DevOps Pulse

GitLab patched critical CVE-2026-5173 websocket vulnerability

allowing authenticated attackers to bypass access controls, while GitHub's AI security enhancements and Actions 2026 roadmap strengthen supply chain defense. GitProtect launched Azure DevOps artifacts protection in v2.1.0, positioning itself as the most comprehensive DevOps backup solution directly competing with Veeam's fragmented coverage. Multiple supply chain attacks exploited AI development ecosystems, with 1000+ SaaS environments compromised via DevOps tools. The PM team should prioritize competitive response to GitProtect's unified platform expansion while monitoring escalating AI-assisted attack patterns.

Signals
27
Sections
5/5
Threats
7
Fresh
13
Updated
79d ago
Show

DevOps Platform Updates

scanned 79d ago5

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

GitLab Critical Security Update Fixes Websocket Vulnerability CVE-2026-5173

GitLab released urgent security patches (versions 18.10.3, 18.9.5, 18.8.9) addressing 12 vulnerabilities including a high-severity websocket connection flaw that allows authenticated attackers to bypass access controls and invoke unintended server-side methods. The update also fixes multiple DoS vulnerabilities in Terraform and GraphQL APIs.

gitlabThe Cyber Express·10 AprRecent

GitHub Actions 2026 Security Roadmap Introduces Dependency Determinism

GitHub announced major GitHub Actions security enhancements including deterministic dependency resolution with SHA-locked commits, centralized policy controls, and secure-by-default configurations. The roadmap addresses supply chain attacks targeting CI/CD automation with new workflow YAML dependency sections and actor rules.

githubGitHub Blog·8 AprNEW

GitHub AI-Powered Security Detections Expand Language Coverage

GitHub Code Security now includes AI-powered security detections alongside CodeQL to identify vulnerabilities in languages traditionally difficult for static analysis. Early Q2 public preview covers Shell/Bash, Dockerfiles, Terraform configurations, and PHP with 80% positive developer feedback in internal testing.

githubGitHub Blog·23 Mar

AI Supply Chain Attack Targets GitHub via Malicious Pull Requests

Security analysts detected an AI-assisted supply chain attack codenamed 'prt-scan' that exploited misconfigured GitHub repositories through 475+ malicious pull requests containing credential-stealing payloads. The attack highlights emerging threats from AI-enhanced social engineering targeting open-source projects.

githubMean CEO Blog·9 AprNEW

Azure DevOps March 2026 Strengthens Enterprise Governance

Azure DevOps March 2026 update focuses on identity governance, audit logs, and SDLC traceability for compliance. Enhanced Microsoft Entra ID integration, object-level permissions, and secure integration guidance improve DevSecOps security administration and pipeline standardization for enterprise delivery.

azure-devopsMerito·10 AprRecent