DevOps Pulse

GitLab patched critical CI/CD vulnerabilities including

CVE-2024-9183 race condition enabling credential theft from higher-privileged accounts. StepSecurity documented systematic Pwn Request attacks targeting GitHub Actions workflows with Xygeni compromise and kubernetes-el package exploit. DevOps SaaS downtime costs surged 69% year-over-year with 156 critical incidents totaling 9,255 hours degradation versus 4,755 hours in 2024. Veeam launched Agent Commander for AI risk management, directly challenging Data Command Center by converging data resilience with AI risk intelligence.

Signals
34
Sections
5/5
Threats
7
Fresh
12
Updated
97d ago
Show

DevOps Platform Updates

scanned 97d ago7

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

GitHub Secret Scanning Adds 28 New Patterns Across 15 Providers

GitHub expanded secret scanning with 28 new detectors and push protection for 39 token types on March 10, 2026. Vercel, Lark, Supabase, and other major providers now have enhanced security coverage. Extended metadata provides owner details, creation dates, and expiry information for leaked secrets.

githubBuildMVPFast Blog·18 MarRecent

Azure DevOps Server Critical Patch Addresses Group Membership Bug

Microsoft released a patch on March 13, 2026, to fix a critical issue in Azure DevOps Server that could cause group memberships to become deactivated under certain conditions. Downloads were temporarily suspended, and organizations must apply SQL mitigation scripts to prevent further impact.

azure-devopsAzure DevOps Blog·13 MarRecent

Microsoft Defender Integrates with GitHub Advanced Security

Microsoft released a comprehensive guide on March 24, 2026, for integrating Defender for Cloud with GitHub Advanced Security. The shift-left plus shield-right approach provides end-to-end DevSecOps security from code to cloud, addressing the acceleration of cloud adoption and DevOps transformation.

azure-devopsAzure Garage·24 MarNEW

GitLab Patches Critical Vulnerabilities in CI/CD Cache System

GitLab addressed six vulnerabilities across versions 18.6.1, 18.5.3, and 18.4.5 with CVE-2024-9183 being the most critical (CVSS 7.7). This race condition allows authenticated users to steal credentials from higher-privileged accounts. All self-managed installations require immediate upgrades.

gitlabCyberPress·24 MarNEW

Atlassian Expands Data Export Rules to Block File Downloads

Atlassian cloud platforms extended data security policies on March 16, 2026, to block downloading of files attached to Confluence and Jira. The change affects attachment lists, macros, and file previews. Organizations can now control external user email and notification visibility.

confluenceAtlassian Cloud Blog·16 MarRecent

Bitbucket Data Center 10.2 LTS Released with Enhanced Jira Integration

Atlassian announced Bitbucket Data Center 10.2 as the new Long Term Support release on March 3, 2026. Features include enhanced Jira Cloud integration with historical developer information updates and critical security, stability, and performance fixes.

bitbucketAtlassian Community·3 Mar

StepSecurity Reports Major GitHub Actions Compromises

StepSecurity documented critical CI/CD vulnerabilities in March 2026, including the Xygeni GitHub Action compromise on March 3 and kubernetes-el package exploit on March 5. These Pwn Request attacks highlight systematic targeting of GitHub Actions workflows and the need for enhanced CI/CD security measures.

githubStepSecurity Blog·5 Mar