DevOps Pulse

GitHub ships AI-powered security detections expanding

CodeQL coverage while preparing to train AI models on Copilot interactions starting April 24. Atlassian patched 21 high-severity vulnerabilities including critical Jira path traversal flaws that enable command execution. GitProtect launched enhanced backup window management features, strengthening their DevOps protection leadership as OneDrive ransomware attacks bypass version history, leaving third-party backups as the only recovery path. DORA compliance deadlines drive €10 million penalty exposure for organizations lacking real-time data protection.

Signals
34
Sections
5/5
Threats
9
Fresh
15
Updated
96d ago
Show

DevOps Platform Updates

scanned 97d ago6

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

GitHub Introduces AI-Powered Security Detections in Code Security

<cite index="13-6,13-7">GitHub is introducing AI-powered security detections in GitHub Code Security to expand application security coverage across more languages and frameworks. These detections complement CodeQL by surfacing potential vulnerabilities in areas that are difficult to support with traditional static analysis alone.</cite> <cite index="13-10">It has fixed more than 460,000 security alerts in 2025, reaching resolution in 0.66 hours on average compared to 1.29 hours without Autofix.</cite>

githubGitHub Blog·23 MarNEW

GitHub Updates Copilot Usage Policy for Training Data

<cite index="15-1,15-15,15-16">In an update to the GitHub Copilot usage policy, interactions with the AI tool will be used to train AI models beginning on April 24, 2026. From April 24 onward, interaction data—specifically inputs, outputs, code snippets, and associated context—from Copilot Free, Pro, and Pro+ users will be used to train and improve our AI models unless they opt out. Copilot Business and Copilot Enterprise users are not affected by this update.</cite>

githubWindows Central·25 MarNEW

Atlassian Security Bulletin Addresses 21 High-Severity Vulnerabilities

<cite index="32-4,32-5">The vulnerabilities reported in this Security Bulletin include 21 high-severity vulnerabilities which have been fixed in new versions of our products, released in the last month. These vulnerabilities are discovered via our Bug Bounty program, pen-testing processes, and third-party library scans.</cite> <cite index="31-3,31-4,31-5,31-6">ISO is also aware of multiple high-severity vulnerabilities that affect Jira Data Center and Server. These vulnerabilities include path traversal, file overwrite, and denial of service. These vulnerabilities could allow an attacker to gain knowledge of file system layout, and potentially replace existing files or execute arbitrary files. These vulnerabilities could allow command execution and data disclosure to unauthorized users, as well as system downtime.</cite>

jiraAtlassian Support·17 MarRecent

Azure DevOps Server Releases Security Patch

<cite index="23-1,23-2,23-3">Update March 13, 2026: We have released a patch that resolves the issue introduced in the original Azure DevOps Server release that, under certain conditions, could cause group memberships to become deactivated. Update February 25, 2026: We have identified an issue affecting Azure DevOps Server that, in certain scenarios, may result in group memberships becoming deactivated. We are actively investigating the root cause and working on a permanent fix.</cite>

azure-devopsAzure DevOps Blog·13 Mar

Atlassian Backup Manager APIs Deprecated March 2026

<cite index="38-2">Effective March 30, 2026, Atlassian will deprecate the use of the following Backup Manager API's: Import APIs • /rest/backup/{version}/import/progress/validation/{id} • /rest/backup/{version}/import/result/validation/{id} • /rest/backup/{version}/import/import/{id} • /rest/backup/{version}/import/validate/{id}/{id} • /rest/backup/{version}/import/upload/properties • /rest/backup/{version}/import/attachments/{mediaFile}/{localFile} Export APIs • /rest/backup/1/export/runbackup • /rest/backup/1/export/lastTaskId • /rest/backup/1/export/getProgress</cite> <cite index="36-1,36-2">The new backup and restore system is currently being rolled out for customers on the Enterprise plan through a beta program. At this time, it is not generally available for Jira Software (Cloud Standard) plans.</cite>

jiraGitHub Issue·30 Sept

Atlassian Updates Cloud Security Requirements for AI

<cite index="33-14,33-15">We are introducing baseline security requirements for Atlassian Government Cloud (AGC) apps, which will take effect on Mar 31, 2026. We're also publishing our annual update to the general Cloud App Security Requirements for 2026, which includes new provisions for AI security, data protection, and supply chain security.</cite> <cite index="33-20,33-21">Atlassian Connect will reach end of support in December 2026. Migrate to Atlassian Forge for a more robust Events model.</cite>

jiraJira Cloud Platform changelog·17 Feb