DevOps Platform Updates
scanned 96d ago7Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.
GitHub Actions 2026 Security Roadmap Shifts to Secure-by-Default
GitHub announced a comprehensive security roadmap for Actions focusing on deterministic dependencies through SHA-locked workflow YAML sections, centralized policy controls for actor rules and event permissions, and supply chain hardening. The roadmap addresses recent CI/CD supply chain attacks targeting projects like tj-actions and introduces fail-fast verification for hash mismatches.
GitHub Expands Code Security with AI-Powered Vulnerability Detection
GitHub introduced AI-powered security detections in Code Security to complement CodeQL with broader language and framework coverage including Shell, Dockerfiles, and Terraform. The hybrid detection model processed over 170,000 findings in testing with 80% positive developer feedback. Public preview expected in early Q2 2026.
GitHub Secret Scanning Now Integrated with AI Coding Agents
GitHub released secret scanning capabilities for AI coding agents via the MCP Server, enabling real-time credential leak detection while developers write code. The feature is in public preview for repositories with GitHub Secret Protection enabled and works with MCP-compatible IDEs and AI coding environments.
GitLab 18.10 Makes Agentic AI More Affordable at Scale
GitLab reduced agentic code review costs to $0.25 per review and launched GitLab Credits dashboard for AI activity monitoring. Agentic false positive detection for security scanning reached general availability within the Duo Agent Platform, helping reduce alert fatigue and accelerate remediation workflows.
Bitbucket Pipelines Introduces Free and Premium Runner Tiers
Atlassian announced new operating model for self-hosted runners effective June 3, 2026, with free tier supporting up to 100 runners per workspace and premium tier providing customer support plus included runners based on workspace tier. The change includes system updates, patches, and security fixes.
Atlassian Patches 21 High-Severity Vulnerabilities in March Security Bulletin
Atlassian's March 17, 2026 security bulletin addresses 21 high-severity vulnerabilities across Jira and Confluence Data Center and Server products, including path traversal, file overwrite, and denial of service flaws that could enable command execution and data disclosure. Cloud-hosted products remain unaffected.
Atlassian Enforces Points-Based API Rate Limits Starting March 2026
Atlassian began phased enforcement of points-based quota rate limits for Jira and Confluence Cloud REST APIs on March 2, 2026. The rollout affects Forge, Connect, and OAuth 2.0 apps with gradual expansion over several weeks, while API token-based traffic remains unaffected.