DevOps Pulse

Azure DevOps blocks global PAT creation on March 15—three

days out—forcing immediate migration of any Veeam connectors or integrations using global-scoped tokens to organization-scoped PATs or Entra auth. HYCU earned IDC Leader status for SaaS data protection with native DevOps coverage across GitHub, GitLab, Bitbucket, Terraform, and CircleCI, directly challenging Veeam's positioning in the DevOps backup market. Supply chain attacks have quadrupled since 2020 per IBM X-Force while DevOps SaaS platforms logged 156 critical incidents in 2025 (up 69% YoY), yet only 14% of IT leaders can recover SaaS data within minutes—a convergent signal across threat intelligence, community data, and analyst research validating urgent demand for DevOps-aware backup. The PM team should prioritize PAT migration testing before March 15, accelerate SaaS application breadth to counter HYCU's IDC positioning, and prepare DORA audit-readiness messaging as enforcement proof requirements hit financial-sector customers this quarter.

Signals
32
Sections
5/5
Threats
10
Fresh
0
Updated
111d ago

DevOps Platform Updates

scanned 111d ago6

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

Azure DevOps Retiring Global PATs, Blocking Starts March 15

Azure DevOps Sprint 270 announces retirement of global Personal Access Tokens (PATs) to strengthen credential governance. Creation and regeneration of global PATs will be blocked on March 15, 2026, with full decommission on December 1, 2026. Teams using global PATs for integrations—including any Veeam backup or data-protection connectors—must migrate to organization-scoped PATs or Microsoft Entra-based auth before the cutoff.

azure-devopsMicrosoft Learn·6 Mar

GitHub Secret Scanning Adds 28 Detectors, Expands Push Protection

GitHub's March 2026 secret scanning update adds 28 new secret detectors from 15 providers including Snowflake, Vercel, and Supabase. Additionally, 39 detectors now have push protection enabled by default, covering Airtable, Databricks, Heroku, PostHog, and Shopify. This broadens automated secret leak prevention across the GitHub ecosystem.

githubGitHub Changelog·10 Mar

Azure DevOps Now Logs Push Protection Bypass Events in Audit

Sprint 270 adds audit log entries when developers bypass push protection to push detected secrets. Entries include the repository, secret type, and user identity. This gives security teams and org admins a complete record for incident investigation and policy enforcement—directly relevant to DevOps data protection compliance posture.

azure-devopsMicrosoft Learn·6 Mar

GitHub Copilot Coding Agent for Jira Enters Public Preview

Teams can now assign Jira issues to GitHub Copilot's autonomous coding agent, which analyzes issue context, implements changes independently, and opens draft pull requests in GitHub. The agent posts updates and asks clarifying questions directly in Jira. This cross-platform AI integration signals growing agent-driven automation in the DevOps workflow layer.

githubGitHub Changelog·5 Mar

GitHub Dependabot Adds Native Pre-commit Hook Update Support

Dependabot now natively manages dependency updates for pre-commit hooks. It parses .pre-commit-config.yaml, checks hook repositories for new releases, and opens PRs to update rev fields. Supports tag and SHA-based revisions, grouped updates, and multi-host hooks across GitHub, GitLab, and Bitbucket. Strengthens automated supply-chain hygiene.

githubGitHub Changelog·10 Mar

GitHub Actions Self-Hosted Runner v2.329.0 Enforcement March 16

GitHub Actions will block registration of self-hosted runners older than v2.329.0 starting March 16, 2026. Brownout periods are actively running through March 16 with scheduled configuration blocks. Organizations running CI/CD on self-hosted infrastructure must update all runners, images, and ARC containers before the deadline to avoid workflow disruptions.

githubGitHub Changelog·6 Mar