DevOps Platform Updates
scanned 80d ago6Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.
GitLab Duo Agent Platform Reaches GA with Security Analyst Agent
GitLab 18.8 launched the Duo Agent Platform to general availability, featuring a Security Analyst Agent that automates vulnerability analysis and triaging using natural language. The platform includes AI-powered false positive detection for secret scanning and auto-dismisses vulnerabilities that don't apply to organizations, reducing noise for developers.
Bitbucket OAuth and Token Authentication Overhaul Set for May 2026
Atlassian announced major OAuth 2.0 and API authentication changes for Bitbucket Cloud taking effect May 4, 2026. Changes include deprecating client credentials refresh tokens, implementing rotating refresh tokens, and restricting OAuth consumer workspace access. Additionally, app passwords will be deprecated June 9, 2026, with migration to API tokens required.
Atlassian Backup and Restore API Now Available in Open Beta
Atlassian launched an API for their new Backup and Restore experience, enabling programmatic backup and restore operations across Jira, Confluence, Jira Service Management, and Jira Product Discovery. The API supports integration with enterprise change management processes and compliance workflows. Open beta participants can use it free until mid-April 2026.
Docker CVE-2026-34040 Enables AuthZ Bypass via Padded Requests
A high-severity vulnerability (CVSS 8.8) in Docker Engine allows attackers to bypass authorization plugins using specially-crafted oversized HTTP requests. The flaw stems from an incomplete fix for a previous maximum-severity bug. Attackers can create privileged containers with host filesystem access using a single padded HTTP request. Fixed in Docker Engine 29.3.1.
Azure DevOps GitHub Advanced Security Splits into Standalone Products
Microsoft announced GitHub Secret Protection and GitHub Code Security are now available as standalone products in Azure DevOps Sprint 257. Secret Protection provides secret scanning and push protection, while Code Security covers dependency and code scanning. This unbundles the previous Advanced Security offering for more flexible licensing.
Atlassian Enhances Data Security Policies to Block File Downloads
Atlassian extended data security policies to block downloading of files attached to Confluence and Jira, not just data exports. The change affects organizations with existing data export rules configured to block exports. This strengthens data loss prevention capabilities for organizations using Atlassian Guard Standard.