DevOps Pulse

Rubrik launched DevOps Protection (GA) for Azure DevOps

and GitHub with SLA-driven automation and air-gapped immutable backups, directly entering Veeam's target DevOps backup market backed by $1.46B ARR and a new Agent Cloud for AI agent governance. A stolen GitHub token enabled full AWS account destruction within 72 hours via the nx npm supply chain compromise, while Datadog reports 71% of organizations never pin GitHub Actions to commit SHAs—underscoring urgent demand for immutable, out-of-band DevOps backups. AI coding agents are simultaneously the fastest-growing code production channel and a newly weaponized attack surface, with Orca Security demonstrating GitHub Copilot repository takeover via prompt injection and Anthropic's Claude Code surpassing $2.5B run-rate revenue with enterprise governance features. The PM team should fast-track a competitive response to Rubrik DevOps Protection, verify Veeam's GitHub REST API and Azure DevOps PAT integrations against breaking changes shipped this week, and evaluate the AI agent governance narrative before Commvault and Rubrik own it.

Signals
27
Sections
5/5
Threats
7
Fresh
0
Updated
105d ago

DevOps Platform Updates

scanned 105d ago6

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

GitLab Patches 15 Security Vulnerabilities Including Critical XSS

GitLab released versions 18.9.2, 18.8.6, and 18.7.6 fixing 15 vulnerabilities. The most severe is CVE-2026-1090, a high-severity XSS flaw (CVSS 8.7) in Markdown placeholder processing, plus three DoS bugs (CVSS 7.5) affecting GraphQL API, repository archives, and protected branches API. Self-managed instances require immediate upgrade; GitLab.com and Dedicated are already patched.

gitlabGitLab Releases·11 Mar

GitHub Actions OIDC Tokens Support Repository Custom Properties

GitHub Actions OIDC tokens now include repository custom properties as claims (public preview). Admins can select properties that automatically appear in tokens prefixed with repo_property_, enabling attribute-based access control (ABAC) in AWS, Azure, and GCP without per-repo workflow changes. This eliminates hard-coded allow lists and reduces configuration drift across large organizations.

githubGitHub Changelog·12 Mar

GitHub REST API Version 2026-03-10 Now Available

GitHub released REST API version 2026-03-10 with breaking changes. Integrations must update the X-GitHub-Api-Version header and verify compatibility. Veeam integrations using GitHub REST APIs should review the version documentation for any changes to backup-relevant endpoints before upgrading.

githubGitHub Changelog·12 Mar

GitHub Adds 28 New Secret Scanning Detectors for March

GitHub's March 2026 secret scanning update adds 28 new detectors from 15 providers including Lark, Vercel, Snowflake, and Supabase. Additionally, 39 detectors now have push protection enabled by default, covering Airtable, Databricks, Heroku, PostHog, and Shopify. This broadens the scope of secrets automatically blocked before they reach repositories.

githubGitHub Changelog·10 Mar

GitHub Pauses Self-Hosted Runner Version Enforcement

GitHub temporarily paused enforcement of the minimum self-hosted runner version requirement (v2.329.0) that was scheduled for March 16, 2026. Runners below v2.329.0 can still register during the pause. An updated enforcement timeline will follow. Organizations should continue upgrading runners proactively as older versions will eventually be blocked.

githubGitHub Changelog·13 Mar

Azure DevOps Adds Push Protection Bypass Audit Logging

Azure DevOps Sprint 270 introduces audit log entries when developers bypass push protection to push detected secrets. Entries include the repository, secret type, and bypassing user's identity. This gives security teams a complete record for incident investigation and policy enforcement across Azure DevOps organizations.

azure-devopsMicrosoft Learn·13 Mar