DevOps Pulse

Azure DevOps blocks global PAT creation tomorrow (March

15) and Atlassian fully disables OAuth 1.0 today—any Veeam integrations relying on these deprecated auth methods will break without immediate migration to scoped PATs or OAuth 2.0. Two critical supply chain attacks hit the DevOps ecosystem this week: an autonomous AI bot ('hackerbot-claw') achieved remote code execution across Microsoft and CNCF GitHub repos via misconfigured Actions workflows, and threat actor UNC6426 pivoted from a compromised nx npm package to full AWS admin access in 72 hours. Competitors are racing on security-AI convergence—Rubrik positioned AI resilience as its third $100M business line, Druva shipped graph-powered agentic forensics, Commvault integrated anomaly alerts into CrowdStrike Falcon SIEM—while GitProtect 2.1.0 added Jira granular backup and Azure DevOps Artifacts protection, directly targeting Veeam's DevOps backup market. PM team should immediately verify all Azure DevOps and Atlassian connector auth methods before the deadlines and prioritize the GitProtect competitive response.

Signals
32
Sections
5/5
Threats
10
Fresh
0
Updated
109d ago

DevOps Platform Updates

scanned 109d ago7

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

Azure DevOps Global PAT Creation Blocked Starting March 15

Azure DevOps Sprint 270 enforces the retirement of Global Personal Access Tokens starting March 15, 2026, blocking creation and regeneration. All existing global PATs will be fully decommissioned on December 1, 2026. Any Veeam integrations using global PATs for Azure DevOps backup or data protection must migrate to organization-scoped PATs or Entra-based authentication immediately.

azure-devopsMicrosoft Learn·12 Mar

GitHub REST API v2026-03-10 Introduces Breaking Changes

GitHub released REST API calendar version 2026-03-10, the first version to include breaking changes. Integrators must update the X-GitHub-Api-Version header and verify their integrations work with the new version. Veeam products calling GitHub REST APIs for repository backup or metadata protection need regression testing against this version.

githubGitHub Changelog·12 Mar

Atlassian OAuth 1.0 Fully Disabled After March 14 Brownout

Atlassian's OAuth 1.0 and implicit grant flow brownout schedule completes on March 14, 2026, after which existing access tokens will no longer be usable. All integrations must migrate to a supported OAuth 2.0 flow. This is a hard breaking change affecting any Veeam Jira/Confluence connectors that still rely on legacy OAuth 1.0 authentication.

jiraAtlassian Developer Changelog·14 Mar

GitLab Releases Critical Security Patches 18.9.2, 18.8.6, 18.7.6

GitLab published patch releases 18.9.2, 18.8.6, and 18.7.6 containing important bug and security fixes for both Community and Enterprise editions. Self-managed installations should upgrade immediately. Veeam customers running self-managed GitLab instances need to be advised to patch, and any Veeam backup integrations should be validated against the new versions.

gitlabGitLab Releases·11 Mar

GitHub Secret Scanning Adds 28 New Detectors in March

GitHub added 28 new secret scanning detectors from 15 providers including Lark, Vercel, Snowflake, and Supabase, with 39 detectors now having push protection enabled by default. This expands coverage for providers like Airtable, Databricks, Heroku, PostHog, and Shopify. Signals growing investment in pre-commit secret detection that complements Veeam's data protection posture.

githubGitHub Changelog·10 Mar

GitHub Actions Self-Hosted Runner Version Enforcement Paused

GitHub paused enforcement of the minimum self-hosted runner version requirement (v2.329.0) that was scheduled for March 16, 2026. Runners below v2.329.0 can still register during this period. This gives teams more time to upgrade but signals that enforcement will resume; organizations should still plan to update their CI infrastructure.

githubGitHub Changelog·13 Mar

Azure DevOps Adds Push Protection Bypass Audit Logging

Azure DevOps Sprint 270 introduces audit log entries for push protection bypass events, recording the repository, secret type, and user identity. This gives security teams a complete record of when developers bypass secret detection during git push. Relevant for Veeam customers who need compliance-grade audit trails across their DevOps toolchain.

azure-devopsMicrosoft Learn·12 Mar