DevOps Pulse

GitHub launched mandatory secure-by-default Actions

roadmap requiring SHA-locked workflows to prevent supply chain attacks like those hitting tj-actions and security tools including Trivy. Atlassian patched 21 high-severity vulnerabilities including path traversal flaws enabling command execution in Jira Data Center. GitProtect shipped Jira Granular Backup v2.1.0 with Azure DevOps Artifacts protection, directly competing with Veeam's DevOps strategy. AI coding agents generate vulnerabilities in 87% of pull requests with broken access control as the universal failure, creating new attack surfaces requiring specialized backup solutions.

Signals
33
Sections
5/5
Threats
7
Fresh
15
Updated
95d ago
Show

DevOps Platform Updates

scanned 96d ago7

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

GitHub Actions 2026 Security Roadmap Shifts to Secure-by-Default

GitHub announced a comprehensive security roadmap for Actions focusing on deterministic dependencies through SHA-locked workflow YAML sections, centralized policy controls for actor rules and event permissions, and supply chain hardening. The roadmap addresses recent CI/CD supply chain attacks targeting projects like tj-actions and introduces fail-fast verification for hash mismatches.

githubGitHub Blog·26 MarNEW

GitHub Expands Code Security with AI-Powered Vulnerability Detection

GitHub introduced AI-powered security detections in Code Security to complement CodeQL with broader language and framework coverage including Shell, Dockerfiles, and Terraform. The hybrid detection model processed over 170,000 findings in testing with 80% positive developer feedback. Public preview expected in early Q2 2026.

githubGitHub Blog·23 MarRecent

GitHub Secret Scanning Now Integrated with AI Coding Agents

GitHub released secret scanning capabilities for AI coding agents via the MCP Server, enabling real-time credential leak detection while developers write code. The feature is in public preview for repositories with GitHub Secret Protection enabled and works with MCP-compatible IDEs and AI coding environments.

githubGitHub Changelog·17 MarRecent

GitLab 18.10 Makes Agentic AI More Affordable at Scale

GitLab reduced agentic code review costs to $0.25 per review and launched GitLab Credits dashboard for AI activity monitoring. Agentic false positive detection for security scanning reached general availability within the Duo Agent Platform, helping reduce alert fatigue and accelerate remediation workflows.

gitlabBusiness Wire·19 Mar

Bitbucket Pipelines Introduces Free and Premium Runner Tiers

Atlassian announced new operating model for self-hosted runners effective June 3, 2026, with free tier supporting up to 100 runners per workspace and premium tier providing customer support plus included runners based on workspace tier. The change includes system updates, patches, and security fixes.

bitbucketWork Life by Atlassian·26 MarNEW

Atlassian Patches 21 High-Severity Vulnerabilities in March Security Bulletin

Atlassian's March 17, 2026 security bulletin addresses 21 high-severity vulnerabilities across Jira and Confluence Data Center and Server products, including path traversal, file overwrite, and denial of service flaws that could enable command execution and data disclosure. Cloud-hosted products remain unaffected.

jiraAtlassian Security Bulletin·17 MarRecent

Atlassian Enforces Points-Based API Rate Limits Starting March 2026

Atlassian began phased enforcement of points-based quota rate limits for Jira and Confluence Cloud REST APIs on March 2, 2026. The rollout affects Forge, Connect, and OAuth 2.0 apps with gradual expansion over several weeks, while API token-based traffic remains unaffected.

jiraJira Cloud Platform Changelog·2 Mar