DevOps Pulse

Azure DevOps blocked global PAT creation on March 15 and will fully decommission them by December 2026

forcing immediate migration of any Veeam integrations still using global PATs to organization-scoped tokens or Entra-based auth. GitProtect shipped v2.1.0 with Jira granular backup and Azure DevOps Artifacts protection, expanding its DevOps backup coverage into CI/CD artifact and Agile metadata workloads that Veeam has not yet addressed. AI coding agents are surfacing as a new attack vector across the stack — Anthropic disclosed a Claude Code enterprise permission bypass that silently defeated policy controls, while GitHub Copilot's MCP Agent Mode gained broad write access to internal APIs and repos without triggering new security review. The PM team should prioritize the Azure DevOps PAT migration, benchmark against GitProtect's expanded artifact coverage, and assess whether Rubrik's new Agent Cloud platform demands an accelerated Veeam Data Command Center competitive response.

Signals
24
Sections
5/5
Threats
7
Fresh
2
Updated
103d ago
Show

DevOps Platform Updates

scanned 103d ago6

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

Azure DevOps Retiring Global Personal Access Tokens

Azure DevOps is deprecating global PATs to reduce security risk from overly broad credentials. Creation and regeneration of global PATs was blocked on March 15, 2026, with full decommission by December 1, 2026. Veeam integrations using global PATs must migrate to organization-scoped PATs or Entra-based auth immediately.

azure-devopsMicrosoft Learn — Azure DevOps Release Notes·15 Mar

GitLab Security Patch Release 18.9.2, 18.8.6, 18.7.6

GitLab published a security advisory on March 11 addressing vulnerabilities in CE and EE across three version branches. Self-managed installations should upgrade immediately; GitLab Dedicated customers are not affected. Organizations protecting GitLab-hosted data should verify patch status across all managed instances.

gitlabGitLab Releases·11 Mar

GitHub REST API Version 2026-03-10 Released

A new GitHub REST API version is available with breaking changes requiring integrators to update the X-GitHub-Api-Version header. Any products or backup integrations consuming GitHub APIs should review the version changelog and test against the new version. Older API versions continue to work but will eventually be deprecated.

githubGitHub Changelog·12 Mar

Atlassian Cloud Extends Data Export Rule to Block Downloads

Atlassian is extending data security policies so the data export rule now also blocks downloading of files attached to Confluence and Jira. Users will no longer see download buttons in attachment lists, macros, and file previews when this rule is active. This directly affects backup and data extraction workflows for protected Confluence and Jira content.

confluenceAtlassian Cloud Documentation·16 Mar

Azure DevOps Server Patch 2 Fixes Group Membership Bug

Microsoft released Patch 2 on March 13 to resolve an issue where Azure DevOps Server group memberships could become deactivated under certain conditions. Customers who installed Azure DevOps Server before the re-published release should apply this patch. The corrected release is now available for new installations and upgrades.

azure-devopsAzure DevOps Blog·13 Mar

GitHub Actions Self-Hosted Runner Enforcement Paused

GitHub temporarily paused enforcement of the v2.329.0 minimum self-hosted runner version requirement that was scheduled for March 16. Runners managed by ARC with auto-update disabled must still be manually updated. GHES customers are not impacted by this change.

githubGitHub Changelog·13 Mar