DevOps Pulse

GitHub unveiled a comprehensive 2026 security roadmap

targeting supply chain attacks with deterministic dependency locking, while LiteLLM suffered a massive breach affecting 95+ million monthly downloads through compromised Trivy actions. Veeam earned recognition as 2026 Gartner Peer Insights Customers' Choice with 4.8/5 rating, marking nine consecutive years as Magic Quadrant Leader. GitProtect expanded DevOps coverage with granular Jira backup and Azure DevOps Artifacts support, directly challenging Veeam's unified platform approach with specialized DevOps protection capabilities.

Signals
35
Sections
5/5
Threats
7
Fresh
11
Updated
89d ago
Show

DevOps Platform Updates

scanned 89d ago8

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

GitHub Actions 2026 Security Roadmap Targets Supply Chain

GitHub unveiled a comprehensive 2026 roadmap to harden Actions against supply chain attacks, introducing deterministic dependency locking, centralized policy controls, and enhanced observability. The platform shifts toward secure-by-default behavior following recent incidents targeting tj-actions, Nx, and trivy-action. Features enter public preview within 3-6 months.

githubGitHub Blog·30 MarRecent

LiteLLM Supply Chain Attack Exposes AI Pipeline Vulnerabilities

TeamPCP compromised LiteLLM PyPI packages via GitHub Actions, affecting 95+ million monthly downloads. The attack leveraged a Trivy vulnerability to steal PyPI credentials and distribute credential-harvesting malware. This highlights critical security gaps in AI-powered DevOps toolchains.

githubSnyk·29 MarRecent

GitLab Patches Critical XSS and DoS Vulnerabilities

GitLab released emergency patches addressing high-severity flaws including CVE-2026-1090 (XSS in Markdown) and CVE-2026-1069 (GraphQL DoS). The updates affect versions 18.9.2, 18.8.6, and 18.7.6 for both Community and Enterprise editions. All self-hosted users urged to upgrade immediately.

gitlabSecurity Online·11 MarRecent

Azure DevOps Server Critical Group Membership Bug Fixed

Microsoft released a patch resolving Azure DevOps Server issues that could deactivate group memberships. The company temporarily removed download links while investigating root causes and provided SQL mitigation scripts. Full remediation requires upgrading to the March 13 patched release.

azure-devopsMicrosoft DevBlogs·13 Mar

Atlassian Security Bulletin Addresses 21 High-Severity Issues

Atlassian released patches for 21 high-severity vulnerabilities across Bitbucket, Confluence, and Jira platforms in March 2026. The vulnerabilities include path traversal, file overwrite, and denial of service issues that could enable command execution and data disclosure. Patches cover both Data Center and Server editions.

jiraAtlassian Security·17 Mar

World Backup Day 2026 Emphasizes AI Data Protection

Industry experts highlight growing importance of protecting AI workloads, with 91% of organizations backing up production AI data. The shift toward immutable storage, air-gapped environments, and AI-led recovery orchestration reflects new enterprise data resilience requirements beyond traditional backup approaches.

confluenceTechRadar Pro·31 Mar

Trivy Security Scanner GitHub Actions Breached

Security researchers discovered that Trivy's GitHub Actions were compromised, with 75 tags hijacked to steal CI/CD secrets. The breach enabled data theft and persistence across developer systems, forcing Aqua Security to remove compromised releases. This attack preceded the LiteLLM supply chain incident.

githubThe Hacker News·26 Mar

Azure DevOps Services Experience Multi-Region Outages

Azure DevOps faced significant service disruptions in early March 2026, with agents showing offline and Personal Access Token portal errors. The outages affected multiple regions and were later resolved, highlighting infrastructure resilience challenges for Microsoft's DevOps platform.

azure-devopsMicrosoft Q&A·2 Mar