DevOps Platform Updates
scanned 79d ago5Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.
GitLab Critical Security Update Fixes Websocket Vulnerability CVE-2026-5173
GitLab released urgent security patches (versions 18.10.3, 18.9.5, 18.8.9) addressing 12 vulnerabilities including a high-severity websocket connection flaw that allows authenticated attackers to bypass access controls and invoke unintended server-side methods. The update also fixes multiple DoS vulnerabilities in Terraform and GraphQL APIs.
GitHub Actions 2026 Security Roadmap Introduces Dependency Determinism
GitHub announced major GitHub Actions security enhancements including deterministic dependency resolution with SHA-locked commits, centralized policy controls, and secure-by-default configurations. The roadmap addresses supply chain attacks targeting CI/CD automation with new workflow YAML dependency sections and actor rules.
GitHub AI-Powered Security Detections Expand Language Coverage
GitHub Code Security now includes AI-powered security detections alongside CodeQL to identify vulnerabilities in languages traditionally difficult for static analysis. Early Q2 public preview covers Shell/Bash, Dockerfiles, Terraform configurations, and PHP with 80% positive developer feedback in internal testing.
AI Supply Chain Attack Targets GitHub via Malicious Pull Requests
Security analysts detected an AI-assisted supply chain attack codenamed 'prt-scan' that exploited misconfigured GitHub repositories through 475+ malicious pull requests containing credential-stealing payloads. The attack highlights emerging threats from AI-enhanced social engineering targeting open-source projects.
Azure DevOps March 2026 Strengthens Enterprise Governance
Azure DevOps March 2026 update focuses on identity governance, audit logs, and SDLC traceability for compliance. Enhanced Microsoft Entra ID integration, object-level permissions, and secure integration guidance improve DevSecOps security administration and pipeline standardization for enterprise delivery.