DevOps Pulse

GitHub shipped mandatory secret scanning for AI agents and 2FA requirements for organization owners

creating urgency for teams without backup plans for locked-out accounts. TeamPCP supply chain attacks harvested credentials from 6,943 developer machines including 59% CI/CD runners, while AI-generated vulnerabilities surged to 35 CVEs per month. Veeam positioned itself as 'The Data and AI Trust Company' with ninth consecutive Gartner leadership recognition, as competitors HYCU and GitProtect expand DevOps coverage. The PM team should prioritize competitive response to GitProtect's unified platform expansion while monitoring escalating AI-assisted attack patterns.

Signals
32
Sections
5/5
Threats
7
Fresh
18
Updated
78d ago
Show

DevOps Platform Updates

scanned 78d ago5

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

GitHub Actions 2026 Security Roadmap: Secure-by-Default CI/CD

<cite index="1-19,1-29">GitHub unveiled its 2026 Actions security roadmap focusing on secure-by-default automation and enterprise-grade endpoint protections including native egress firewalls.</cite> <cite index="1-3,1-4">Key changes separate code contributions from credential management, requiring dedicated permissions for secret access beyond write access.</cite> The initiative directly addresses rising CI/CD supply chain attacks targeting automation infrastructure.

githubGitHub Blog·1 AprRecent

Azure DevOps March 2026: Enterprise Governance and PAT Restrictions

<cite index="22-3,22-8">Azure DevOps March 2026 update strengthens enterprise governance with new identity control, audit logs, and SDLC reporting features.</cite> <cite index="3-4,3-5">A new organization-level policy restricts personal access token (PAT) creation to authorized users only, reducing token sprawl and improving security.</cite> Microsoft also announced OAuth app cleanup ahead of the 2026 end-of-life transition.

azure-devopsMerito·10 AprNEW

GitLab Duo Agent Platform Reaches General Availability

<cite index="12-18,12-21">GitLab 18.8 brings the Duo Agent Platform to general availability, enabling organizations to orchestrate AI agents across the entire development lifecycle.</cite> <cite index="11-5,11-12">New AI-powered false positive detection for secret scanning analyzes findings before developers see them, identifying test credentials with confidence scores.</cite> The platform addresses AI productivity bottlenecks in code review and security triage.

gitlabInfoQ·19 Jan

Atlassian Confluence Launches Visual AI Tools and Third-Party Agents

<cite index="36-9,36-11">Atlassian announced visual tool Remix in open beta, allowing enterprises to turn Confluence data into charts and graphics without opening other applications.</cite> <cite index="32-13,32-14">New partner agents operate within existing access controls and require user review before publishing, maintaining security boundaries.</cite> The initiative represents Atlassian's shift toward embedding AI directly into existing workflows rather than separate platforms.

confluenceTechCrunch·8 AprNEW

AI-Powered Supply Chain Attacks Target GitHub Repositories

<cite index="6-7,6-8">Security analysts reported an AI-assisted supply chain attack codenamed 'prt-scan' that deployed over 475 malicious pull requests targeting misconfigured GitHub repositories.</cite> <cite index="40-9,40-15">Researchers warn that AI-enabled developer tools are shifting threat models beyond running untrusted code to opening untrusted projects.</cite> This highlights growing security risks as AI agents gain autonomous execution capabilities in development environments.

githubMean CEO Blog·9 AprNEW