DevOps Platform Updates
scanned 88d ago6Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.
GitHub Adds AI-Powered Vulnerability Detection to Code Security
<cite index='3-1,3-5,3-6'>GitHub is introducing AI-powered security detections to expand application security coverage across more languages and frameworks, complementing CodeQL by surfacing potential vulnerabilities in areas difficult to support with traditional static analysis.</cite> <cite index='3-8,3-17'>The hybrid detection model processed over 170,000 findings in testing with 80% positive developer feedback.</cite>
AI Security Framework CAI Discovers Critical Vulnerabilities
<cite index='7-13,7-14'>CAI (Cybersecurity AI) discovered critical vulnerabilities in Ecoforest heat pumps allowing unauthorized remote access and potential catastrophic failures, revealing exposed credentials and DES encryption weaknesses.</cite> <cite index='7-8,7-9'>CAI is a lightweight, open-source framework for AI-powered security automation already used by thousands of users and hundreds of organizations.</cite>
GitLab 18.10 Expands AI Agent Platform to Free Tier
<cite index='14-2,14-3'>Organizations on GitLab.com free tier can now access GitLab Duo Agent Platform through GitLab Credits commitment, with agentic code reviews at flat $0.25 per review.</cite> <cite index='14-4,14-11'>Agentic false positive detection for security scanning is now generally available, using AI to automatically score and explain security findings.</cite>
Atlassian Patches High-Severity Confluence Command Injection Flaw
<cite index='32-4,32-5'>CVE-2025-64756 is a high-severity OS Command Injection vulnerability in Confluence Data Center and Server that allows authenticated attackers to gain access and execute arbitrary commands.</cite> <cite index='32-6'>Fixed versions include Jira Data Center 11.3.3 (LTS) and 10.3.18 (LTS), with firewall rules recommended as temporary mitigation.</cite>
Azure DevOps Temporarily Rolls Back Advanced Security API Restrictions
<cite index='23-4,23-5,23-6'>Azure DevOps restricted API access for build service identities as a security improvement but is temporarily rolling it back due to customer impact on existing automations.</cite> <cite index='23-7,23-18'>The restriction will be re-enforced on April 15, 2026, with service principals recommended for Advanced Security API access.</cite>
AI-Powered Security Testing Agents Show High Vulnerability Discovery Rate
<cite index='9-1,9-4,9-6'>GitHub Security Lab Taskflow Agent is effective at finding Auth Bypasses, IDORs, and Token Leaks in open source projects, with uniformly high severity vulnerabilities reported.</cite> <cite index='9-10,9-15'>The taskflows uncovered authorization logic bugs in multiple ecommerce applications that had been undiscovered for years.</cite>