DevOps Platform Updates
scanned 97d ago7Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.
GitHub Secret Scanning Adds 28 New Patterns Across 15 Providers
GitHub expanded secret scanning with 28 new detectors and push protection for 39 token types on March 10, 2026. Vercel, Lark, Supabase, and other major providers now have enhanced security coverage. Extended metadata provides owner details, creation dates, and expiry information for leaked secrets.
Azure DevOps Server Critical Patch Addresses Group Membership Bug
Microsoft released a patch on March 13, 2026, to fix a critical issue in Azure DevOps Server that could cause group memberships to become deactivated under certain conditions. Downloads were temporarily suspended, and organizations must apply SQL mitigation scripts to prevent further impact.
Microsoft Defender Integrates with GitHub Advanced Security
Microsoft released a comprehensive guide on March 24, 2026, for integrating Defender for Cloud with GitHub Advanced Security. The shift-left plus shield-right approach provides end-to-end DevSecOps security from code to cloud, addressing the acceleration of cloud adoption and DevOps transformation.
GitLab Patches Critical Vulnerabilities in CI/CD Cache System
GitLab addressed six vulnerabilities across versions 18.6.1, 18.5.3, and 18.4.5 with CVE-2024-9183 being the most critical (CVSS 7.7). This race condition allows authenticated users to steal credentials from higher-privileged accounts. All self-managed installations require immediate upgrades.
Atlassian Expands Data Export Rules to Block File Downloads
Atlassian cloud platforms extended data security policies on March 16, 2026, to block downloading of files attached to Confluence and Jira. The change affects attachment lists, macros, and file previews. Organizations can now control external user email and notification visibility.
Bitbucket Data Center 10.2 LTS Released with Enhanced Jira Integration
Atlassian announced Bitbucket Data Center 10.2 as the new Long Term Support release on March 3, 2026. Features include enhanced Jira Cloud integration with historical developer information updates and critical security, stability, and performance fixes.
StepSecurity Reports Major GitHub Actions Compromises
StepSecurity documented critical CI/CD vulnerabilities in March 2026, including the Xygeni GitHub Action compromise on March 3 and kubernetes-el package exploit on March 5. These Pwn Request attacks highlight systematic targeting of GitHub Actions workflows and the need for enhanced CI/CD security measures.