DevOps Platform Updates
scanned 112d ago7Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.
Azure DevOps Retiring Global Personal Access Tokens
Azure DevOps Sprint 270 announces the retirement of Global PATs to strengthen security. Creation and regeneration of global PATs will be blocked on March 15, 2026, with full decommissioning on December 1, 2026. Teams using global PATs for integrations must transition to organization-scoped PATs or Microsoft Entra-based authentication.
GitHub Actions Self-Hosted Runner Version Enforcement March 16
GitHub will permanently block registration of self-hosted runners below v2.329.0 starting March 16, 2026. Brownout testing ran through early March. Organizations running Actions on self-hosted infrastructure must update all runners and container images before the deadline or face broken CI/CD pipelines.
GitHub Secret Scanning Adds 28 New Detectors
GitHub's March 2026 secret scanning update adds 28 new secret detectors from 15 providers including Snowflake, Vercel, and Supabase. Additionally, 39 detectors now have push protection enabled by default, covering Airtable, Databricks, Heroku, and Shopify. This expands the coverage surface for credential leak prevention.
Bitbucket Cloud OAuth 1.0 Removal Completes March 14
Bitbucket Cloud's deprecation of OAuth 1.0 and implicit grant flows reaches final enforcement on March 14, 2026. After brownouts running since late February, all OAuth 1.0 access token requests will return HTTP 400 and existing tokens will return HTTP 401. Integrations must migrate to OAuth 2.0 immediately.
Azure DevOps Adds Push Protection Bypass Audit Logging
Sprint 270 introduces audit log entries when developers bypass push protection to commit detected secrets. Logs capture the repository, secret type, and bypassing user identity. This gives security teams a complete audit trail of secret push protection overrides for incident investigation and policy enforcement.
Atlassian Enforcing Points-Based API Rate Limits for Jira and Confluence
Effective March 2, 2026, Atlassian began phased enforcement of points-based quota rate limits for Jira and Confluence Cloud REST APIs. The rollout starts with a small percentage of apps and expands over several weeks. API consumers should adopt new unified rate-limit headers and adjust request patterns to avoid throttling.
GitHub Customer Terms Deprecated for Generative AI Terms
As of March 5, 2026, GitHub customer terms are deprecated and new subscriptions will be governed by the GitHub Generative AI Services Terms. This signals a formal restructuring of GitHub's legal framework around AI-powered features like Copilot, affecting enterprise procurement and compliance reviews.