implements changes, and opens draft PRs. This deepens the GitHub-Atlassian integration surface and signals AI-driven code generation becoming a first-class cross-platform workflow.

githubGitHub Changelog·5 Mar

Atlassian Locks Connect App Local Installs Starting March 2026

Atlassian is locking local installs of Connect apps from March 2026. Connect Inspector has been decommissioned and Atlassian Connect reaches end of support December 2026. All integrations must migrate to Forge. Any Veeam marketplace apps or third-party integrations built on Connect need active migration plans.

confluenceConfluence Cloud Developer Changelog·1 Mar

GitHub Code Quality Enterprise Policy Decoupled from Security

GitHub now allows enterprises to manage Code Quality availability separately from Code Security in Advanced Security policies. A dedicated policy page controls Code Quality at the repository level. This gives enterprises more granular control without unintentionally enabling Code Security when only quality tooling is desired.

githubGitHub Changelog·3 Mar